> Don't you think it's kind of an openssl bug to create the key material
> with full permissions? Shouldn't it creat("keyfile", 0600)?
Would be nice I suppose.
> This aside, I'd recommend working around the issue by creating the key
> file beforehand with restricted permissions, and not touching umask:
I could imagine it working or failing depending on what the openssl code
does, but I can look into it.
> https://bugs.internet2.edu/jira/browse/SSPCPP-281 is pretty much
> orthogonal to this (and I'm not sure it's worth adding options which
> could be simulated by a cd before and a chown after.)
<shrug>
-- Scott
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
