Mailinglist Archive: opensuse-factory (244 mails)

< Previous Next >
Re: [opensuse-factory] OpenSLP and package openldap2
On Sat, Jul 14, Michael Ströder wrote:

Given recent OpenSLP security issue I wonder whether package openldap2
should still be linked with OpenSLP. IMO the OpenSLP projects seems pretty
dead and I suspect there might be more issues in that lib.

OpenSLP can be very helpfull, if the admin does active maintain the
setup. I know some of this setups. But most admins don't do so, and
so it can become a real risk. And here I know even much more setups.

I think enabling applications to allow the usage of openslp is ok,
but they should not use it by default if the admin does not give
his Ok.

Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & CaaSP
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg)
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >