Bug#571631: libapache2-mod-shib2: shib-keygen generates world-readable key file
Dominic Hargreaves
dom at earth.li
Mon Mar 1 14:54:29 UTC 2010
On Mon, Mar 01, 2010 at 03:41:51PM +0100, Ferenc Wagner wrote:
> Upstream fixed this (with amazing speed -- thanks, Scott!) by using
> umask 177. This is stricter than requested, as it affects the
> certificate as well, not only the key. Dominic, is this acceptable for
> you?
Yes, that's fine. Personally I would have arranged for the certificate
to be left world-readable, to reflect the status of the data contained
within, but if you prefer to use what upstream has done then I
appreciate that will be more convenient.
> (Btw. I recommend using the backported packages, they are more
> mature in several respects besides the higher version numbers.)
Thanks for the tip; I'll bear it in mind if we encounter a need
for functionality not available in Debian stable, but I would prefer
to stick with stable otherwise.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the Pkg-shibboleth-devel
mailing list