package: libjs-jssip tags: security Hi Daniel,
thanks for working on usuable + secure RTC in the webbrowser!
During your presentation at the Paris mini-debconf I just learned that your
libjs-jssip leaks all networks to the sip server (or calling party), which I
consider a privacy violation (which has been implemented to improve the user
experience by allowing the application to choose the best network connection).
Still, if I connect via route $X I expect this software not to leak my other
routes, which might contaĆn sensitive information.
In the talk you said it was trivial to comment out these lines, so I'm asking
you to do this by default and optionally allow it.
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
