Bug#739575: python-pysam-tests: world writable directory tree: /var/lib/pysam/tests

Control: tag -1 security On 2014-02-20 13:46, Andreas Tille wrote: On Thu, Feb 20, 2014 at 11:47:51AM +0100, Andreas Beckmann wrote: On 2014-02-20 10:08, Andreas Tille wrote: Hi Andreas, the directory is intended to be written by the world since the whole world should be able to run the

Bug#739575: python-pysam-tests: world writable directory tree: /var/lib/pysam/tests

On Fri, Feb 28, 2014 at 10:18:09AM +0100, Andreas Beckmann wrote: I absolutely disagree to losing the ability to trust that content shipped in Debian packages can only be modified with root privileges. I very much agree. I would've thought that would even be written down in the Debian policy,

Bug#739575: python-pysam-tests: world writable directory tree: /var/lib/pysam/tests

Hi, On Fri, Feb 28, 2014 at 10:42:26AM +0100, Moritz Mühlenhoff wrote: On Fri, Feb 28, 2014 at 10:18:09AM +0100, Andreas Beckmann wrote: I absolutely disagree to losing the ability to trust that content shipped in Debian packages can only be modified with root privileges. I very much

Bug#739575: python-pysam-tests: world writable directory tree: /var/lib/pysam/tests

Hi Andreas, the directory is intended to be written by the world since the whole world should be able to run the test suite there ... this is the purpose of this package at all: Let everybody run the test (including autopkgtest) and forget about the directory afterwards. Do I need to mark this

Bug#739575: [Debian-med-packaging] Bug#739575: python-pysam-tests: world writable directory tree: /var/lib/pysam/tests

Le Thu, Feb 20, 2014 at 10:08:16AM +0100, Andreas Tille a écrit : Hi Andreas, the directory is intended to be written by the world since the whole world should be able to run the test suite there ... this is the purpose of this package at all: Let everybody run the test (including

Bug#739575: Bug#739575: python-pysam-tests: world writable directory tree: /var/lib/pysam/tests

Hi Charles, On Thu, Feb 20, 2014 at 06:26:36PM +0900, Charles Plessy wrote: Le Thu, Feb 20, 2014 at 10:08:16AM +0100, Andreas Tille a écrit : Hi Andreas, the directory is intended to be written by the world since the whole world should be able to run the test suite there ... this is the

Bug#739575: python-pysam-tests: world writable directory tree: /var/lib/pysam/tests

On 2014-02-20 10:08, Andreas Tille wrote: Hi Andreas, the directory is intended to be written by the world since the whole world should be able to run the test suite there ... this is the purpose of this package at all: Let everybody run the test (including autopkgtest) and forget about

Bug#739575: [Debian-med-packaging] Bug#739575: Bug#739575: python-pysam-tests: world writable directory tree: /var/lib/pysam/tests

Le Thu, Feb 20, 2014 at 10:36:57AM +0100, Andreas Tille a écrit : While I agree that this would solve this formal problem I think providing (potentially large chunks of) data which are only to run a test and force people to create various copies of them is an insane consequence of the

Bug#739575: python-pysam-tests: world writable directory tree: /var/lib/pysam/tests

On Thu, Feb 20, 2014 at 11:47:51AM +0100, Andreas Beckmann wrote: On 2014-02-20 10:08, Andreas Tille wrote: Hi Andreas, the directory is intended to be written by the world since the whole world should be able to run the test suite there ... this is the purpose of this package at all:

Bug#739575: python-pysam-tests: world writable directory tree: /var/lib/pysam/tests

Package: python-pysam-tests Version: 0.7.5-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package ships a world writable directory and several world writable files in there. From the attached log (scroll to the bottom...):