Re: libproxy as external dependency

On Thu, Nov 06, 2008 at 03:01:01PM +0100, Vincent Untz wrote:
> Le mardi 21 octobre 2008, à 10:30 -0400, Nathaniel McCallum a écrit :
> > I'd like to propose libproxy (LGPL 2.1+;  
> > as a blessed external dependency for  
> > GNOME 2.26.  libproxy is currently used by vlc and neon and libsoup and  
> > webkit are considering adopting it.
> The only argument I see against libproxy is "yet another library while
> we're trying to reduce the number of libraries" and people seemed to
> agree that this is actually not a real issue.
> So I guess we can accept it, unless someone else raises another issue?

FYI, a member of the Debian security team raised concerns:

"WPAD is a broken protocol with security issues inherent to the DNS
devolution mechanism (which is also performed by libproxy).  Please
don't add implementations to the Debian archive."

Forwarding here without further comments as I have no idea about the
security implications.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]