Quoting Yohann Lepage (yohannlepage@2xyo.info): > Package: apt > Version: 0.7.23.1 > Severity: wishlist > > Hi, > > I filled the proxy configuration to install Debian. > After installation, the configuration of proxy is in /etc/apt.conf : > Acquire::http::Proxy "http://user:password@10.0.0.1:8080"; > > However the permissions of apt.conf is : > 188620-rw-r - r - 1 root root 68 oct 30 08:26 apt.conf > > The unencrypted proxy password in apt.conf is is readable by all users ! > > The rights on apt.conf should not they be more restrictive ? Or include the password in an other file with less rights ? Why not in a file in /etc/apt/apt.conf.d which you could set to 0600?
Attachment:
signature.asc
Description: Digital signature