On dim., 2011-02-13 at 23:18 -0500, Michael Gilbert wrote: > > So far, I've only checked xfce, and it has autorun enabled by default. > If there is consensus that this would be a good thing, then I'll start > submitting bugs. Not sure if it would be worth pushing this in a point > update for the stable releases also?
Fwiw I've been considering a chance in xfce for a long time now. I've made the change in pkg-xfce (for 4.8) already and proposed upstream (http://bugzilla.xfce.org/show_bug.cgi?id=7261) to change the default too (not only for security reasons, I find that annoying to have the thunar window popped up when I plug an usb key). In our svn (http://svn.debian.org/wsvn/pkg-xfce/goodies/branches/experimental/thunar-volman/debian/thunar-volman.xml) I've disabled all the enabled-by-default features (so automount for drives and media, autobrowse and autorun) but that's open for discussion (at least for automount, I think the two others should be left disabled by default). I don't think that warrants a DSA but it the RT wants a stable update for that I can prepare it. Regards, -- Yves-Alexis _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
