On 05/15/2010 02:00 AM, Robert Klotzner wrote: > Also as far as I understood from a previous post, this change will only affect > new installations, not existing ones. So even if a user misunderstood the > concept and added other users to his private group, this change does not affect > him. If the change is documented in the release notes and in the installation > manual of squeeze, I do not see any problems. Of course you can assume that > the user does not read them and just does stupid things, but this is an > entirely different issue, you can never secure a system against mindless > administrators, no way. There are no security problems with this change, and you understand correctly- this will only be implemented on new installs. If the administrator is adding users to private groups, the it's the fault of the administrator making bad choices on the system, not the fault of Debian. > So I see your argument about not to be thought of side effects, but the concept > as such is proved already and the only harm could arise from systems where > users assume the old umask still to be in effect when they update to squeeze > and it will, so what is the problem? There isn't a problem. The ones starting this thread are reaching for straws trying to create a problem. Sure, we'll have some apps such as Mutt or SSH that might hiccup, and stuff like this is expected. Anytime a change is made on the system, bugs will arise. But fixing those bugs makes the system better than before the change was implemented. This is a net positive win for Debian, its administrators and all those who use it. -- . O . O . O . . O O . . . O . . . O . O O O . O . O O . . O O O O . O . . O O O O . O O O
Attachment:
signature.asc
Description: OpenPGP digital signature