Bug#843999: jessie-pu: package wot/20151208-3

To: submit@bugs.debian.org
Subject: Bug#843999: jessie-pu: package wot/20151208-3
From: "W. Martin Borgert" <debacle@debian.org>
Date: Fri, 11 Nov 2016 17:59:08 +0100
Message-id: <[🔎] 20161111175908.Horde.Z9wY2pPsvjN9LEDIt843F-F@webmail.in-berlin.de>
Reply-to: "W. Martin Borgert" <debacle@debian.org>, 843999@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I like to upload wot without any content. wot has been identified as
spyware/malware. Instead of just removing the package and leaving our
unsuspecting users with the malware, an empty, transitional package
upgrade removes the actual plugin.

This already happens in unstable and the package will migrate to
testing soon. stable is probably not affected by most of the spy code
(applied upstream after Jessie release), but because upstream cannot
be trusted anymore, I like to do the same for stable - just in case.

So far, no package is prepared, but I can do so, if stable RMs are
OK with the upload.

See https://bugs.debian.org/842939 for the incident

And readhttps://www.kuketz-blog.de/wot-addon-wie-ein-browser-addon-seine-nutzer-ausspaeht/

if you know German :~)

Diff:
https://anonscm.debian.org/cgit/pkg-mozext/wot.git/commit/?id=e7ba54062cf84680a99529a9aa26231713a40a99

Cheers

Reply to:

Follow-Ups:
- Bug#843999: jessie-pu: package wot/20151208-3
  - From: Jonathan Wiltshire <jmw@debian.org>
- Processed: Re: Bug#843999: jessie-pu: package wot/20151208-3
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: nmu: lirc reverse-dependencies
Next by Date: Uploading linux (4.8.7-1)
Previous by thread: Bug#842699: nmu: lirc reverse-dependencies
Next by thread: Bug#843999: jessie-pu: package wot/20151208-3
Index(es):
- Date
- Thread