Am 01.06.2015 um 18:49 schrieb Christoph Anton Mitterer: > On Mon, 2015-06-01 at 05:30 +0200, Michael Biebl wrote: >> Please file this issue upstream and report back with the bug number. > I kindly ask someone else to report this upstream. > > My past experience has shown that upstream has no interest in security, > e.g. when I reported the extremely critical bug that each of epiphany's > TLS connections can be immediately hacked by simply redirecting. > That was denied at first and IIRC is still not solved. > > I've just noted this further security issue by accident and reported it > for the benefit of other Debian users, e.g. the package description > could warn about the great security deficiencies in epiphany (at least > if the TLS bug is still open) or the product could be removed from > Debian altogether. > That being said, I consider contributing upstream a waste of time since > there seem to be no interest in security, which is why I'd ask someone > else to take these struggles.
Too bad you see it that way. >> control: severity -1 important > Oh and I don't think that this is appropriate. > It basically means that this bug is hidden away unless people manually > search the BTS (apt-listbugs won't show it with just important). > And since a non working Tor can mean much more critical things to some > people than anything our severities covers, from torture to death, hyperbole, eh? I'm sure it kills kittens, too. we > should rather employ the loudest bells and whistles to inform anyone > that epiphany cannot be securely used with Tor. Feel free to talk to the debian security team. If they confirm your assessment of the severity, I have no objections to raise the severity again. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
