[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UPG and the default umask


> Some people proposed complex code to determine whether UPG was in use
> for system users. Such thing would be an "exception to the exception"
> and as such I think it would be a bad thing, as it would make things
> a lot more complex without any real gain.

The gain would be a guard against accidental 002 umasks in non-UPG 
environments, which I'm quite sure will happen. Either because admins do not 
read the release notes or because they forget to do the change on one of 
their newly-installed machines despite reading the release notes. 

On the other hand, other distributions already use default 002 umask 
unconditionally and I'm not aware of any complaints. So admins in non-UPG 
environments using these distros seem to be able to cope with it. 

However, there might be stronger expectations about Debian's default 
security-related settings, which might explain the harsh wordings chosen by 
some opponents of this change.


Reply to: