[Nix-dev] Re: [Nix-commits] SVN commit: nix - 12995 - ludo - in nixpkgs/trunk/pkgs: development/libraries development/libraries/libupnp top-level
Armijn Hemel
armijn at uulug.nl
Wed Oct 8 18:02:58 CEST 2008
hiya,
> >> Log:
> >> Add libupnp, a UPnP implementation.
> >
> > Urgh. I suggest we add a meta.pkgCrapLevel for this one.
> >
> > Seriously, you want to replace it with pupnp (the forked and
> > *maintained* version of this library): pupnp.sourceforge.net
>
> Can you provide a bit of explanation? Is pupnp API-compatible? The
> thing is software (aMule in this case) actually uses libupnp.
It says so.
> > UPnP security is a bit of a hobby horse for me:
> > http://www.upnp-hacks.org/
>
> I see. :-)
>
> It's not clear from the front page whether the security issues you are
> concerned about stem from implementation flaws (such as buffer
> overflows, which you mention on another page) or protocol flaws (which
> you mention in the paragraph that starts with "In May 2006"). If the
> latter, it would be great to emphasize it after "very little has
> changed", IMO.
Ah, no, that's mostly in applications, though there are some
peculiarities when you want to some more "advanced" stuff with libupnp
(we can discuss that offlist). But there is a good reason why Intel has
moved to another library (the microstack) and abandoned libupnp ;-)
armijn
--
---------------------------------------------------------------------------
armijn at uulug.nl | http://www.uulug.nl/ | UULug: Utrecht Linux Users Group
---------------------------------------------------------------------------
More information about the nix-dev
mailing list