[Pkg-utopia-maintainers] Bug#517683: Bug#517683: avahi-daemon: reflector creates packet storm on legacy unicast traffic
Rob Leslie
rob at mars.org
Thu Mar 19 18:56:53 UTC 2009
On Mar 19, 2009, at 10:20 AM, Nico Golde wrote:
>> Nico, do you consider that important enough for a s-s-u upload?
>
> As avahi is mostly used on end-user desktop machines and this
> feature is switched off by default (and I don't expect end-users and
> typical desktop users to switch it on) I'd say no. I would be happy
> if you upload a fixed package to stable and oldstable directly.
> Please raise your voice if you have a different opinion about that!
While I agree that avahi-daemon is mostly used on end-user
workstations with the reflector disabled, anyone who intentionally
enables the reflector is obviously operating in a fundamentally
different environment (e.g. multi-homed router) and it is precisely
that environment which elevates the risk of exposure.
In other words, while I agree the risk to desktop users is minimal and
doesn't merit special handling, the risk to other users is much higher
and I hope you will also take them into account.
I suspect the at-risk category of users will particularly include
enterprise networks[1].
Sincerely,
Rob Leslie
rob at mars.org
[1] See for example this fellow at Disney who seems to have been
unknowingly bitten by this bug:
http://lists.freedesktop.org/archives/avahi/2008-March/001325.html
More information about the Pkg-utopia-maintainers
mailing list