On 2018-06-23 17:21, procmem wrote: > Package: gajim > Version: all > Severity: serious > > Please consider packaging the plugin installer separately (to make its > install optional) as it prompts users to update and install additional > code from untrusted sources which violates Debian's package security > assumptions. > > (/usr/share/gajim/plugins/plugin_installer/)
This is already done since some time. gajim-plugininstaller is a separate package and not even suggested by the package gajim. Please try an up-to-date version of Gajim, e.g. 1.0.3-1 (Debian unstable and testing) or 1.0.3-1~bpo9+1 (Debian stable with official backports enabled).
