Package: assword Version: 0.7-1 Severity: normal Given that assword only supports a single encryption key (at least at the moment) and therefore is mostly a personal password store, I think it should use a umask of 077 when writing the database file. Yes, it's encrypted, so in theory it shouldn't matter that the encrypted database is world-readable for someone with a umask of 022, but there doesn't seem to be any point in allowing anyone to poke at it.
At the least, if the existing database is mode 0600, it would be nice if that were preserved when updating the database. Right now, it isn't. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.11-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages assword depends on: ii python 2.7.5-5 ii python-gpgme 0.2-3 ii python-gtk2 2.24.0-3+b1 ii python-pkg-resources 2.2-1 Versions of packages assword recommends: ii python-xdo 0.2-2 ii xclip 0.12+svn84-4 assword suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

