Package: assword
Version: 0.7-1
Severity: normal

Given that assword only supports a single encryption key (at least
at the moment) and therefore is mostly a personal password store,
I think it should use a umask of 077 when writing the database file.
Yes, it's encrypted, so in theory it shouldn't matter that the
encrypted database is world-readable for someone with a umask of
022, but there doesn't seem to be any point in allowing anyone to
poke at it.

At the least, if the existing database is mode 0600, it would be
nice if that were preserved when updating the database.  Right now,
it isn't.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages assword depends on:
ii  python                2.7.5-5
ii  python-gpgme          0.2-3
ii  python-gtk2           2.24.0-3+b1
ii  python-pkg-resources  2.2-1

Versions of packages assword recommends:
ii  python-xdo  0.2-2
ii  xclip       0.12+svn84-4

assword suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to