severity 652914 normal
retitle 652914 should document how to not run xmms2d insecurely
thanks

> - in the default configuration, xmms2d is secured using UNIX domain
> sockets, this is reasonably secure
> 
> - however, users may be tempted to enable TCP mode, which has no
> security at all

The existence of inadvisable configurations is not, in itself, a
release-critical bug (confirmed by release team members on IRC).
Downgrading this to a non-RC severity.

> - the manual (easily found by Google) provides easy instructions to
> enable TCP mode, but no warnings about security consequences
> http://xmms2.org/wiki/Using_the_application

Happily, this appears to be a wiki, so interested users can correct this.

> - put warnings in the online documentation and add a readme file with a
> security warning

Patches welcome, but this is not RC.

Regards,
    smcv
    at the Cambridge BSP



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to