Re: libproxy as external dependency

From: Michael Banck <mbanck debian org>
To: desktop-devel-list gnome org
Subject: Re: libproxy as external dependency
Date: Thu, 18 Dec 2008 11:14:48 +0100

On Thu, Nov 06, 2008 at 03:01:01PM +0100, Vincent Untz wrote:
> Le mardi 21 octobre 2008, à 10:30 -0400, Nathaniel McCallum a écrit :
> > I'd like to propose libproxy (LGPL 2.1+;  
> > http://code.google.com/p/libproxy/) as a blessed external dependency for  
> > GNOME 2.26.  libproxy is currently used by vlc and neon and libsoup and  
> > webkit are considering adopting it.
> 
> The only argument I see against libproxy is "yet another library while
> we're trying to reduce the number of libraries" and people seemed to
> agree that this is actually not a real issue.
> 
> So I guess we can accept it, unless someone else raises another issue?

FYI, a member of the Debian security team raised concerns:

"WPAD is a broken protocol with security issues inherent to the DNS
devolution mechanism (which is also performed by libproxy).  Please
don't add implementations to the Debian archive."

http://lists.debian.org/debian-devel/2008/12/msg00737.html

Forwarding here without further comments as I have no idea about the
security implications.

Michael

Follow-Ups:
- Re: libproxy as external dependency
  - From: Dan Winship

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]