> Previously we decided that ESP should be mounted with umask=0077
I don't agree that this was ever a decision we consciously made; the previous bug report never mentioned what umask we would change it to, it only says that world-writable is incorrect.
But I think that files on the ESP should be world-readable by default, so umask=0077 is also wrong.
The ideal settings for this vfat filesystem would be dmask=0022,fmask=0133 for traversable directories and files that are world-readable but executable by no one.
> Previously we decided that ESP should be mounted with umask=0077
I don't agree that this was ever a decision we consciously made; the previous bug report never mentioned what umask we would change it to, it only says that world-writable is incorrect.
But I think that files on the ESP should be world-readable by default, so umask=0077 is also wrong.
The ideal settings for this vfat filesystem would be dmask=0022, fmask=0133 for traversable directories and files that are world-readable but executable by no one.