From: Bengt Richter <bokr@bokr.com>
To: zimoun <zimon.toutoune@gmail.com>
Cc: 38422@debbugs.gnu.org
Subject: bug#38422: Bug status? '.png' files with executable permissions
Date: Tue, 21 Jan 2020 18:28:30 -0800 [thread overview]
Message-ID: <20200122022830.GA22138@LionPure> (raw)
In-Reply-To: <CAJ3okZ2ZAs+Cf0k29Aafk-LUG4FTU=wtzEJmk8pqVJ==SQ7eNQ@mail.gmail.com>
Hi zimoun,
On +2020-01-22 01:22:45 +0100, zimoun wrote:
> Dear Bengt,
>
> The bug report [1] points out files with unexpected permission; based
> on extension filename.
>
> [1] https://debbugs.gnu.org/cgi/bugreport.cgi?bug=38422
>
>
> It is not an security issue or the Guix packager did not carefully
> check the validity of these files.
>
> If you are security paranoid, you *have to* check by yourself all the
> files using "guix build -S" because in paranoid mode you cannot trust
> Guix packagers (and Guix committers neither).
>
>
> In normal mode, 2 options:
>
> a- propose a patch to change the permission for each offending package
> b- report upstream
>
> Well, at least these 3 packages docbook-xsl, faba-icon-theme, and
> moka-icon-theme comes with unexpected .png file permission.
>
>
> On the long term, I am not convinced that adding automatic check and
> permission change based on filename extension would really add Quality
> Assurance. Because we are speaking about quality, not security.
>
>
> I am inclined to close this bug. What do you think?
>
> All the best,
> simon
Ok with me to close, thanks.
--
Regards,
Bengt Richter
next prev parent reply other threads:[~2020-01-22 2:29 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-29 7:59 bug#38422: .png files in /gnu/store with executable permissions (555) Bengt Richter
2019-11-29 9:49 ` Ricardo Wurmus
2019-11-29 10:59 ` zimoun
2019-11-29 11:28 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix
2019-11-29 12:22 ` Bengt Richter
2019-11-29 12:20 ` Mark H Weaver
2019-11-29 15:03 ` Bengt Richter
2019-11-30 4:08 ` Mark H Weaver
2019-11-30 4:24 ` Brett Gilio
2019-11-30 7:45 ` Julien Lepiller
2019-11-30 20:07 ` Bengt Richter
2019-12-02 15:20 ` zimoun
2020-01-22 0:22 ` bug#38422: Bug status? '.png' files with executable permissions zimoun
2020-01-22 2:28 ` Bengt Richter [this message]
2020-01-27 19:55 ` zimoun
2020-01-22 0:31 ` bug#38422: zimoun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200122022830.GA22138@LionPure \
--to=bokr@bokr.com \
--cc=38422@debbugs.gnu.org \
--cc=zimon.toutoune@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.