Robert Collins [2011-01-05 19:50 -0000]:
> One small niggle that occurs to me - we're putting credentials in
> ~/.cache now - I don't think folk are necessarily expecting
> confidential files in .cache; would .config - where confidential files
> *are* expected be better?
To me the distinction has always been "small and precious" vs. "data
that I can always trash and don't need to backup", not a question of
confidentiality. I wouldn't ever publish my browser's cache directory
either -- I wouldn't be surprised if it had online banking pages or
shopping receipts, and the like.
If anything, I'd expect the contrary - configuration files are usually
harmless, and passwords etc. belong into the GNOME keyring.
This seems to be supported by the default permissions of these dirs:
ls -ld .config .cache
drwx------ 31 martin martin 4096 2011-01-05 23:33 .cache
drwxr-xr-x 46 martin martin 12288 2011-01-03 13:23 .config
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
Robert Collins [2011-01-05 19:50 -0000]:
> One small niggle that occurs to me - we're putting credentials in
> ~/.cache now - I don't think folk are necessarily expecting
> confidential files in .cache; would .config - where confidential files
> *are* expected be better?
To me the distinction has always been "small and precious" vs. "data
that I can always trash and don't need to backup", not a question of
confidentiality. I wouldn't ever publish my browser's cache directory
either -- I wouldn't be surprised if it had online banking pages or
shopping receipts, and the like.
If anything, I'd expect the contrary - configuration files are usually
harmless, and passwords etc. belong into the GNOME keyring.
This seems to be supported by the default permissions of these dirs:
ls -ld .config .cache
drwx------ 31 martin martin 4096 2011-01-05 23:33 .cache
drwxr-xr-x 46 martin martin 12288 2011-01-03 13:23 .config
Martin www.piware. de
--
Martin Pitt | http://
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)