Commit e8ac8b72 authored by 127.0.0.1's avatar 127.0.0.1 Committed by amnesia
Browse files

gajim plugininstaller: debian package

parent e6ab571e
......@@ -94,4 +94,4 @@ reconsidering after updating this blueprint ([[!tails_ticket 11686]]).
People from Security-in-a-Box have used it successfully in Tails.
Gajim ships with a plugin called "plugin installer" which allows a user to download new plugins. This sounds suspicious for security, because plugins are pieces of code running with full privilege. The implementation in Debian use unverified TLS connection, which is very very open to MITM. The development version has switched to verified HTTPS connection and is trying to make it more robust.
However, I think that Tails should not ship this plugin at all: it allows a user to download code without needing sudo
However, I think that Tails should not ship this plugin at all: it allows a user to download code without needing sudo. We could work debian-side to separate gajim-plugininstaller in a separate package so that Tails can choose not to install it?
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment