>>>>> On Thu, 02 Apr 2020, Alessandro Barbieri wrote:

> I have concerns about the inclusion of zoom in ::gentoo. For me it's
> more like a malware.

Gentoo is about choice. If users want to use Zoom (or have to, because
their employer schedules a meeting using that platform) then it is not
our call to stop them.

> From the hacker news feed you'll find out that:

> [1] zero day vulnerability found
> [2] passwords are truncated to 32 bit
> [3] previously sent data to facebook
> [4] end to end traffic isn't encrypted
> [5] signed binary run unsigned script

> 1 https://techcrunch.com/2020/04/01/zoom-doom/?guccounter=1
> 2 https://news.ycombinator.com/item?id=22749706
> 3 
> https://www.vice.com/en_us/article/z3b745/zoom-removes-code-that-sends-data-to-facebook
> 4 https://theintercept.com/2020/03/31/zoom-meeting-encryption/
> 5 https://news.ycombinator.com/item?id=22746764

Right, and I (as its Gentoo maintainer) won't recommend Zoom to anyone,
nor use it myself unless I am forced to.

However, if we would remove the package from the Gentoo repo, users
would inevitably install it from one of the overlays listed at
https://gpo.zugaina.org/net-im/zoom-bin (there are even more, named
net-im/zoom or app-office/zoom), which vary in quality. Most of them
install bundled libraries which are old and vulnerable, e.g. Qt 5.9.6.

I believe that the number of overlays (more than a dozen) containing the
package shows that there is demand for it. In the main tree we have at
least a chance to address bug reports.


Attachment: signature.asc
Description: PGP signature

Reply via email to