On Sun, Jul 14, 2024 at 19:38:26 +0200, Hans wrote: > Hi Greg, > > yes, did already change it. However, this looks like a security hole for me, > as I believe, not many people or admins are changing this. > > IMO debian should change this in the next release, but I doubt it. > > I will ask the security team for it, they will decide.
It is NOT a security issue. Any files that contain secret data are protected by their individual permissions, as set by the programs that create them. Like your ssh private keys: hobbit:~$ ls -l .ssh total 72 ... -rw------- 1 greg greg 1876 Sep 24 2019 id_rsa -rw-r--r-- 1 greg greg 394 Sep 24 2019 id_rsa.pub The other 99.9% of your files are not secret, so they don't need to be hidden.
