[Bug 1922130] Re: Request addition of Fedora / Redhat "sftp-force-permissions" patch

Paride Legovini 1922130 at bugs.launchpad.net
Thu Apr 1 16:06:57 UTC 2021 

Hi Mark and thanks for this bug report. I can see how the flag
introduced by the "sftp-force-permissions" patch could come handy,
however I doubt we are going to include in the Ubuntu package unless
there's a compelling reason for doing so. And if such a compelling
reason did exist, then I think it should be brought to the attention of
the upstream openssh developers, without delivering the functionality
with a distribution specific patch.

My suggestion here is to:

 - Poke upstream about this. Note that they may have a good rationale
for *not* including the patch, given that it's small and they didn't
already do so.

 - File a bug in Debian. The Ubuntu openssh package is almost a sync
from Debian, which is another good reason to avoid including an
additional delta to it, with all its long-term implications (old
memories here: [1]). If Debian includes the patch then Ubuntu will pick
it up with the following package syncs or merges.

I'm going to triage this as a Wishlist bug for now. This is not a final
word, but I doubt the importance of this bug is likely to be bumped
without a compelling use case that would be enabled by adding the patch.

[1] https://www.debian.org/security/2008/dsa-1571

** Changed in: openssh (Ubuntu)
       Status: New => Triaged

** Changed in: openssh (Ubuntu)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1922130

Title:
  Request addition of Fedora / Redhat "sftp-force-permissions" patch

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  Fedora / Redhat ships openssh with a patch which adds "-m force
  permission" flag to sftp-server.

  This is quite a common feature request / support request on the
  various stackexchange sites - https://superuser.com/questions/332284
  /in-sftp-how-to-set-the-default-permission-for-all-files-in-a-folder

  You will see that someone has answered "add -m" there which is indeed
  the simplest answer by a distance but unfortunately it's a non
  standard patch:

  https://src.fedoraproject.org/rpms/openssh/blob/f34/f/openssh-6.7p1
  -sftp-force-permission.patch

  This I think should supersede #563216 because they have been shipping
  this in production presumably since at least 2015 (I see it in fedora
  22 branch), so it is a known stable patch compared to the one
  suggested there.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1922130/+subscriptions

More information about the foundations-bugs mailing list