I think i agree with trochee here. Those four bugs were filed within a few hours of each other, the result of a quick audit. If, as Ryan says, these are trivial to fix, it makes me wonder how many more serious, non- trivial problems would be uncovered by a more in-depth audit.
Since these trivial problems weren't discovered for years in the package upstream, i'm concerned that there is not an ongoing security review of the tool. This isn't a question of replacing gaskpass; it's just dropping it, so that gstm can focus on the specific functionality it offers. Why not just make gstm do one thing, and do it well? What does gaskpass offer the free software ecosystem that's not already offered by the more mature askpass implementations? -- gstm should drop gaskpass and Depend: ssh-askpass https://bugs.launchpad.net/bugs/276534 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
