Debian Bug report logs - #137480
lynx: ftp anonymous password

version graph

Package: lynx; Maintainer for lynx is Atsuhito KOHDA <kohda@debian.org>; Source for lynx is src:lynx-cur.

Reported by: eperez@dei.inf.uc3m.es

Date: Sat, 9 Mar 2002 15:48:01 UTC

Severity: normal

Tags: confirmed, fixed-upstream, patch, upstream

Fixed in version lynx/2.8.6-1

Done: warp@debian.org (Zephaniah E. Hull)

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, James Troup <james@nocrew.org>, lynx-ssl@packages.qa.debian.org:
Bug#137480; Package lynx-ssl. Full text and rfc822 format available.

Acknowledgement sent to eperez@dei.inf.uc3m.es:
New Bug report received and forwarded. Copy sent to James Troup <james@nocrew.org>, lynx-ssl@packages.qa.debian.org. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: eperez@dei.inf.uc3m.es
To: submit@bugs.debian.org
Subject: lynx: ftp anonymous password
Date: Sat, 9 Mar 2002 15:34:56 +0000
[Message part 1 (text/plain, inline)]
Package: lynx-ssl
Version: 2.8.4.1b-3
Tags: patch

I've seen that lynx sends the user name when doing ANONYMOUS ftp gets.
I see a lot of problems:
- Sending the user name if the user doesn't know that it's sent doesn't protect the user state of ANONYMOUS
- Spyware is not a good idea, most users don't like it.
- Sending the user name helps SPAM instead of stopping it. Many ftp sites use this information to send you unsolicited email.
- Sending the user name doesn't help ftp sites to know who the cracker is, crackers are not stupid to send their email address.
- Sending the user name can be used to discriminate the user.

By all of these reasons I argue that lynx to don't
send the user email by default.

Some time ago two very important ftp clients wget and
lftp stopped sending the user name as password based on
my input.

As more and more ftp clients are moving to this
anonymous@ password (for example the kde kio ftp, qt3,
gnome-xml, perl's Net::FTP, python's ftplib.py)
I recommend you to apply the patch.

I send you the bugfix.
[lynx_nospam.diff (text/plain, attachment)]

Bug reassigned from package `lynx-ssl' to `lynx'. Request was from James Troup <james@nocrew.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: upstream Request was from James Troup <james@nocrew.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: confirmed Request was from James Troup <james@nocrew.org> to control@bugs.debian.org. Full text and rfc822 format available.

Message sent on to eperez@dei.inf.uc3m.es:
Bug#137480. Full text and rfc822 format available.

Message #14 received at 137480-submitter@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 137480-submitter@bugs.debian.org
Subject: re: #137480 - lynx: ftp anonymous password
Date: Thu, 30 Dec 2004 07:40:44 -0500
[Message part 1 (text/plain, inline)]
This is addressed in lynx 2.8.6dev.9

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Tags added: fixed-upstream Request was from Justin Pryzby <justinpryzby@users.sourceforge.net> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to warp@debian.org (Zephaniah E. Hull):
You have taken responsibility. Full text and rfc822 format available.

Notification sent to eperez@dei.inf.uc3m.es:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #21 received at 137480-close@bugs.debian.org (full text, mbox):

From: warp@debian.org (Zephaniah E. Hull)
To: 137480-close@bugs.debian.org
Subject: Bug#137480: fixed in lynx 2.8.6-1
Date: Tue, 01 May 2007 06:17:03 +0000
Source: lynx
Source-Version: 2.8.6-1

We believe that the bug you reported is fixed in the latest version of
lynx, which is due to be installed in the Debian FTP archive:

lynx_2.8.6-1.diff.gz
  to pool/main/l/lynx/lynx_2.8.6-1.diff.gz
lynx_2.8.6-1.dsc
  to pool/main/l/lynx/lynx_2.8.6-1.dsc
lynx_2.8.6-1_amd64.deb
  to pool/main/l/lynx/lynx_2.8.6-1_amd64.deb
lynx_2.8.6.orig.tar.gz
  to pool/main/l/lynx/lynx_2.8.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 137480@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Zephaniah E. Hull <warp@debian.org> (supplier of updated lynx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 01 May 2007 01:43:17 -0400
Source: lynx
Binary: lynx
Architecture: source amd64
Version: 2.8.6-1
Distribution: unstable
Urgency: low
Maintainer: Zephaniah E. Hull <warp@debian.org>
Changed-By: Zephaniah E. Hull <warp@debian.org>
Description: 
 lynx       - Text-mode WWW Browser
Closes: 40435 67184 99400 120451 121520 132674 137480 141158 147287 152810 157088 171312 184482 188415 193205 204994 240237 244871 248092 252915 254515 265031 268264 271048 304989 313789 315853 318034 325478 343049 344275 374388 390918
Changes: 
 lynx (2.8.6-1) unstable; urgency=low
 .
   * Hijack the package.  I might not be great at it, but I do use it daily.
   * New upstream release.
     Closes: #254515, #137480, #67184, #99400, #132674, #141158, #40435,
     #120451, #157088, #204994, #244871, #248092, #268264, #271048, #318034,
     #343049, #390918, #240237, #313789, #171312, #193205, #252915, #265031,
     #121520, #152810, #188415, #344275, #374388, #184482, #315853
   * Uses the new upstream defaults. Closes: #325478, #147287.
   * Update 01_default-config.dpatch. (Offset changes only.)
   * Update 02_default-key-bindings.dpatch. (Upstream formatting changes.)
   * Kill 03_newer_gnutls.dpatch entirely.
     This was fixed upstream.  But this is also a GPL violation as we only ship
     the patch to configure, and not to configure.in, the source file.
   * Kill 04_CVE-2004-1617.dpatch. (Merged into upstream.)
   * Disable 05_FTBFS_on_GNUHurd_and_GNUkBSD (Upstream changes, file new bug if
     we FTBFS again.)
   * Removed configure arguments:
     --enable-8bit-toupper - Removed, no longer exists.
     --enable-persistent-cookies - Enabled by default.
     --enable-prettysrc - Enabled by default.
     --enable-source-cache - Enabled by default.
     --enable-read-eta - Enabled by default.
   * Added configure arguments:
     --enable-nsl-fork - fork NSL requests, allowing them to be aborted
     --enable-justify-elts - use element-justification logic
   * Update the contents and location of lynx.desktop. Closes: 304989.
   * Other things will be handled by later uploads, patches welcome.
Files: 
 5f2a3005f67b144c6093ae875957d5fe 605 web optional lynx_2.8.6-1.dsc
 2158041a3fdb5d094831da2c82cfcaba 3195728 web optional lynx_2.8.6.orig.tar.gz
 24699d4e88618f94d9dd2b3e88ca41ef 15521 web optional lynx_2.8.6-1.diff.gz
 e44c39690127312aa16149da5356ce4b 2010044 web optional lynx_2.8.6-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGNtYKRFMAi+ZaeAERAn6nAJ0SiaGd5zI4mt+sknbcH7M2/GWA1gCg2otr
gDdwPYjAsyQXG/udwapEPGA=
=6Lmp
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 04 Jul 2007 08:21:49 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 13:29:15 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.