Kinoshita Daisuke <kinoshita%astro.ncu.edu.tw@localhost> writes: > --------------------------------------------------------------------------- > warning: /data0/netbsd/pkgsrc/current/pkgsrc/math/py-scipy/work/.destdir/usr/pkg/lib/python3.9/site-packages/scipy/stats/tests/test_stats.py: > group-writable file. I find often that this is related to strangeness on using various unpacking programs on the distribution tarball, and perhaps disagreements about the format of metadata. I would suggest looking at the distfile with various programs, and see what EXTRACT_USING ends up being. Sometimes the distfile is in a format supported only by some of tar/pax/gtar/bsdtar/etc. If the distfile really has files with group/other write permissions, then it might be necesssary to fix those after unpacking. But probably if so you should report a bug upstream, as that creates a window when an attacker could change one of the files.
Attachment:
signature.asc
Description: PGP signature