Your message dated Fri, 08 Nov 2024 18:02:35 +0000 with message-id <[email protected]> and subject line Bug#1081403: Removed package(s) from unstable has caused the Debian Bug report #946631, regarding profitbricks-sdk-python: store plain-text world-readible login details to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 946631: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946631 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: python3-profitbricks Version: 4.1.3-3 98 def _save_config(self, filename=None): 99 """ 100 Save the given user configuration. 101 """ 102 if filename is None: 103 filename = self._config_filename 104 parent_path = os.path.dirname(filename) 105 if not os.path.isdir(parent_path): 106 os.makedirs(parent_path) 107 with open(filename, "w") as configfile: 108 self._config.write(configfile) 144 def _get_password(self, password, use_config=True, config_filename=None, 145 use_keyring=HAS_KEYRING): 163 if not password and use_config: 164 if self._config is None: 165 self._read_config(config_filename) 166 password = self._config.get("credentials", "password", fallback=None) 186 password = getpass.getpass(question) 187 store_plaintext_passwords = self._config.get( 188 "preferences", "store-plaintext-passwords", fallback=None) 189 if store_plaintext_passwords != "no": 190 question = ("Do you want to store your password in plain text in " + 191 self._config_filename()) 192 answer = ask(question, ["yes", "no", "never"], "no") 193 if answer == "yes": 194 self._config.set("credentials", "password", password) 195 self._save_config() Now, I haven't tried, but I know I now have this file: |-rw-r--r-- 1 mattia mattia 44 Dec 11 17:20 /home/mattia/.config/profitbricks-sdk-python.ini that is world-readible. At this time it only contains my username: |% cat ~/.config/profitbricks-sdk-python.ini |[credentials] |username = [email protected] | |% But I believe that if I set that "store-plaintext-passwords" magic switch, however well the library tries to have the user not to, it would then store the password in a world-readible file. If the user wants to shoot itself in the foot, at least please help him dodge the bullet a bit by making the file 600 and not the umask's default (644). I'm relieved that at least that by default it saved the password in the keyring (I hope) :) -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Version: 4.1.3-3+rm Dear submitter, as the package profitbricks-sdk-python has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1081403 The version of this package that was in Debian prior to this removal can still be found using https://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]. Debian distribution maintenance software pp. Thorsten Alteholz (the ftpmaster behind the curtain)
--- End Message ---
