Package: calibre Severity: normal Tag: security LWN noticed that calibre phones home on startup. http://lwn.net/Articles/456504/
Here is the relevant code: URL = 'http://status.calibre-ebook.com/latest' NO_CALIBRE_UPDATE = '-0.0.0' VSEP = '|' def get_newest_version(): br = browser() req = mechanize.Request(URL) req.add_header('CALIBRE_VERSION', __version__) req.add_header('CALIBRE_OS', 'win' if iswindows else 'osx' if isosx else 'oth') req.add_header('CALIBRE_INSTALL_UUID', prefs['installation_uuid']) version = br.open(req).read().strip() return version Auto-updating is of dubious value on Debian. But more importantly, this is a privacy violation involving a UUID that is specific to a given machine being posted (in the clear even) to a remote server whenever a user uses a program. -- see shy jo
signature.asc
Description: Digital signature
