-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA224
On Wed, Jun 17, 2015 at 2:27 PM, Timothy Pearson
<kb9vqf(a)pearsoncomputing.net> wrote:
Perhaps
we need both "security advisories" and "privacy advisories" these
days?
Agreed. I would go so far as to say that a violation of privacy _is_ a
violation of security.
Having a package go out and grab something without my permission, or
knowledge, is a security hole.
Curt-
I agree in principle, however the current use of the phrase "security
advisory" tends to imply that some kind of advanced persistent threat
could be installed on the user's machine. From what I understand this is
not possible in this case due to NaCl's sandboxing, however it becomes a
security risk if any sensitive information is made available to the
sandbox (e.g. privileged human to human voice conversations near the
computer's microphone).
Yes, I'm nitpicking. :-)
Tim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iFYEARELAAYFAlWB1KgACgkQLaxZSoRZrGEhRQDdEclOJI27JEwWnrKVuog6Sr3Z
Hm9VtOWxAY+8PgDfbS24BHgCgtTIiiY1YrjRYQ0SGeEzoJkg3+Y4sw==
=XhXK
-----END PGP SIGNATURE-----