On 10/25/22 16:40, Karl Palsson wrote:
Peter Naulls <[email protected]> wrote:
If they see what they want to see, then why should anyone else get involved in their wish fulfilment? Security review is fine, security should not be entertained, and certainly foisted on other people?
Karl, not sure where you're going with this. You haven't named anything practical here, apart from suggesting ignoring it. OpenWrt is widely used nowadays, probably more than most people expect, security reviews like this are likely to become more common. I think everyone bothering to read this understands the theatre aspects of all this that I called out in my original post. Whether things should actually be fixed (or "fixed") is certainly an open question, but if I can save someone some future grief, or at least have the discussion, then I might save myself or someone else some time. That said, I think that limiting the listening ports of uhttpd is a good idea. I hardly see any downside to it, apart from maybe adding some complexity. _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
