On Wed, Dec 21, 2011 at 11:18 PM, Daniel Svensson <dsvens...@gmail.com> wrote: > On Wed, Dec 21, 2011 at 8:55 PM, Daniel Pocock <dan...@pocock.com.au> wrote: >> Package: xmms2-core >> Version: 0.7DrNo+dfsg-2 >> Severity: grave >> >> I've chosen the severity `grave' as it is suggested for issues that >> could "introduce a security hole allowing access to the accounts of >> users who use the package" >> http://www.debian.org/Bugs/Developer#severities >> >> Details: >> >> - in the default configuration, xmms2d is secured using UNIX domain >> sockets, this is reasonably secure >> >> - however, users may be tempted to enable TCP mode, which has no >> security at all > > Maybe you could add an apt question if the user is a licensed computer driver? > > http://en.wikipedia.org/wiki/European_Computer_Driving_Licence
A more serious reply... patches accepted for the man page. It would be totally ok if you want to warn that if you open a socket that has no authorization what so ever, any person can connect to it and do the same thing as you can do. -- Daniel Svensson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
