Comment 8 for bug 2022088

Just an aside, and this will not block the SRU process, but enforcing strength.conf to not be world-readable looks unnecessarily brittle. AFAICS one does not configure cryptographic secrets in this file.