Hi, On Tue, Jan 09, 2007 at 11:51:24PM +0100, Nico Golde wrote: > * Marcos Daniel Marado Torres <Marcos.Marado@sonae.com> [2007-01-09 17:36]: > > Package: wnpp > > Severity: wishlist > > > > Second Life is a popular graphical online virtual world by Linden Lab. > > > > Linden Lab is making the source code for the Second Life Viewer (how > > they call the client) available to everyone, licensed as GPL with one > > exception. > > Dont package this unless you want a bunch of RC bugs, its > highly insecure. For a few details > look: > http://blog.fefe.de/?ts=bb5cad1f > Sorry its in german but if you look at the code examples it > should be clear. Yeah, well. Sure the code should be fixed and secured (which will probably happen in the future now the code is open). But honestly, we already have tons of similarly insecure code in Debian, I wouldn't use this as a reason not to package it... A note in README.Debian warning the users and/or listing ways to mitigate the risks would be good, though. I recommend to contact the debian-audit mailing list and ask for help if you want to pro-actively make it more secure and/or work with upstream on this as well... HTH, Uwe. -- http://www.hermann-uwe.de | http://www.holsham-traders.de http://www.crazy-hacks.org | http://www.unmaintained-free-software.org
Attachment:
signature.asc
Description: Digital signature