There seems to be a difference in behavior in apt. Precise's apt-cache, for example, doesn't seem to care:
ubuntu@precise-esm:~$ l /etc/apt/sources.list.d/staging-ubuntu-esm-precise.list -rw------- 1 root root 200 Jun 7 18:35 /etc/apt/sources.list.d/staging-ubuntu-esm-precise.list ubuntu@precise-esm:~$ apt-cache policy landscape-client landscape-client: Installed: (none) Candidate: 14.12-0ubuntu0.12.04 Version table: 14.12-0ubuntu0.12.04 0 500 http://br.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 100 /var/lib/dpkg/status 12.04.3-0ubuntu1 0 500 http://br.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages ubuntu@precise-esm:~$ sudo apt-cache policy landscape-client landscape-client: Installed: (none) Candidate: 14.12-0ubuntu5.12.04 Version table: 14.12-0ubuntu5.12.04 0 500 https://extended.security.staging.ubuntu.com/ubuntu/ precise/main amd64 Packages 14.12-0ubuntu0.12.04 0 500 http://br.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 100 /var/lib/dpkg/status 12.04.3-0ubuntu1 0 500 http://br.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages So I would be OK for this change on precise, and also trusty (just tested) where it has the same behavior as precise. But from xenial onwards it breaks apt-cache as a whole for non-root users: ubuntu@xenial-test:~$ apt-cache search juju E: Opening /etc/apt/sources.list.d/juju-ubuntu-stable-xenial.list - ifstream::ifstream (13: Permission denied) E: The list of sources could not be read. ubuntu@xenial-test:~$ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1700611 Title: sources.list file created for ESM is world-readable, leaks subscriber token to all local users To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-advantage-script/+bug/1700611/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs