Tue, 20 Jan 2009 18:39:54 +0100 Patrick Matthäi <patrick.matth...@web.de> wrote:
> Hello, > > I think a solution would be, if debconf maintains his config.dat with > mode 0600. AFAIK there is no need for g+r,a+r for it. I think this would be workaround, and not the real fix. passwords should not be stored in debconf anyway. I don't know ucf internals, but why not to delete this data from debconf somewhere after user made decision? It whould be the best idea? (But may be config.dat should also be 0600, to prevent bad guys, who could permanently monitor it for private data with icron or any other method.) -- Best regards, Alexander GQ Gerasiov Contacts: e-mail: g...@cs.msu.su Jabber: g...@jabber.ru Homepage: http://gq.net.ru ICQ: 7272757 PGP fingerprint: 0628 ACC7 291A D4AA 6D7D 79B8 0641 D82A E3E3 CE1D -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
