Package: pootle Version: 2.0.1-2 This is a little security problem, which should be at least documented in README.Debian:
If one opens the pootle server start page one can see information without being logged in. E.g. everyone can see "Latest News" and "Top Contributors". Furthermore the page https://myserver/mypootle/accounts/ shows a list of all user names with first and last name to the world. This means that e.g. in a company environment access to pootle (at least the current Debian version) must be restricted by further measures. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org