Hi, I wasn't sure whether to post this under the Applications component or the security component. I eventually decided on security, but have made it a minor issue. Sorry if that's the wrong place... Whilst emerging portaudio I spotted the following notice: QA Security Notice: - /usr/include/portaudio/portaudio.h will be a world writable file. - This may or may not be a security problem, most of the time it is one. - Please double check that portaudio-18.1-r3 really needs a world writeable bit and file bugs accordingly. I'm guessing the include file doesn't actually have to be installed world writable, and I guess technically someone malicious could alter it so as to backdoor any program relying on portaudio, maybe, perhaps. It's a bit tenuous, but it seems easily fixed. If you need any further information, please let me know...
sound please check and provide a new ebuild if necessary, thank you.
arm, ia64, and sh should mark stable. Only 18.1-r3 is affected. I marked amd64, sparc, ppc64, and x86 stable since I test on those archs. I don't think a GLSA is neccessary.
Thx Jeremy. This one is ready for GLSA decision. I tend to vote NO. arm, ia64, and sh please test and mark stable.
Bad product/component
> I don't think > a GLSA is neccessary. Same thing here.
i tend to say no, too
No and closing.
