On Mon, 03 Apr 2017 at 09:35:59 +0100, Iain Lane wrote: > > --- gtk-sharp2-2.12.40/debian/rules 2016-11-15 13:04:31.000000000 +0000 > > +++ gtk-sharp2-2.12.40/debian/rules 2017-04-02 18:33:48.000000000 +0100 > > @@ -83,7 +83,7 @@ > > dh_fixperms -i > > dh_clifixperms -i > > dh_clistrip -i > > - dh_cligacpolicy -i > > + umask 022 && dh_cligacpolicy -i > > dh_makeclilibs -m $(API_VERSION) > > dh_installcligac -i > > dh_clideps -i -d > > @@ -107,7 +107,7 @@ > > dh_fixperms -a > > dh_clifixperms -a > > dh_clistrip -a > > - dh_cligacpolicy -a > > + umask 022 && dh_cligacpolicy -a > > dh_makeclilibs -m $(API_VERSION) > > dh_installcligac -a > > dh_clideps -a -d > > Hmm, what's going on here?
As the changelog mentions, I got a lintian warning for policy files with 0775 and 0664 permissions. This seemed like a potential security risk, so I fixed that by setting a more restrictive umask for the step that generates those files. (I didn't do anything deliberate to get umask 002, but my automated build environment, <https://github.com/smcv/vectis>, might accidentally end up with umask 002 or be building in a 2775 directory.) I think this could maybe be fixed by putting dh_cligacpolicy earlier in the sequence than dh_fixperms, but I didn't want to alter the sequence in an NMU. S
