libosso review:
- should not be a native package
- libosso-test is empty
- libosso-dev ships the same html files as -doc, they should be removed
- What is the motivation for the separate libosso-dbus-conf package? the
description does not say much about the purpose, and none of the binaries ship
any dbus service.
- the system bus policy currently says "allow all operations for all users on
all backends", which is not acceptable for a package in main (since this opens
a huge security hole if someone installs this on an Ubuntu desktop system).
- The session bus policy has the same problem, it allows all users to connect
to all other user's session buses. That might not be a problem on mobile
devices, but if they get multiuser support, or run some privilege separation
(e. g. between browser and local apps), then this should be restricted
sensibly, too.
** Changed in: libosso (Ubuntu)
Assignee: (unassigned) => Martin Pitt (pitti)
Status: New => Incomplete
--
First cut of source packages for -mobile promotions
https://bugs.launchpad.net/bugs/149275
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
