Summary: | ebuild addition: dev-python/tofu | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Robert Schuster <theBohemian> |
Component: | New packages | Assignee: | Python Gentoo Team <python> |
Status: | RESOLVED WONTFIX | ||
Severity: | enhancement | Keywords: | EBUILD |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://home.gna.org/oomadness/en/tofu/index.html | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | ebuild for tofu-0.2 |
Description
Robert Schuster
2005-09-06 14:01:56 UTC
Created attachment 67768 [details]
ebuild for tofu-0.2
Please comment on this ebuild. For me this made Balazar 0.2 work flawlessly.
twisted is part of the python herd. I'd prefer the python group maintains this one as well. http://bugs.gentoo.org/show_bug.cgi?id=103524 This package has a severe security issue, the same as py2play but slightly less severe as Tofu isn't p2p (yet). However, a server can still execute arbitrary code on a client (and possibly vice versa). My recommendation is to include a "kludge" Tofu which disables this functionality leaving clients which require it as if they were offline. This problem is documented on the Soya wiki frontpage (and has for some time): http://soya.literati.org/ Not adding this ebuild with the current security issues. Reopen bug if those issues are ever fixed properly. |