Bug#509063: Upstream bug about WPAD security issues

To: 509063@bugs.debian.org, debian-devel@lists.debian.org, Florian Weimer <fw@deneb.enyo.de>
Subject: Bug#509063: Upstream bug about WPAD security issues
From: Andreas Rottmann <a.rottmann@gmx.at>
Date: Tue, 24 Mar 2009 01:39:50 +0100
Message-id: <[🔎] 87prg7bvop.fsf@delenn.lan>
Reply-to: Andreas Rottmann <a.rottmann@gmx.at>, 509063@bugs.debian.org

As I discovered that libsoup SVN trunk has libproxy as an optional build
dependency, I stumbled upon this ITP, and found out that upstream has
been made aware of this issue:

http://code.google.com/p/libproxy/issues/detail?id=21

Based on that bug, I assume that a future release release will offer
Debian these options:

1) Don't ship the offending plugin at all in a/the binary package, or
2) disable the use of the plugin via the default config file

I think admins should be free (and in general are, FWIW ;-)) to shoot
themselves and the users of the boxes they administer in the proverbial
foot, so I'd suggest going with (2).

However, I agree that until this "feature" can be reliably and
mandatorily disabled by the admin (and is disabled by a stock Debian
install), this package should not enter Debian.

Regards, Rotty

Reply to:

Follow-Ups:
- Bug#509063: Upstream bug about WPAD security issues
  - From: Emilio Pozuelo Monfort <pochu@ubuntu.com>

Prev by Date: Bug#486762: No newer upsteam source yet
Next by Date: Bug#461568: RFP: portbunny -- Linux-kernel-based port-scanner
Previous by thread: Bug#486762: No newer upsteam source yet
Next by thread: Bug#509063: Upstream bug about WPAD security issues
Index(es):
- Date
- Thread