We currently use a umask of
027. This is due to historical reasons, when some people preferred a (pre-database) setup in which each list ran as a different unix-user while a "meta user" needed access for maintenance work.
These days we are not aware of anyone still running such a setup, and if someone does it could still work without group readable list directories.
Using a umask of
077 on the other hand has two obviuos advantages:
- a generally reduces chance to accidentally reveal private keys,
- we can get rid of the flag
--no-permission-warningfor gpg when accessing it through the shell. Gpg's warnings might be debateable, but bluntly silencing them isn't a good way, either.