This one time, at band camp, Marc Haber said:
> Hi,

Hi,

> in response to #305483, the permissions on freshclam.conf have been
> tightened because the file _might_ contain proxy passwords.
> 
> This has made freshclam unuseable from a normal unprivileged account.
> 
> Please provider possibility to use freshclam as a normal user. People
> might want to use freshclam to write databases to their home directory
> (clamav-getfiles depends on this).

I can see your point.  I am not convinced that changing the global
defaults for a specialized case is the right thing to do, but perhaps I
can relax the permissions if no password is specified.

In the more general sense, I feel a little like you're trying to squeeze
freshclam into a more general purpose than it was really designed to be.
You can achieve all of the things freshclam does with host/dig, wget and
sigtool, none of which need any priviledges, or access to a config file,
and have the side efect of doing the one thing they do very well.  This
would effectively meet the needs you've outlined here, and in #236829 and
#234926.  I am not trying to change your mind, you understand, just
pointing out that these 'bugs' are more problems of trying to general-
purpose a very single purpose tool.

> In my opinion, freshclam.conf should be world readable by default,
> with the documented option for people who use proxy authentication
> that the permissions on freshclam.conf need to be tightened _then_.
> But I think that having the permissions on freshclam.conf _that_ tight
> is way over the top.
> 
> Please reconsider.

I may, but I have to think of a reasonable way to handle this.  Will
get back to you on this.  Take care,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        [EMAIL PROTECTED] |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

Attachment: pgprAS57LI8M5.pgp
Description: PGP signature

Reply via email to