Michael Banck wrote:
> FYI, a member of the Debian security team raised concerns:
>
> "WPAD is a broken protocol with security issues inherent to the DNS
> devolution mechanism (which is also performed by libproxy). Please
> don't add implementations to the Debian archive."
>
> http://lists.debian.org/debian-devel/2008/12/msg00737.html
>
> Forwarding here without further comments as I have no idea about the
> security implications.
As noted in the followups:
- The fact that it's broken doesn't change the fact that lots of
sites use it
- It's already implemented by other programs in the distro anyway
(notably Firefox)
- Its use in libproxy can be disabled system-wide by the
administrator
I think in current libproxy WPAD is enabled by default though. We should
make sure that's changed.
-- Dan
_______________________________________________
desktop-devel-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/desktop-devel-list
