Project

General

Profile

Privacy issue #2622

Privacy issue #2619: Refactor [nonprism]

Housekeeping #2626: Create a consice requirement specification for packages in "your-privacy"

Reevaluate libgdata

theova - 5 months ago - . Updated 5 months ago.

Status:
confirmed
Priority:
discussion
Assignee:
-
% Done:

0%


Description

From the projects website [1]

libgdata is a GLib-based library for accessing online service APIs using the GData protocol — most notably, Google's services. It provides APIs to access the common Google services, and has full asynchronous support.

libgadata is in your-privacy-blacklist.txt (formerly known as your-coherance-blacklist.txt) since commit 8d91f458f9cf466b20438d45454b90281345230e [2].
The mentioned reason in the package:

provides support for unsafe and dangerous for privacy services

I tried to find some security issues related to it, but the ones I found (such as [3]) were closed before libgdata was blacklisted.
I looked also at parabola's mailing list at that time, but could not find more informations.
Probably the reason for blacklisting it is the google dependency. I think this could be a good moment to re-evaluate libgdata and (at least) clearly state why it is blacklisted.

Packages that depend on libgdata and are blacklisted today:

Package Replacement in [nonprism] Notes
claws-mail x
eog-plugins x
evolution-data-server x
gnome-documents
gnome-online-miners provides support for Facebook, Flickr, Google and SkyDrive
gnome-photos
grilo-plugins x
libgdata
shotwell contains support for Facebook, Flickr, Picasa, Tumblr, Yandex and Youtube (Note: Youtube option has support for registered users only)

[1]: https://wiki.gnome.org/Projects/libgdata
[2]: https://git.parabola.nu/abslibre/blacklist.git/commit/?id=8d91f458f9cf466b20438d45454b90281345230e
[3]: https://seclists.org/fulldisclosure/2012/Jun/18

History

#1

Updated by theova 5 months ago

  • Parent task changed from #2619 to #2626

Also available in: Atom PDF