Re: [lintian] app-defaults mode 444
"fpolacco" == fpolacco <fpolacco@icenet.fi> writes:
>> On Sun, 15 Feb 1998 fpolacco@icenet.fi wrote:
>> > Therefore I think that it is better to leave them mode 444 so a user
>> > (educated by Slackware) will find little more difficult to modify them
>> > (mode 444 should make him think that that file shouldn't be modifyed)
> Our policy already say "don't edit that file"; leaving it mode 444 is a
> way to assert the current policy.
Actually:
[From Policy Manual 2.4.0.0 Section 3.3.8]
| The rules in this section are guidelines for general use. If necessary
| you may deviate from the details below. However, if you do so you must
| make sure that what is done is secure and you must try to be as
| consistent as possible with the rest of the system. You should
| probably also discuss it on debian-devel first.
| Files should be owned by root.root, and made writable only by the
| owner and universally readable (and executable, if appropriate).
I think we might add a clause like so:
In some cases, packagers may wish to indicate explicitly that the
file is not meant for writing, and therefore set the file to be
non-writable even for the owner (i.e., mode 0444). An example of
this are the files in /usr/X11R6/lib/X11/app-defaults.
Kinda a hair-splitter here though.
.....A. P. Harris...apharris@onShore.com...<URL:http://www.onShore.com/>
Reply to: