Quoting Russ Allbery (rra@debian.org): > >> you must not understand how user-private groups work at all > > > Well I guess I do,... > > Given your complaints, actually, you don't appear to. Is there a mail in this thread that would explain all this? From your own words, it seems that most negative reactions aboutthis umask change come from people who misunderstand the concept of UPG. My own opinion about all this is to be somehow confident that people much more clever than me when it comes at security are involved in this and I'm perfectly OK when some people I trust write "002 umask with UPG is identical to 022 umask without UPG". Still, I would be able to explain this in case someone asks me such question in, say, a general talk about Debian where you sometimes find This Clever Guy Who Understood Everything (and of course never contributed to any free software work)....and who asks a question about "why did Debian change its default umask?" or "Why you guys didn't hang out this OpenSSL maintainer?". More generally speaking, this umask change probably deserves to be mentioned in the Release Notes....along with a good rationale about why, no, this isn't Debian giving up to years of being security-wise.
Attachment:
signature.asc
Description: Digital signature