On Sat, Mar 04, 2006 at 11:07:25AM +0100, Loïc Minier wrote:
>  I'm doing my final pass on the deb-sec part of this discussion, I don't
>  intend to participate much further, no new arguments are popping up.

Quite sincerily, this discussion is getting nowhere. There are sufficient
arguments in this discussion to drive a truck through a wall, you just don't
want to heed them.

Some facts:

- rhythmbox does not mention music sharing *at*all* in the package
  description. Even the GUI doesn't mention this (when starting it up
  for the first time) nor the documentation (in it's 'Introduction')

- rhythmbox does not work properly if the discovery service (provided by
  ahavi-daemon) is not installed [1]

- music sharing on the same LAN is not something most desktop users want to
  do (most households in European countries have a single PC per household)

- (history shows...) network services, even if properly designed, are open to
  exploitation (the "all software has bugs" corollary)


- a default GNOME install should *not* install a network service, even if that
  enabled new features to the users. Consequently, if rhythmbox is part of
  the GNOME task, it should not pull in ahavi-daemon automatically 
  (a "Recommends:" is automatic for aptitude, not for apt-get, and aptitude
  is the tool we suggest in our Release Notes for upgrades)

- if rhythmbox has to be a part of the GNOME task, it should lower the
  ahavi-daemon dependency to a Suggests:

- rhythmbox should be fixed, if it doesn't work without ahavi-daemon, to
  popup a window when you try to share music [2] and tell the user what 
  steps it needs to take to enable that

I'm CC'ing this to the bug report and open bugs to rhythmbox accordingly.



[1] Or so does "Loïc Minier" say, whileas, I've found that I only see this
    when starting it up and all the features work just fine for me:
(rhythmbox:25826): Rhythmbox-WARNING **: Unable to start mDNS browsing

[2] It currently just says this when you set this on the Preferences:

(rhythmbox:25826): Rhythmbox-WARNING **: Unable to notify network of
music sharing

Attachment: signature.asc
Description: Digital signature

Reply via email to