[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: April report

I am just about to untake xbmc. I don't think it makes sense to continue.

Upstream bug report:

This issue, and the lack of response to the upstream bug report, clearly
makes me think upstream is not serious about security issues. As such I
think this webserver (any version) should restricted to trusted networks
by trusted users.

The reasons I feel it is unwise to continue:

* Possibility of other security issues. Probably suffers CRSF
  vulnerabilities if nothing else (No, I haven't checked properly -
  except by "grep -i CRSF" in source).
* No fixes available for any version available.
* No response to upstream bug report - Was opened in February.
* Possibility that designing my own fix might break something or not fix
  it properly.
* I don't see any evidence of tests being run during builds that might
  pick up on breakage I might accidentally introduce.
Brian May <bam@debian.org>

Reply to: