| 1 |
Hi, |
| 2 |
|
| 3 |
it's true that zoom is currently getting a lot of attention. It all |
| 4 |
started with the iOS application using Facebook SDK to provide login |
| 5 |
through Facebook and their TOS/privacy statement. |
| 6 |
|
| 7 |
That triggered a lot of (security) researchers who are currently sitting |
| 8 |
at home like most people in western world with a lot of time. If |
| 9 |
upstream will address all problems this will become one of the best |
| 10 |
(free-)audited conference software available ;-) |
| 11 |
|
| 12 |
For this discussion please keep in mind that there are multiple versions |
| 13 |
for different platforms. Not every platform is affected by all reported |
| 14 |
problems. |
| 15 |
|
| 16 |
Regarding zoom and Gentoo: net-im/zoom doesn't require any special |
| 17 |
handling in Gentoo. Package is not even marked stable. We have a lot of |
| 18 |
vulnerable packages... |
| 19 |
|
| 20 |
If problems will get confirmed for the available Linux version and |
| 21 |
upstream won't provide a fix within ~12 months (depends on severity of |
| 22 |
reported vulnerabilities) we maybe decide to last-rite or apply a mask |
| 23 |
to force user awareness through forced unmask action in case they need |
| 24 |
that software. But again, this software isn't special and doesn't |
| 25 |
require further discussion from our P.O.V. |
| 26 |
|
| 27 |
|
| 28 |
-- |
| 29 |
Regards, |
| 30 |
Thomas Deutschmann / Gentoo Security Team |
| 31 |
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 |
Archives