[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#509063: ITP: libproxy -- automatic proxy configuration management library

On Thu, Dec 18, 2008 at 6:13 PM, Michael Banck <mbanck@debian.org> wrote:
> On Thu, Dec 18, 2008 at 12:51:34PM +0100, Bastien ROUCARIES wrote:
>> On Thu, Dec 18, 2008 at 12:35 PM, Bjørn Mork <bmork@dod.no> wrote:
>> > Florian Weimer <fw@deneb.enyo.de> writes:
>> > I would very much like this library to become the *only* WPAD
>> > implementation anywhere.  Hopefully eventually with some ability to
>> > define local policies, where the default Debian policy could be very
>> > strict.  E.g. "Never trust DNS for WPAD", or "Never use WPAD at all".
>> I tend to agree, we have not forbidden root to do rm -arf .
>> It is the same, it is a policy problem. With current libproxy, could root
>>  forbid the use of WPAD, even if user ask it?
> Dan Winship, one of the libproxy authors, replied:
> |    - The fact that it's broken doesn't change the fact that lots of
> |      sites use it
> |
> |    - It's already implemented by other programs in the distro anyway
> |      (notably Firefox)
> |
> |    - Its use in libproxy can be disabled system-wide by the
> |      administrator
> |
> |I think in current libproxy WPAD is enabled by default though. We should
> |make sure that's changed.

I will be interesting also to add a link or copy verbatim (with author
permission) in README.Debian, the poisson pill
of this protocol, see for instance
and some explanation about (in)security of wpad.



Reply to: