Bug#299007: base-files: Insecure PATH in /root/.profile
Bill,
Thank you for the explanations.
> One of the rules is that policy proposal are wishlist by definition.
Quite sensible: protect the policy-makers from blame and "litigation".
I guess that the couple of "normal" bugs listed under
http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=debian-policy
never followed instructions and never set severity.
> In no way installing the debian-policy package introduce a security
> hole, causes serious data loss or makes unrelated software on the
> system break.
Not the installation of the policy package, but the following of the
policy, prevents base-files from being secure. Is not the policy at
fault if it mandates insecure settings or actions?
Cheers,
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Reply to: