#11676: sage-pkg does not force world-readable permissions
-------------------------------+--------------------------------------------
Reporter: AlexanderDreyer | Owner: AlexanderDreyer
Type: enhancement | Status: needs_info
Priority: major | Milestone: sage-4.7.2
Component: scripts | Keywords: chmod umask install mode
Work_issues: | Upstream: N/A
Reviewer: | Author: Alexander Dreyer
Merged: | Dependencies:
-------------------------------+--------------------------------------------
Comment(by leif):
Replying to [comment:28 AlexanderDreyer]:
> The permissions in the source tree were considered as buggy. But if you
what specific permissions in the source, you need a tool to either enforce
or check this. (That patch for checking would be trivial. I'll provide it,
if there's a chance for a review.)
I'd rather set the `umask` in `sage-spkg`, and do a `chmod -R +rX` on the
''extracted'' spkg upon installation, if one wants to go triple-safe.
The added spkg "sanity check" regarding permissions is IMHO superfluous
and rather annoying; as Keshav mentioned, we should in general leave the
upstream alone, i.e., ship it really vanilla, and maybe fix individual
permissions in the corresponding `spkg-install` file if necessary.
[[BR]]
> If you want security you need to sign spkgs. But that's another quest.
I meant security on your side, not on the user's who installs an spkg.
Signing spkgs, at least those officially shipped or made available,
wouldn't be bad either, but that's a different issue. Of course also
every Sage developer could sign his spkgs; I usually provide md5sums for
mine, although for a different reason. But as far as I know Jeroen
currently repackages all spkgs anyway before they get merged into a
release, just like commit messages of patches get "beautified", regardless
of whether they already contain the ticket number.
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/11676#comment:29>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
