Control: tag -1 + security I think this problem (having $HOME world-readable by default) should really be fixed... In installations sharing $HOME between multiple users this means private data of all sorts (medical records, unpublished scientific articles, exam results, ...) can be accessed by /all/ users by default. This seems a really bad idea.
Dear security team, should such issues get a CVE id? If one follows the link from [1], one should contact the Debian security team to assign one (even though [1] says Debian won't assign one?). Ansgar [1] https://www.debian.org/security/faq#cveget
