At the moment somebody could accidentally have permissions for ~/.hl_config.cfg (read in hera_librarian.settings) or other configuration file that mean they can be read by others, leaking their password.
Following the example of openssh, we should raise a warning or error out unless those permissions bar group and all reads.
At the moment somebody could accidentally have permissions for
~/.hl_config.cfg
(read inhera_librarian.settings
) or other configuration file that mean they can be read by others, leaking their password.Following the example of openssh, we should raise a warning or error out unless those permissions bar group and all reads.