|
err := s.bucket.PutReader(key, item, item.Size, mime.TypeByExtension(filepath.Ext(item.Path)), s3.PublicRead) |
Defaulting to a public ACL on a bucket object upload is not at all a secure practice. Preferably, object ACLs could be added via CLI options. If anything is hardcoded it should be BucketOwnerFullControl.