Package: synphot-data Version: 0.9.12 Severity: serious User: debian...@lists.debian.org Usertags: piuparts
Hi, during a test with piuparts I noticed your package ships or creates world writable files. >From the attached log (scroll to the bottom...): ERROR: BAD PERMISSIONS -rwxrwxrwx 1 4270 822 8640 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_f115lp_006_syn.fits -rwxrwxrwx 1 4270 822 8640 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_f122m_006_syn.fits -rwxrwxrwx 1 4270 822 8640 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_f125lp_007_syn.fits -rwxrwxrwx 1 4270 822 8640 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_f140lp_007_syn.fits -rwxrwxrwx 1 4270 822 8640 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_f150lp_006_syn.fits -rwxrwxrwx 1 4270 822 8640 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_f165lp_006_syn.fits -rwxrwxrwx 1 4270 822 66240 May 20 20:20 /usr/share/synphot/grp/hst/cdbs/comp/acs/acs_sbc_mama_010_syn.fits Given that this is a downloader package which has not changed since last year, but the downloaded data seems to be different nowadays, the package obviously does not check whether the downloaded files match its expectations (e.g. by comparing hashes), which is yet another RC bug. cheers, Andreas
synphot-data_0.9.12+dfsg-2.log.gz
Description: application/gzip