1 |
Hi, |
2 |
|
3 |
it's true that zoom is currently getting a lot of attention. It all |
4 |
started with the iOS application using Facebook SDK to provide login |
5 |
through Facebook and their TOS/privacy statement. |
6 |
|
7 |
That triggered a lot of (security) researchers who are currently sitting |
8 |
at home like most people in western world with a lot of time. If |
9 |
upstream will address all problems this will become one of the best |
10 |
(free-)audited conference software available ;-) |
11 |
|
12 |
For this discussion please keep in mind that there are multiple versions |
13 |
for different platforms. Not every platform is affected by all reported |
14 |
problems. |
15 |
|
16 |
Regarding zoom and Gentoo: net-im/zoom doesn't require any special |
17 |
handling in Gentoo. Package is not even marked stable. We have a lot of |
18 |
vulnerable packages... |
19 |
|
20 |
If problems will get confirmed for the available Linux version and |
21 |
upstream won't provide a fix within ~12 months (depends on severity of |
22 |
reported vulnerabilities) we maybe decide to last-rite or apply a mask |
23 |
to force user awareness through forced unmask action in case they need |
24 |
that software. But again, this software isn't special and doesn't |
25 |
require further discussion from our P.O.V. |
26 |
|
27 |
|
28 |
-- |
29 |
Regards, |
30 |
Thomas Deutschmann / Gentoo Security Team |
31 |
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 |