Re: Upload of dtc-xen 0.5.13-1+squeeze1 in squeeze-proposed-updates
Hi Adam,
Are you a new member of the release team? If so, then I'm happy there
are much needed new members! :)
On 08/04/2011 02:55 AM, Adam D. Barratt wrote:
> On Tue, 2011-07-26 at 21:25 +0200, Thomas Goirand wrote:
>> Since the beginning, dtc-xen is generating SSL keys with openssl for
>> it's SOAP server. To have the keys using the correct Unix right, I used
>> umask before calling openssl. Unfortunately, later on (years later), I
>> added a chmod 644 /etc/dtc-xen/*, which unfortunately, destroyed
>> previous use of umask, and then now the keys are world readable.
> [...]
>> -chmod 644 ${DTCXEN_ETCPATH}/*
>> chmod 600 ${DTCXEN_ETCPATH}/dtc-xen.conf
>> +chmod 600 /etc/dtc-xen/dtc-xen.cert.cert /etc/dtc-xen/dtc-xen.cert.csr
>> /etc/dtc-xen/dtc-xen.cert.key
>
> Hmmm, should the new chmod be using ${DTCXEN_ETCPATH} here?
>
> Regards,
>
> Adam
Right, it would look better. But does this differs the decision of the
release team, just on aesthetics of the patch? Shouldn't I have an
urgent answer to this one, which is close be granted a security update?
If that's the only remark that I'll get, then I consider it fine... :)
Thomas Goirand (zigo)
Reply to: