On Mon, Mar 28, 2016 at 06:30:51AM +0200, Salvatore Bonaccorso wrote: > Hi Julian, > > On Sun, Mar 27, 2016 at 07:04:27PM +0100, Julian Gilbey wrote: > > Hello, > > > > I'm reporting this directly rather than via the BTS as it may be a > > security hole. > > > > Somehow, part of the gitlab configuration process created a file > > called /var/lib/gitlab/.gitlab_shell_secret, with a symlink from > > /usr/share/gitlab-shell/.gitlab_shell_secret. I don't know its > > purpose, but I would assume that it is some form of secret key. > > However, the /var/lib/gitlab/.gitlab_shell_secret file is > > world-readable, which is not likely to be the desired file mode. 640 > > would be - presumably - more appropriate. > > > > Other non-security bugs going to the BTS.... > > Since our gitlab package is not yet in a stable release, please report > this directly to the BTS. I think it's safe to do so in this case. > > Regards, > Salvatore
OK, shall do, thanks! Julian _______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
