package: libjs-jssip
tags: security

Hi Daniel,

thanks for working on usuable + secure RTC in the webbrowser!

During your presentation at the Paris mini-debconf I just learned that your 
libjs-jssip leaks all networks to the sip server (or calling party), which I 
consider a privacy violation (which has been implemented to improve the user 
experience by allowing the application to choose the best network connection).

Still, if I connect via route $X I expect this software not to leak my other 
routes, which might contaĆ­n sensitive information.

In the talk you said it was trivial to comment out these lines, so I'm asking 
you to do this by default and optionally allow it.


cheers,
        Holger 

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to