On Mon, 2010-05-17 at 11:23 -0600, Aaron Toponce wrote: > You haven't shown any implementation that security will be compromised > in any way. You just keep throwing it around, which isn't doing anything > for the discussion. Uhm, no! If you need to change for example ssh, to allow an authorized_keys file or perhaps even things like ~/.ssh/id_rsa to be group-readable and/or writable you actively compromise security, at least for those systems which do not use (for whatever reason) UPG. I guess upstream haven't added that permissions checks just because life was so boring, but rather for some specific reason. In the case of authorized_keys, I assume, to prevent "social attacks".... if you know which people are allowed to access a machine, it's much easier to get their keys... Or do I understand the idea behind 581919 wrongly? Beset wishes, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature