Github messages for voidlinux
 help / color / mirror / Atom feed
From: notramo <notramo@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: Package request: RustDesk
Date: Fri, 27 Jan 2023 19:05:15 +0100	[thread overview]
Message-ID: <20230127180515.rPPi6Ew37HFetKaSXD8_UuRN-IMzHX0gzhxBYP1GBz0@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-41107@inbox.vuxu.org>

[-- Attachment #1: Type: text/plain, Size: 1061 bytes --]

New comment by notramo on void-packages repository

https://github.com/void-linux/void-packages/issues/41107#issuecomment-1406897199

Comment:
https://forum.f-droid.org/t/known-vuln-rustdesk/18793
This links to https://github.com/rustdesk/rustdesk/issues/225
Even the comments in the code are written in CJK.

Also, a quick search to "rustdesk encryption issue" helped me to find this:
https://github.com/rustdesk/rustdesk/issues/451
The devs doesn't seem to be transparent enough about this issue. They just said to “upgrade to fix it”. They didn't provide a possible reason for the issue. That's not how security vulnerabilities are managed. The lack of explanation makes one think that it was an intentional backdoor, which got noticed, and they simply removed it in the next release.

There are not enough people to keep an eye on the project, which would be necessary, given their track record. It's worth adding an installation warning to the package if it will be packaged in Void Linux. I would personally recommend not packaging it at all.

  parent reply	other threads:[~2023-01-27 18:05 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-15 12:44 [ISSUE] " MechDR
2023-01-05 19:36 ` notramo
2023-01-25 15:23 ` MechDR
2023-01-27 18:05 ` notramo [this message]
2023-01-30 17:55 ` MechDR
2023-02-04  4:44 ` superiums
2023-02-08 21:02 ` notramo
2023-02-09 20:00 ` MechDR
2023-02-09 21:38 ` notramo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230127180515.rPPi6Ew37HFetKaSXD8_UuRN-IMzHX0gzhxBYP1GBz0@z \
    --to=notramo@users.noreply.github.com \
    --cc=ml@inbox.vuxu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).