← Back to context

Comment by npteljes

5 hours ago

I agree with you, this is not an X11 issue, it's a "why are we letting software like this in the repository" issue. The kind of lax attitude towards security I'd expect from a random AUR package, not in the Debian repo.

4 comments

npteljes

Reply
aragilar  5 hours ago

It's been in Debian for more than 20 years (see changelog here: https://tracker.debian.org/media/packages/s/stardict/changel...). It's not clear to me if said "autosend off clipboard contents" has been in there the whole time though.

  • npteljes  5 hours ago

    Data leaking bug reported as early as 2009: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534731 , so it's not looking rosy.

    • aragilar  5 hours ago

      Which is interesting (as according to the LWN article) it seems like the general issue of what is sent is an ever-present one for StarDict, as apparently the earlier issue was around the defaults for all dictionaries, whereas the new issue is around a specific plugin.

      Personally, if I was using (or a maintainer of) a dictionary tool which autoreads the clipboard (or any dictionary tool), I'd be checking what it is doing and considering whether it is what I would want to use.

      1 reply →