package: onionshare tags: security severity: serious x-debbugs-cc: u...@451f.org, Micah Lee <mi...@micahflee.com>
Hi, first of all: thanks for all your work on anonymity related tools! Much appreciated! I've just sponsored Ulrikes onionshare 0.5-1 package to Debian sid, where it currently awaits NEW processing (=ftpmasters checking whether a new package is fine). Ulrike told me that onionshare only sets up a http webserver, not an https one, which I consider a security issue of such a severity, that I don't think we should ship onionshare as part of the Debian jessie release. (As it doesn't match the quality standards we expect in Debian.) Thus this bug report, which will prevent the migration of onionshare to Jessie. Micah, if this observation is wrong (a quick look at the code didn't support this though), please tell. I'd love to close this bug immediatly ;-) cheers, Holger, who would love to see onionshare in Jessie! (As the package is not yet in the archive, this bugreport will first be assigned to the bugs of packages with no maintainer and automatically be reassigned to onionshare, once it has entered the archive....)
signature.asc
Description: This is a digitally signed message part.