Funny,
I point out some programming mistakes, not really important security
issues, but easily fixable and the maintainer (check #286392) think that
there is no need to protect user's from unsafe umask settings even if most
temporary file/directory implementations say otherwise.
What do you guys think? There are a few bugs I have reported that are
really not very important security-wise since they are only race conditions
when the user has an unsafe umask, however, the fix is simple and prevents
this from happening. Do you believe the maintainer/upstream should fix
this?
Feel free to feed some of your thoughts to the BTS, to change the
maintainer's opinion. I'm not asking for a DSA on this, it is as low a
security risk as it can get, but I can't understand why somebody would
object to such a simple fix! (check the patch)
Regards
Javier