On Tue, 2007-05-22 at 18:09 +0200, Giovanni Mascellani wrote: > While having a look into /var/cache/apt, I noted that some files are > owned by root.root and others by giovanni.giovanni (my username). I > believe that apt-watch moves the .debs from its cache to the system > cache, but doesn't set right permissions. Couldn't this be a security > hole? > > -rw-r--r-- 1 giovanni giovanni 662K 2007-04-14 14:47 yelp_2.18.1-1_i386.deb > -rw-r--r-- 1 root root 44K 2007-04-22 11:47 ytalk_3.3.0-3_i386.deb
Sorry for taking so long to respond to this bug report. I agree that the packages in /var/cache/apt should be owned by root. Apt-watch is basically doing a mv of the debs from the user's home directory to the system package cache and it should change the ownership once they have been moved. I'll look at changing this behavior when I have free time to work on apt-watch. John
signature.asc
Description: This is a digitally signed message part
