Date: Fri, 22 Nov 2002 11:33:45 -0600 (CST) From: "Scott A. Moberly" <smoberly@karamazov.org> To: <gnome@FreeBSD.org> Cc: <freebsd-ports@FreeBSD.org> Subject: Re: SOUP Message-ID: <6131.65.221.169.187.1037986425.squirrel@mail.karamazov.org>
next in thread | raw e-mail | index | archive | help
> On Fri, 2002-11-22 at 12:17, Scott A. Moberly wrote: >> > On Fri, 2002-11-22 at 10:35, Scott A. Moberly wrote: >> >> The SOAP library SOUP is now required throughout the gnome >> structure. Given that gtkhtml requires it in the Makefile, but does not actually require it. Given the inherent security issues raised with SOAP. I was curious if it can be made optional. It could even be in the negative if you prefer; i.e. >> > >> > Maybe I've been out of it, but what security issues are we talking >> about? Can you site references? >> > >> > Joe >> > >> >> My main complaint lies simply with arbitrary access to data without the user (of the process) having direct control. Scary if it moves into root controlled processes. Other issues involve firewall >> slipthrough. Many other reason's can be found... google it with soap and security. > > I'd like to see some security advisories on this, particularly in relation to the one app known to use Soup: Evolution. So far, you are the only one to raise the issue. Okay... so what you are saying is that i have to wait for something to be broken and have a Security Advisory issued prior to having it optional. The protocol itself is flawed. The company that devised it (Microsoft) has not only warned of the firewall issue it has also issued Security additions (WS-Security) that are patented and thus potentially problematic. I would like to avoid the issue before it is raised: pro-active is the market-speak for this I believe. I am not asking the library to be removed; rather given an optional flag. Scott A. Moberly smoberly@karamazov.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-gnome" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6131.65.221.169.187.1037986425.squirrel>