Bug#299007: Insecure PATH in /root/.profile

To: 299007@bugs.debian.org
Subject: Bug#299007: Insecure PATH in /root/.profile
From: Russ Allbery <rra@debian.org>
Date: Fri, 06 Jun 2008 12:11:47 -0700
Message-id: <[🔎] 87wsl2s7ik.fsf@windlord.stanford.edu>
Reply-to: Russ Allbery <rra@debian.org>, 299007@bugs.debian.org

package debian-policy
user debian-policy@packages.debian.org
usertag 299007 ctte
thanks

This proposal asks that directories in /usr/local no longer be writable by
group staff.

There clearly was not consensus in this bug discussion for making this
change, but neither am I comfortable as a Policy delegate with simply
closing it, in part because those in favor of this change felt very
strongly about it and in part because Ubuntu has made a different decision
and implemented this change.  Debian need not follow Ubuntu, but where
Ubuntu has decided to diverge, we should look at their rationale and
consider it seriously.

I'm therefore going to delegate this decision to the tech-ctte under
points 1 and 3 of section 6.1 of the Debian Constitution.  I'm filing the
bug against tech-ctte now.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Prev by Date: Bug#284340: Please remove reference to UC in BSD license
Next by Date: Bug#295006: marked as done (debian-policy: Virtual package: change mp3-encoder with music-encoder)
Previous by thread: Processed: Re: Bug#284340: Please remove reference to UC in BSD license
Next by thread: Bug#484841: Should /usr/local be writable by group staff?
Index(es):
- Date
- Thread