Re: UPG and the default umask

To: debian-devel@lists.debian.org
Subject: Re: UPG and the default umask
From: Michael Banck <mbanck@debian.org>
Date: Thu, 20 May 2010 16:24:16 +0200
Message-id: <[🔎] 20100520142416.GB22103@nighthawk.chemicalconnection.dyndns.org>
In-reply-to: <[🔎] 7f276af2e79987201aa98eaecb317480@imap.dd24.net>
References: <[🔎] 87pr0vg07c.fsf@windlord.stanford.edu> <[🔎] alpine.DEB.1.10.1005170103200.6247@kolmogorov.unex.es> <[🔎] 84d3wvj7e5.fsf@sauna.l.org> <[🔎] alpine.DEB.1.10.1005171419450.12903@kolmogorov.unex.es> <[🔎] 844oi6k7x6.fsf@sauna.l.org> <[🔎] alpine.DEB.1.10.1005191903510.17907@cantor.unex.es> <[🔎] ht1j0f$m8o$1@dough.gmane.org> <[🔎] 39a6ceb8f92bb5718dc558d118c572bf@imap.dd24.net> <[🔎] 4BF4567C.7050202@gmail.com> <[🔎] 7f276af2e79987201aa98eaecb317480@imap.dd24.net>

On Wed, May 19, 2010 at 09:48:41PM +0000, Christoph Anton Mitterer wrote:
> On Wed, 19 May 2010 15:22:04 -0600, Aaron Toponce
> <aaron.toponce@gmail.com>
> wrote:
> > You've only mentioned that SSH won't operate if the write bit is set on
> > the keys or anything under the ~/.ssh/ directory. Can you explain how an
> > ssh client failing to connect to an external ssh server because of the
> > umask is compromising security on the system?
> 
> Simply read the mails and those from the other critics again, it's not
> only annoying for myself to repeat things over and over again but also for
> everybody else to read it again.
> Nevertheless just saying "everything's fine" or "you only complained about
> ssh" won't really solve the issues, but just help to wave these changes
> through.

The problem is that most of your mails started with "OMG Debian will
compromise security, you all suck" or a paraphrasing thereof, so most
people didn't bother to read your mails in full and never actually read
a reasonable argument why the default umask should not be changed for
UPG setups.


Michael

Reply to:

Follow-Ups:
- Re: UPG and the default umask
  - From: Mike Bird <mgb-debian@yosemite.net>

References:
- Re: UPG and the default umask
  - From: Russ Allbery <rra@debian.org>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Willi Mann <foss-ml@wm1.at>
- Re: UPG and the default umask
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Re: UPG and the default umask
Next by Date: Re: UPG and the default umask
Previous by thread: Re: UPG and the default umask
Next by thread: Re: UPG and the default umask
Index(es):
- Date
- Thread