Mikko Rapeli wrote: > Joey Hess wrote: > >Yes, the installation-report package owns the logs post sarge. In sarge, > >purging base-config will remove the logs, but users may not want to do > >that. > > Great, but may I propose that base-config adopts installation logs in > sarge? > > At least this patch seems quite simple. It just removes the write > permissions in a base-config update. Since the directory was open for > writing quite a while, manual inspection of the contents by the admin is > a must though.
If the security team wants to release an advisory for sarge and include this update to base-config instead of a manual chmod command, that's fine. base-config is the owner of record for the log files in sarge, after all. -- see shy jo
signature.asc
Description: Digital signature