Linus Torvalds <torvalds@xxxxxxxx> writes: > We just had a posting on the kernel security list where a person was > upset that the 2.6.19.1 and .2 tar-files were apparently group and > world-writable. I had an impression that this is only an issue when you untar as root, and running 'tar xf' as root _is_ a more serious security issue than whatever permission the tar archive itself records. Having said that, I do not see much reason for anybody to want to extract any material that is worth to be placed under version control in a way that is world-writable, so I do not mind having 002 as the default, but I feel that group-writability should be kept under control of the umask of end users who know what they are doing. Historically we used to have 022 as the default, and IIRC we loosened it exactly because some people hated that we created files and directories closed to group members. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html