-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA224 > On Wed, Jun 17, 2015 at 2:27 PM, Timothy Pearson > <kb9vqf@...> wrote: >> Perhaps >> we need both "security advisories" and "privacy advisories" these days? > > Agreed. I would go so far as to say that a violation of privacy _is_ a > violation of security. > > Having a package go out and grab something without my permission, or > knowledge, is a security hole. > > Curt- I agree in principle, however the current use of the phrase "security advisory" tends to imply that some kind of advanced persistent threat could be installed on the user's machine. From what I understand this is not possible in this case due to NaCl's sandboxing, however it becomes a security risk if any sensitive information is made available to the sandbox (e.g. privileged human to human voice conversations near the computer's microphone). Yes, I'm nitpicking. :-) Tim -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iFYEARELAAYFAlWB1KgACgkQLaxZSoRZrGEhRQDdEclOJI27JEwWnrKVuog6Sr3Z Hm9VtOWxAY+8PgDfbS24BHgCgtTIiiY1YrjRYQ0SGeEzoJkg3+Y4sw== =XhXK -----END PGP SIGNATURE-----