[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security: Be careful with StarDict!

On Tue, Aug 05, 2025 at 09:43:03 +0700, Max Nikulin wrote:
> I agree with Vincent that without *explicit* user consent applications
> should not send to remote servers what they gathered by listening for
> changes of primary selection or clipboard. Even if upstream packages (source
> code, flatpak, snap) have similar features enabled by default, I would
> expect from Debian maintainers to change defaults to be more careful with
> user data.

There is an open bug for this,
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806960>.

According to <https://tracker.debian.org/pkg/stardict>, the package
was removed from testing and unstable in April 2020, but it was
brought back in December 2021.  Bug #806960 was upgraded to
Severity: Important in June 2022, a year before Bookworm's release.

I have no idea why stardict was allowed into Bookworm in this state.
Shouldn't an open "Important" bug have blocked it?

According to <https://packages.debian.org/search?keywords=stardict>,
the package is still in Trixie as well.  Again, I don't know why
it isn't being blocked.  Or better yet, fixed.
Reply to: