Thanks for the report. The init script isn't the place to fix this. While definitely convenient, using it is by no means mandatory. Hence, fixes in there won't have any effect in case the program is started by other means. In addition, I dislike the concept of an init script making changes inside users' home directories.
The discussion on the upstream forums I assume you are referring to had people suggesting encryption for the ini file, which is indeed useless for the reasons given by the developers. Initially creating the file with more secure permissions (as compared to common default umasks of 022 or 002) might make sense though, while not doing any damage. I'll discuss with upstream first. BTW: I'll leave severity and tags alone for now, although I don't really think this is a security issue in sabnzbdplus. More like the logical result of a not-very-good-for-privacy umask of 002 or 022 (which impacts any program that creates files), and/or bad security practices such as reusing login passwords.
signature.asc
Description: PGP signature
