[Pkg-chromium-maint] Bug#786909: chromium: unconditionally downloads binary blob

Christoph Anton Mitterer calestyo at scientia.net
Tue Jun 16 13:15:06 UTC 2015


On Tue, 2015-06-16 at 00:49 -0400, Michael Gilbert wrote:
> Barring the obtusely incorrect rootkit miscategorization

Well, as I've said,.. no one can really tell what it is, since it's a
blob,... and even if one would assume that someone could correctly
reverse engineer it, or reproducibly build it from public sources,
there's absolutely no guarantee that malicious software might have been
just distributed to selected people.


> oss-sec is a
> far better venue for discussion since Debian is not the only
> distribution that includes chromium 43 .

I don't see how that would practically ever change something at the
Debian level; this seems rather like simply pushing away and unpleasant
issue.
And just because all other distros ship software which injects possibly
malicious blobs, we don't have to do the same.


Anyway, I haven't said that banning such software from Debian would be
the only solution... but at least these incidents come far too frequent
recently, so apparently something needs to be done at Debian level to
pro-actively prevent future cases/compromises like this.


And there's still no single sign of properly visible announcements to
user what might have happened here. :(


Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-chromium-maint/attachments/20150616/067b92e4/attachment.bin>


More information about the Pkg-chromium-maint mailing list