On 07/31/2014 08:31 PM, Ben Finney wrote:
Is that sufficiently explanatory?
It is certainly better than the status quo, but I must admit I don't understand why you place more importance on following a now known-to-be-insecure default rather than going with a secure-by-default design. If a daemon user needs world-writable files it is not hard to change the daemon umask setting to 0, but by having it be something else, such as 077, then all who are ignorant of the trap still won't fall into it -- and if something isn't working correctly because a group or world user can't access the files, then the program author can be educated when they read the doc-string that explains why that setting was chosen, and what the risks are when choosing something else.
-- ~Ethan~ _______________________________________________ python-daemon-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-daemon-devel
