package: onionshare tags: security severity: serious x-debbugs-cc: u...@451f.org, Micah Lee <mi...@micahflee.com>
Hi,
first of all: thanks for all your work on anonymity related tools! Much
appreciated!
I've just sponsored Ulrikes onionshare 0.5-1 package to Debian sid, where it
currently awaits NEW processing (=ftpmasters checking whether a new package is
fine).
Ulrike told me that onionshare only sets up a http webserver, not an https
one, which I consider a security issue of such a severity, that I don't think
we should ship onionshare as part of the Debian jessie release. (As it doesn't
match the quality standards we expect in Debian.)
Thus this bug report, which will prevent the migration of onionshare to
Jessie.
Micah, if this observation is wrong (a quick look at the code didn't support
this though), please tell. I'd love to close this bug immediatly ;-)
cheers,
Holger, who would love to see onionshare in Jessie!
(As the package is not yet in the archive, this bugreport will first be
assigned to the bugs of packages with no maintainer and automatically be
reassigned to onionshare, once it has entered the archive....)
signature.asc
Description: This is a digitally signed message part.
