[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#38422: Bug status? '.png' files with executable permissions
|
From: |
Bengt Richter |
|
Subject: |
bug#38422: Bug status? '.png' files with executable permissions |
|
Date: |
Tue, 21 Jan 2020 18:28:30 -0800 |
|
User-agent: |
Mutt/1.10.1 (2018-07-13) |
Hi zimoun,
On +2020-01-22 01:22:45 +0100, zimoun wrote:
> Dear Bengt,
>
> The bug report [1] points out files with unexpected permission; based
> on extension filename.
>
> [1] https://debbugs.gnu.org/cgi/bugreport.cgi?bug=38422
>
>
> It is not an security issue or the Guix packager did not carefully
> check the validity of these files.
>
> If you are security paranoid, you *have to* check by yourself all the
> files using "guix build -S" because in paranoid mode you cannot trust
> Guix packagers (and Guix committers neither).
>
>
> In normal mode, 2 options:
>
> a- propose a patch to change the permission for each offending package
> b- report upstream
>
> Well, at least these 3 packages docbook-xsl, faba-icon-theme, and
> moka-icon-theme comes with unexpected .png file permission.
>
>
> On the long term, I am not convinced that adding automatic check and
> permission change based on filename extension would really add Quality
> Assurance. Because we are speaking about quality, not security.
>
>
> I am inclined to close this bug. What do you think?
>
> All the best,
> simon
Ok with me to close, thanks.
--
Regards,
Bengt Richter