=== modified file 'debian/changelog' --- debian/changelog 2008-09-30 20:12:00 +0000 +++ debian/changelog 2008-10-01 15:29:01 +0000 @@ -1,3 +1,10 @@ +mandos (1.0-1) unstable; urgency=low + + * Added comments in debian/*.lintian-overrides files. Added Debian + revison number to version number. + + -- Teddy Hogeborn Wed, 01 Oct 2008 17:23:35 +0200 + mandos (1.0) unstable; urgency=low * Initial Release. (Closes: #500727). === modified file 'debian/mandos-client.lintian-overrides' --- debian/mandos-client.lintian-overrides 2008-09-30 19:05:13 +0000 +++ debian/mandos-client.lintian-overrides 2008-10-01 15:29:01 +0000 @@ -1,8 +1,32 @@ +# This example command line is long without spaces, but it must be +# that way; it's part of the point of showing it. +# mandos-client binary: manpage-has-errors-from-man usr/share/man/man8/plugin-runner.8mandos.gz 297: warning [p 4, 5.8i]: can't break line + +# This directory contains secret client key files. +# mandos-client binary: non-standard-dir-perm etc/keys/mandos/ 0700 != 0755 -mandos-client binary: non-standard-dir-perm etc/mandos/plugins.d/ 0700 != 0755 + +# The directory /usr/lib/mandos/plugins.d contains setuid binaries +# which are not meant to be run outside an initial RAM disk +# environment (except for test purposes). It would be insecure to +# allow anyone to run them. +# +mandos-client binary: non-standard-dir-perm usr/lib/mandos/plugins.d/ 0700 != 0755 + +# These binaries must be setuid root, since they need root powers, but +# are started by plugin-runner(8mandos), which runs all plugins as +# user/group "mandos". These binaries are not run in a running +# system, but in an initial RAM disk environment. Here they are +# protected from non-root access by the directory permissions, above. +# mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/mandos-client 4755 root/root mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/askpass-fifo 4755 root/root mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/splashy 4755 root/root mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/usplash 4755 root/root -mandos-client binary: non-standard-dir-perm usr/lib/mandos/plugins.d/ 0700 != 0755 + +# The directory /etc/mandos/plugins.d can be used by local system +# administrators to place plugins in, overriding and complementing +# /usr/lib/mandos/plugins.d, and must be likewise protected. +# +mandos-client binary: non-standard-dir-perm etc/mandos/plugins.d/ 0700 != 0755 === modified file 'debian/mandos.lintian-overrides' --- debian/mandos.lintian-overrides 2008-09-17 00:34:09 +0000 +++ debian/mandos.lintian-overrides 2008-10-01 15:29:01 +0000 @@ -1,1 +1,4 @@ +# This config file will normally have encrypted secret client keys in +# it, so it must be kept unreadable for non-root users. +# mandos binary: non-standard-file-perm etc/mandos/clients.conf 0600 != 0644