Tighten umask
We currently use a umask of 027
. This is due to historical reasons, when some people preferred a (pre-database) setup in which each list ran as a different unix-user while a "meta user" needed access for maintenance work.
These days we are not aware of anyone still running such a setup, and if someone does it could still work without group readable list directories.
Using a umask of 077
on the other hand has two obviuos advantages:
- a generally reduces chance to accidentally reveal private keys,
- we can get rid of the flag
--no-permission-warning
for gpg when accessing it through the shell. Gpg's warnings might be debateable, but bluntly silencing them isn't a good way, either.