package: libjs-jssip
tags: security

Hi Daniel,

thanks for working on usuable + secure RTC in the webbrowser!

During your presentation at the Paris mini-debconf I just learned that your 
libjs-jssip leaks all networks to the sip server (or calling party), which I 
consider a privacy violation (which has been implemented to improve the user 
experience by allowing the application to choose the best network connection).

Still, if I connect via route $X I expect this software not to leak my other 
routes, which might contaĆ­n sensitive information.

In the talk you said it was trivial to comment out these lines, so I'm asking 
you to do this by default and optionally allow it.


Attachment: signature.asc
Description: This is a digitally signed message part.

Pkg-javascript-devel mailing list

Reply via email to