In my opinion, it's still better to have the file not world-readable by
default. I looked to add-apt-repository for precedent, and the only
information I found was bug #399709 - however, add-apt-repository also
doesn't truly have support for adding private ppas (you can pass it a
full url with embedded credentials, but then it doesn't DTRT for gpg key
imports). So I don't think this is a relevant precedent at all.
** Changed in: ubuntu-advantage-tools (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700611
Title:
sources.list file created for ESM is world-readable, leaks subscriber
token to all local users
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1700611/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
