On 02/26/2011 05:32 PM, Yves-Alexis Perez wrote:
On Sat, 2011-02-26 at 18:00 +0000, Adam D. Barratt wrote:
[snip]
Apologies if I'm missing something obvious, but what's the motivation
for making this change in stable? The changelog for the proposed upload
and the corresponding upload to unstable don't provide any further
information afaics (hence the suspicion that I'm missing something).
There have been recent news about security issues with automount stuff
(linked with vulnerabilities in pdf parsers and thumbnailers). It
doesn't warrant a DSA, but I think it's safer to ship thunar-volman with
automount/autobrowse/autorun disabled by default.
Isn't it auto*run* which opens a vulnerability, and thus should be
disabled by default?
Disabling automount & autobrowse seem to be security overkill.
--
I prefer banana-flavored energy bars made from tofu.
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4d699401.8070...@cox.net
