security-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security-discuss] gnuradio project DoS attacks GNU wget users


From: Filip Brcic
Subject: Re: [security-discuss] gnuradio project DoS attacks GNU wget users
Date: Fri, 03 Mar 2017 19:38:29 +0100
User-agent: KMail/5.2.3 (Linux/4.8.0-40-generic; KDE/5.28.0; x86_64; ; )

Дана петак, 03. март 2017. у 11.08.26 CET, Richard Stallman написа:
> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> 
>   > even any browser more advanced than curl or wget), you would have
>   > noticed that those links are part of the dropbox which itself is
>   > part of the search field.
> 
> The use of Dropbox is a possible concern.  What job is Dropbox being
> used for, here?  Can you tell me where in the pages to find that?

Not the Dropbox online cloud service, just the dropbox as in a search input 
field with a combobox for selecting which part of the documentation is to be 
searched. I clearly used the wrong word, sorry for the misunderstanding.

>   > There is absolutely no way to make that functionality without
>   > javascript,
> 
> Nothing can justify sending users nonfree JS code, but it is
> acceptable for a GNU package web site to send Javascript code provided
> that code is free.  It is best if the site does function with JS
> disabled (it's ok if that is ugly; ugly is better than
> malfunctioning).
> 
> Can someone please tell me precisely where in the site this Javascript
> code appears?  Does it visibly carry a free license?  Is it
> distributed as true source code?

That JavaScript is part of the doxygen package. It is, therefore, licensed 
under GPL-2, but now that I've rechecked the code it does not visibly carry 
any license. It would probably be a good idea to ask doxygen to include some 
GPL header in every included JavaScript file.

>     The searchbox is the standard doxygen's searchbox which implements
>     documentation search in javascript to avoid having to have a search
> engine on the server. So, if you don't like that searchbox, go to
> doxygen.org and tell them.
> 
> You're saying that this Javascript code has somehing to do with
> doxygen.org.  What is the relationship between this Javascript code
> and doxygen.org?  Those words suggest multiple possibilities.

I think there is confusion as to which JavaScript is being talked about. The 
code mentioned here is the doxygen's JavaScript code for searching the 
documentations used by every documentation generated by doxygen (if user 
decides to use the search functionality which is on by default).

-- 
GPG fingerprint: 9AFC0A4BD2CEF3D22CF6108196577BD3C105EDA4
Please read if you don't use GPG: https://emailselfdefense.fsf.org/

Attachment: signature.asc
Description: This is a digitally signed message part.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]