Hello Dionisio, Thank you for submitting this ticket and helping to make Debian/CouchDB better.
I did some quick research and checked with the upstream CouchDB team, and there is still sensitive information being stored in the config files that should not be world readable. Specifically the server secret is generated the first time CouchDB needs it, and is then stored in local.ini. Previous versions of CouchDB had a default value for the server secret in their config file. For this reason we will not be making the config files world readable in the package. Of course, this does not stop you from changing their permissions on your own box, though it is not a recommended configuration. Cheers, -- Sam Bisbee www.sbisbee.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
