Re: UPG and the default umask
Hi!
> Some people proposed complex code to determine whether UPG was in use
> for system users. Such thing would be an "exception to the exception"
> and as such I think it would be a bad thing, as it would make things
> a lot more complex without any real gain.
The gain would be a guard against accidental 002 umasks in non-UPG
environments, which I'm quite sure will happen. Either because admins do not
read the release notes or because they forget to do the change on one of
their newly-installed machines despite reading the release notes.
On the other hand, other distributions already use default 002 umask
unconditionally and I'm not aware of any complaints. So admins in non-UPG
environments using these distros seem to be able to cope with it.
However, there might be stronger expectations about Debian's default
security-related settings, which might explain the harsh wordings chosen by
some opponents of this change.
WM
Reply to: