Bug#959805: libproxy1-plugin-mozjs: Passes invalid/corrupted strings to FindProxyForURL()
Iain Lane
laney at debian.org
Wed May 6 11:04:05 BST 2020
On Tue, May 05, 2020 at 06:35:28PM -0400, Jeremy Bicha wrote:
> On Tue, May 5, 2020 at 10:33 AM Simon McVittie <smcv at debian.org> wrote:
> > However, this plugin has a popcon of 108 installations (compared with 27K
> > for its webkit counterpart), wasn't shipped in buster, and I don't think
> > we consider mozjs68 to be safe for use with untrusted content (although
> > PAC is probably at least semi-trusted in any reasonable threat model);
> > so perhaps it should just be removed instead?
>
> Does anyone know if there is anything the mozjs plugin can do that the
> webkit can't?
>
> I'd prefer we only offer the webkit version.
I'd be OK with that. I only worked on the port because it was required
for the mozjs68 transition and evidently didn't test it enough! I asked
upstream for help testing / reviewing, but they apparently merged it
when it was broken, so that speaks to how much it's cared for there:
perhaps they would consider dropping it too.
Cheers,
--
Iain Lane [ iain at orangesquash.org.uk ]
Debian Developer [ laney at debian.org ]
Ubuntu Developer [ laney at ubuntu.com ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20200506/54a94362/attachment.sig>
More information about the pkg-gnome-maintainers
mailing list