[Security] Permissions incorrect on some of Python's files

[jayseye]

Thanks GJones, I found that reply to be helpful. The distribute module, though, might be special in that it serves, IIRC, as the basis for both of the (semi-)official Python package installation methods: easy_install and pip.

So there just might, perhaps, be a reason why its permissions need to be different from most other Python packages. That's just wild speculation on my part.

These days we're all, to some degree, up-to-our-ears-in-alligators busy. We've got to continuously juggle priorities just to stay focused on being productive.

Many of us also take security very seriously, and a report such as this one can easily send us on a detour to plug a possible hole. The danger here is that an inappropriate fix could seriously impact our workflow.

So while I really am grateful for your bringing this to our attention, it would also be great if you could follow up just enough, past the fragment posted from your e-mail Inbox, to find a link where we could find some definitive information.

Thanks, and I hope that I've sincerely conveyed both my gratitude and my concerns here.

[GJones]

You have, and I apologize for jumping the gun on this. I'll see what I can find.

Edit: a little further research indicates that

- The files in question are owned by the "distribute" package, not the Python package
- There is no "distribute" package on the Slackware package tracker: http://packages.slackware.com/

therefore, if this is a problem, it is not an upstream problem.

Other than that I'm having problems finding anything on this. I suspect that's because these permissions are in fact abnormal, but I've yet to confirm that positively.