Re: [Security] Permissions incorrect on some of Python's fil
Posted: 27. Jan 2013, 22:33
Thanks GJones, I found that reply to be helpful. The distribute module, though, might be special in that it serves, IIRC, as the basis for both of the (semi-)official Python package installation methods: easy_install and pip.
So there just might, perhaps, be a reason why its permissions need to be different from most other Python packages. That's just wild speculation on my part.
These days we're all, to some degree, up-to-our-ears-in-alligators busy. We've got to continuously juggle priorities just to stay focused on being productive.
Many of us also take security very seriously, and a report such as this one can easily send us on a detour to plug a possible hole. The danger here is that an inappropriate fix could seriously impact our workflow.
So while I really am grateful for your bringing this to our attention, it would also be great if you could follow up just enough, past the fragment posted from your e-mail Inbox, to find a link where we could find some definitive information.
Thanks, and I hope that I've sincerely conveyed both my gratitude and my concerns here.
So there just might, perhaps, be a reason why its permissions need to be different from most other Python packages. That's just wild speculation on my part.
These days we're all, to some degree, up-to-our-ears-in-alligators busy. We've got to continuously juggle priorities just to stay focused on being productive.
Many of us also take security very seriously, and a report such as this one can easily send us on a detour to plug a possible hole. The danger here is that an inappropriate fix could seriously impact our workflow.
So while I really am grateful for your bringing this to our attention, it would also be great if you could follow up just enough, past the fragment posted from your e-mail Inbox, to find a link where we could find some definitive information.
Thanks, and I hope that I've sincerely conveyed both my gratitude and my concerns here.