Commit e6ab571e authored by's avatar Committed by amnesia
Browse files

gajim plugin installer (boyska)

parent df601f8a
......@@ -92,3 +92,6 @@ no IRC. Tickets were created and rejected some time ago
reconsidering after updating this blueprint ([[!tails_ticket 11686]]).
People from Security-in-a-Box have used it successfully in Tails.
Gajim ships with a plugin called "plugin installer" which allows a user to download new plugins. This sounds suspicious for security, because plugins are pieces of code running with full privilege. The implementation in Debian use unverified TLS connection, which is very very open to MITM. The development version has switched to verified HTTPS connection and is trying to make it more robust.
However, I think that Tails should not ship this plugin at all: it allows a user to download code without needing sudo
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment