[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Upstream bug about WPAD security issues

As I discovered that libsoup SVN trunk has libproxy as an optional build
dependency, I stumbled upon this ITP, and found out that upstream has
been made aware of this issue:


Based on that bug, I assume that a future release release will offer
Debian these options:

1) Don't ship the offending plugin at all in a/the binary package, or
2) disable the use of the plugin via the default config file

I think admins should be free (and in general are, FWIW ;-)) to shoot
themselves and the users of the boxes they administer in the proverbial
foot, so I'd suggest going with (2).

However, I agree that until this "feature" can be reliably and
mandatorily disabled by the admin (and is disabled by a stock Debian
install), this package should not enter Debian.

Regards, Rotty

Reply to: