Hi, On Thu, 01 Feb 2018, Daniel Kahn Gillmor wrote: > "chown -R" and "chmod -R" are very hard to use safely
Why ? > some debian maintainer scripts might be tempted to use them to adjust > file ownership to specific users. however, those scripts are > vulnerable to attack on kernels that do not have > fs.protected_hardlinks=1. Only if someone has write access to the directories where chown/chmod are called... which is generally not the cases for directories that are modified by maintainer scripts (/var/log/foo, /var/lib/foo). I'm sorry but this tag is going to generate lots of noise and unhappiness among maintainers because: 1/ you do not suggest any alternative (how do I fix change permissions/ownership securely?) 2/ you do not tell them how to ensure that their case is safe or not and whether they should just override the tag or not. 3/ I expect the false-positive ratio to be very high Chris, as a lintian maintainer, I would expect you to ensure that any tag has actionable data and looking at the commit, clearly this one doesn't have any. There's no indication on how to go forward to fix this tag. Please try to be a bit more restrictive in what new tags you are accepting. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/