Bug#167422: general: files in /usr/share should be world-readable

[Anthony Towns <aj@azure.humbug.org.au>]

On Sun, Nov 10, 2002 at 11:26:31AM -0800, Thomas Bushnell, BSG wrote:
> > /usr/share is not appropriate for that, as it is the OS's playground
> > (and I can't see any use for the OS installing secrets there). 
> > For site-specific secrets /usr/local/share is a better choice.
> "root users" is not somehow not the OS.  For example, root users store
> secrets in the shadow password files.
> I'm speaking of secrets that *OS* programs need to have, and which
> should be shared among cooperating machines.

That doesn't particularly make sense. If the "secret" is distributed
as part of Debian, it's not a secret -- anyone can buy their own copy
of Debian, pull apart the debs and find out what it is themselves quite
happily. So the secret has to vary between machines, which either makes
it configuration info that's site specific, in which case it should go
into /etc, or variable data maintained entirely by a program, in which
case it should go into /var, or completely site-specific in which case
it should go somewhere site-specific, like /home, /srv, /usr/local, etc.
The contents of /etc and /var are allowed to be shared amongst machines,
it's simply expected that which files get shared and how is more
complicated than for /usr, since they're much more site-specific.

For reference,

$ find /usr \! -perm -004
$

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

 ``If you don't do it now, you'll be one year older when you do.''