On Mar 19, 2009, at 10:20 AM, Nico Golde wrote:
Nico, do you consider that important enough for a s-s-u upload?
As avahi is mostly used on end-user desktop machines and this
feature is switched off by default (and I don't expect end-users and
typical desktop users to switch it on) I'd say no. I would be happy
if you upload a fixed package to stable and oldstable directly.
Please raise your voice if you have a different opinion about that!
While I agree that avahi-daemon is mostly used on end-user
workstations with the reflector disabled, anyone who intentionally
enables the reflector is obviously operating in a fundamentally
different environment (e.g. multi-homed router) and it is precisely
that environment which elevates the risk of exposure.
In other words, while I agree the risk to desktop users is minimal and
doesn't merit special handling, the risk to other users is much higher
and I hope you will also take them into account.
I suspect the at-risk category of users will particularly include
enterprise networks[1].
Sincerely,
Rob Leslie
r...@mars.org
[1] See for example this fellow at Disney who seems to have been
unknowingly bitten by this bug:
http://lists.freedesktop.org/archives/avahi/2008-March/001325.html
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
