Coin, Arc <[EMAIL PROTECTED]> writes:
> You are incorrect. This bug is part of py2play's API, it is unlikely it > will be fixed without a complete rewrite, which is unlikely since it's > developer has abandoned it acknowledging it's faulty design (using TCP) > and security problems. I do not understand why i'm incorrect out of your explanation... Py2play must die, but it is NOT currently possible. Slune needs py2play main loop to work at all, and this fix preserve the loop while deactivating the network mode, thus removing the security flaw. So, thi bug _IS_ fixed. Rewrite happening or not is not my problem, this is upstream's choice ; Slune, the only program in Debian using py2play, can work nicely without network mode, and thus everything is fine. Tofu is another problem and is not packaged yet. I'll try to get the author to readd a proper network mode when a revised tofu or another implementation is correctly done, or if i cannot, push him to take the py2play depends away and remove the package completly. Fact is we cannot remove a package from a released version (Sarge) and such a fix handle the problem with a very short amount of diff lines, making security team happier. I should add a warning in the py2play description to avoid ppl using this pkg. If you still think i'm wrong, what would you do to handle the problem then ? -- Marc Dequènes (Duck)
pgpkBtjAJ1S6i.pgp
Description: PGP signature
