Packaging omission, also install "/etc/xdg/", or else authentication may be off in desktopcouch
Bug #438800 reported by
Chad Miller
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
desktopcouch (Ubuntu) |
Fix Released
|
Undecided
|
Chad Miller |
Bug Description
Binary package hint: desktopcouch
Since we're exposing user information to a network interface, we must take care to protect the information. Simply removing an option in a user's config file must not disable all security; it should be default-on, not default-off. We do this by adding a system config file that is read at desktopcouch startup.
This file is new, and was omitted from 0.4.2-0ubuntu1 .
This bug is not a grave security problem, as it requires user action in a nonobvious way. We shouldn't let non-beta users be exposed to the potential though.
Changed in desktopcouch (Ubuntu): | |
status: | New → Confirmed |
assignee: | nobody → Chad Miller (cmiller) |
To post a comment you must log in.
This bug was fixed in the package desktopcouch - 0.4.4-0ubuntu1
---------------
desktopcouch (0.4.4-0ubuntu1) karmic; urgency=low
* New upstream release.
+ Include doc "txt" and translation files in sources.
+ couchgrid does not correctly retrieve record id (LP: #447512)
+ couchgrid selected_records property is buggy and should be removed for
karmic if possible (LP: #448357)
desktopcouch (0.4.3-0ubuntu1) karmic; urgency=low
* Include compulsory-auth INI file to be secure by default. service "ValueError: dictionary update sequence..." on
(LP: #438800)
* Make debhelper warn about files not installed to some package.
* Shorten debhelper install paths using dh_install exlusions.
* New upstream release:
+ couchgrid did not correctly retrieve record id (LP: #447512)
+ HTTP 401 for valid auth information when talking to couchdb over SSL
(LP: #446516)
+ Support headless apps. (LP: #428681)
+ desktopcouch-
stdout(LP: #446511)
-- Chad MILLER <email address hidden> Mon, 12 Oct 2009 10:17:50 -0400