[Nix-dev] Re: [Nix-commits] SVN commit: nix - 12995 - ludo - in nixpkgs/trunk/pkgs: development/libraries development/libraries/libupnp top-level

Ludovic Courtès ludo at gnu.org
Wed Oct 8 10:09:42 CEST 2008


Hi,

Armijn Hemel <armijn at uulug.nl> writes:

> hiya,
>
>> Log:
>> Add libupnp, a UPnP implementation.
>
> Urgh. I suggest we add a meta.pkgCrapLevel for this one.
>
> Seriously, you want to replace it with pupnp (the forked and
> *maintained* version of this library): pupnp.sourceforge.net

Can you provide a bit of explanation?  Is pupnp API-compatible?  The
thing is software (aMule in this case) actually uses libupnp.

> UPnP security is a bit of a hobby horse for me:
> http://www.upnp-hacks.org/

I see.  :-)

It's not clear from the front page whether the security issues you are
concerned about stem from implementation flaws (such as buffer
overflows, which you mention on another page) or protocol flaws (which
you mention in the paragraph that starts with "In May 2006").  If the
latter, it would be great to emphasize it after "very little has
changed", IMO.

Thanks,
Ludo'.




More information about the nix-dev mailing list