Bug#778947: Program calls home to check for updates

Robie Basak robie at justgohome.co.uk
Sun Feb 22 00:15:43 UTC 2015


Package: sweethome3d
Version: 4.3+dfsg-2
Severity: serious

I've only tested 4.3+dfsg-2 (through Ubuntu 14.04), but I see nothing in
changelogs to suggest that this behaviour has changed more recently.

By default, sweethome3d calls home by making an HTTP request to
http://www.sweethome3d.com/SweetHome3DUpdates.xml. This is a privacy
leak.

It is configurable once the program is started, however.

Expected behaviour: in Debian, this should be patched to be turned off
by default.

Serious severity justification: I cannot find a reference, but I believe
that this is frowned upon enough in Debian to make the package unfit for
release. If I'm wrong, I'm happy to be corrected.

Thanks,

Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20150222/58f151b7/attachment.sig>


More information about the pkg-java-maintainers mailing list