Am Sonntag, den 03.05.2015, 02:12 +0200 schrieb Christoph Anton Mitterer: > That would be the first jailing technology where a break-out is > impossible. > Sandboxes where much more people work upon than it's probably the case > for libbluray-bdj are regularly hacked (e.g. Chromium, Firefox, etc.). > As I've said in the original report. > [...] > Even though I wouldn't know of a concrete security hole in this lib or > in the Security Manager you've mentioned, experience showed that such > things are a typical entry point for code execution. > So I think we should pro-actively "warn" users about this.
If we had a bug opened against every package which *by principle* could hold a security issue, we'd have a lot. While I think a debconf prompt is absolutely of out of question, I'd agree that it may be useful to proactively warn users. On the other hand, libbluray is usually not installed explicitely, but by dependencies of other packages. So, who is going to read that warning anyway? However, what warning added to the package description do you suggest? - Fabian
signature.asc
Description: This is a digitally signed message part
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
