GNU bug report logs - #67323
30.0.50; [PATCH] Set a new desktop file to mode 0600

Previous Next

Full log

View this message in rfc822 format

From: Stefan Kangas <stefankangas <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>, Manuel Giraud <manuel <at> ledu-giraud.fr>
Cc: 67323 <at> debbugs.gnu.org
Subject: bug#67323: 30.0.50; [PATCH] Set a new desktop file to mode 0600
Date: Thu, 14 Dec 2023 17:17:36 -0800

Eli Zaretskii <eliz <at> gnu.org> writes:

>> From: Manuel Giraud <manuel <at> ledu-giraud.fr>
>> Cc: 67323 <at> debbugs.gnu.org
>> Date: Tue, 21 Nov 2023 14:00:28 +0100
>>
>> I had this idea while browsing savehist.el.  It have
>> 'savehist-file-modes' set to #o600 by default.  Since desktop.el could
>> also contain histories or others "secrets", I thought that it may a good
>> idea to have more strict default.
>>
>> > The users can make this file unreadable by others if they want.
>>
>> Yes and it is what I have done previously for my own desktop file.  The
>> idea here is to have saner default.  And as I said, it also works the
>> other way around ;-)
>>
>> > It's a backward-incompatible change in any case.
>>
>> You are saying that it might surprise users who rely on the "readable
>> for all" nature of one desktop file by default?  I'd have a hard time to
>> figure out such a scenario…  But anyway, if you think this patch does
>> not worth it, say it and I'll close this report.
>
> I'll wait a bit for others to chime in, if anyone has an opinion.

I think the patch makes sense.

Having defaults that protect users security and privacy better, even if
only slightly, is not a bad thing, not unless there are cases where it
hurts.  And I can't think of any such cases here.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.