On 08/08/2025 20:29, Vincent Lefevre wrote:
On 2025-08-07 18:52:47 +0700, Max Nikulin wrote:
On 06/08/2025 10:18, Vincent Lefevre wrote:
Note that passwords can easily be leaked.
I see, earlier I even mentioned protocol that allows clipboard manager to
ignore text copied by password managers.
X11 selections are different from clipboard.
I am unsure what you mean. PRIMARY, SECONDARY and CLIPBOARD selections
are rather similar. Difference in behavior originates from conventions
as they are implemented in applications. I do not mind that you may
acquire much more data by scanning PRIMARY selection than from
CLIPBOARD. However some data may be available from CLIPBOARD only.
It is not relevant however to advertising extra media (MIME) type to
mark passwords. I admit, it is up to application (password manager) and
user can not ask arbitrary application to treat selection as a password.
That is why support of these hints is a minor improvement.
What is different in X11, is CUT_BUFFER's, but they are not used
nowadays just like SECONDARY (I can name a few applications, but it is
half-broken).
However I am in doubts if setting excessively high severity a few days
before release is the best way to handle the issue. Are you trying to remove
stardict packages from trixie completely? I do not think, bookworm users,
who have the application installed, will like it.
AFAIK, there are tags to ignore the RC severity for the next release.
Do you mean trixie-ignore and forky-ignore? Have you tried to negotiate
with the maintainer and with release manager to add them?
The vulnerability here is important enough to justify a high severity.
In particular, it should be signaled by apt-listbugs.
I find it valid concern. Unfortunately, it seems, in default
configuration bugs are either not listed or severity serious or above
causes removal from testing (unless "*-ignore" is added). Have I missed
anything?
Moreover, initially I had not thought that a query was even done: as
a calendar was displayed (which is really strange for a dictionary
application) and did not see anything that looked like an answer to
a query, I was just thinking of some UI bug.
I agree, it is confusing. From my point of view, a part of the problem
is that the dictionary has been developed to be convenient in specific
scenario. Privacy issues were overlooked. Recently the maintainer
received a portion of complains with almost no suggestions how to meet
expectations related to privacy while keeping convenience.
