Code review comment for lp:~joke/bzr/file_permissions_authentication.conf

The approach I've seen used in other contexts for such sensible informations seems to be:
- create the file with user-only persmissions,
- refuse to use it if others (even group) can read it

That's not exactly the approach taken here.

Now, I think windows doesn't provide this (user-only access) easily so we may just don't check there.

So what do others think ? Should we:

- create with 0600,
- warn if group or other have read access (not on windows)

or

- create with 0600
- refuse to use the file if group or other have read access (not on windows)

Something else ?

I'm fine with finishing this proposal if we reach a consensus, in the mean time, I'll mark this as wip.