Mailinglist Archive: opensuse-factory (244 mails)

< Previous Next >
Re: [opensuse-factory] OpenSLP and package openldap2
On Sat, Jul 14, Michael Ströder wrote:

Given recent OpenSLP security issue I wonder whether package openldap2
should still be linked with OpenSLP. IMO the OpenSLP projects seems pretty
dead and I suspect there might be more issues in that lib.

OpenSLP can be very helpfull, if the admin does active maintain the
setup. I know some of this setups. But most admins don't do so, and
so it can become a real risk. And here I know even much more setups.

I think enabling applications to allow the usage of openslp is ok,
but they should not use it by default if the admin does not give
his Ok.

Thorsten
--
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & CaaSP
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg)
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
References