Your message dated Fri, 4 Aug 2017 15:13:05 +0200 with message-id <20170804131302.qels2wtf3q5cq...@mapreri.org> and subject line Re: Bug#870707: jenkins: phones home to jenkins-ci.org has caused the Debian Bug report #870707, regarding jenkins: phones home to jenkins-ci.org to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870707: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870707 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: jenkins Version: 1.565.3-6 Severity: serious Justification: privacy violation The start page of a Debian Jenkins installation contains: | loadScript("https://usage.jenkins-ci.org/usage-stats.js?rIKhpWpB5l4HTZ/rzJD6gKBXbClwgYoYPWtKlXjDxzfkmq32joLOGhUDBJKufyaNjMblCx2ATGQ9eMUPcRFASSK90+AShIZZDG3sMAa5qL/RR+zsuPsP9DIkz9ewNII6iUq10T6fyVJIPmE9+GuZeolpvr0PwSA1iqJGoKCoNIhq6Zm6i2ez68UknmZg5nAHyjRgNp2V9Kn0nh7R4qPAokmDGpYhcUGwWdNy8yaa1NbYkh5ZaI0Gml6MAADnYfzVTylE5n54s+obrpXvBo4JObfAKn0jck4FBD6PhuGpknC1m5gnEqIg+GTPBLgyyOYQU5gyIxs3/ARPu1bvO1G0ckPJKtaA5RH147DgTw3Xu2cCEgvBoQsRKbnTmaHbaPun28dB4fTQJ7xHXLg6uPpm3t7btEa/WWsARgPcpfUGM/fNyP8Y8cHivOFV+UPgGQr575Dl03/lPQ+SHNqp+swb5E0WlHoElw+MPuOw5OZMfwtfBrz0g4PZFt/eRaWmr6mTo/KKvKIENigR3V4/6cDyuuw8iVAowzFeoVkENawlVO8ZJYgreEPYOFhX1JDNrQrS9zE1ztrtERGi02ThaDONkPoedIFbV8qr27J7bVf8/cwWoEmr3ZVHX6KYbC1JUMefOyQML0c9GC0BsJEt11P5cYmsYjim0btNjSYgKTmITmeB8pgkBCPz27AdpYy4MDSS9ESfLqJPqVTbdc2I5JKdw7OKS9x1Se4sFvaD+h1YSkw2S/PXulhBkc/IsQgdNt8WNf9dqisS4kO1P50oSy94FkA07MnZMkf8MKunNLSossH2YrmpXA1rll/tBEyb+931r7OT8IOgLi4bFvBjxNtpe0nkxCWNPpXHPuCoI0YGp8mqiS8EybO2bG/Gbc/WawglQG8oNc9wXcKznmtBjabn1TX/QK+Pas6q6UjS 6GUuah6rNRuZMK7F9IwfL17DHVmC32uln0wGaO8Q5xQI4/RrVRwLdt3I4jc9fzvrGQNsAej/1uP9Ge+9Jwgj3u2muQVN"); This is clearly a privacy violation, caught by RequestPolicy thankfully. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.11.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages jenkins depends on: ii adduser 3.115 ii daemon 0.6.4-1+b2 ii default-jre-headless [java6-runtime-headless] 2:1.8-59 ii jenkins-common 1.565.3-6 ii net-tools 1.60+git20161116.90da8a0-1 ii openjdk-8-jre-headless [java6-runtime-headless] 8u141-b15-3 ii procps 2:3.3.12-3 ii psmisc 23.1-1 jenkins recommends no packages. jenkins suggests no packages. -- Configuration Files: /etc/default/jenkins changed: NAME=jenkins JAVA=/usr/bin/java JAVA_ARGS="-Xmx4096m -Dfile.encoding=UTF-8 -Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=-1" PIDFILE=/var/run/jenkins/jenkins.pid JENKINS_USER=maven JENKINS_ROOT=/usr/share/jenkins JENKINS_WAR=/usr/share/jenkins/jenkins.war JENKINS_HOME=/var/lib/jenkins JENKINS_RUN=/var/run/jenkins RUN_STANDALONE=true JENKINS_LOG=/var/log/jenkins/$NAME.log MAXOPENFILES=8192 HTTP_PORT=-1 AJP_PORT=8109 HTTP_HOST=127.0.0.1 AJP_HOST=127.0.0.1 JENKINS_ARGS="--webroot=$JENKINS_RUN/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT" JENKINS_ARGS="$JENKINS_ARGS --httpListenAddress=$HTTP_HOST --ajp13ListenAddress=$AJP_HOST" JENKINS_ARGS="$JENKINS_ARGS --preferredClassLoader=java.net.URLClassLoader" JENKINS_ARGS="$JENKINS_ARGS --prefix=/jenkins/" export LC_ALL=C.UTF-8 JAVA_ARGS="$JAVA_ARGS -Dorg.apache.commons.jelly.tags.fmt.timeZone=Europe/Berlin" -- no debconf information
--- End Message ---
--- Begin Message ---On Fri, Aug 04, 2017 at 12:42:14PM +0000, Thorsten Glaser wrote: > Package: jenkins > Version: 1.565.3-6 > Severity: serious > Justification: privacy violation the jenkins package has been removed from the debian archive more than one year ago, hence closing this bug. BTW, if you are running that version you have probably more pressing concerns (a lot of security bugs that have been closed in the last couple of years) than phoning home :) -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
--- End Message ---
