On Sat, Jul 14, Michael Ströder wrote:
Given recent OpenSLP security issue I wonder whether package openldap2 should still be linked with OpenSLP. IMO the OpenSLP projects seems pretty dead and I suspect there might be more issues in that lib.
OpenSLP can be very helpfull, if the admin does active maintain the setup. I know some of this setups. But most admins don't do so, and so it can become a real risk. And here I know even much more setups. I think enabling applications to allow the usage of openslp is ok, but they should not use it by default if the admin does not give his Ok. Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & CaaSP SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org