Package: fotoxx Version: 14.07.1-1 Severity: normal Dear Maintainer,
The version of fotoxx available to Jessie, version 14.07.1-1, contains code which runs at startup to: * Phone home. * Attempt to update itself. "Phoning home", no matter how benignly, without explicit consent from the user is somethign that was should not encourage. The code also attempts to download new releases, which is something that should not be done - we're Debian users and our updates should come from Debian packages, rather than random binaries downloaded via 'wget' insecurely. Please read the `int initzfunc(void *)` function, as implemented in fotoxx-14.07.1.cc. My preferred solution would be to add "return 0;" at teh head of that function, but as maintainer you get to decide how much should be neutered. [This functionality is new, it was not present in the squeeze/wheezy versions.] -- System Information: Debian Release: 7.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.14-0.bpo.1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
