Security leak: Public disclosure of user data without their consent by installing software via pkg
sblachmann at gmail.com
Tue Apr 6 01:11:34 UTC 2021
I had a very distressing experience today.
I installed a package to view its scripts (and *not* to run them!).
I was shocked when pkg told me that my system configuration, including
which packages and their versions are installed on my system, has been
sent to an external entity, without asking for my content.
This is a security leak as well as a breach of EU data protection
rules, but above all, it is a breach of trust of the unsuspecting
Read this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251152
And read my experience in this and the following forum posts:
If this does not get fixed in short time, I will contact ArsTechnica,
TheRegister and some other reputed IT news outlets, to create public
pressure to get the issue resolved.
So please get this fixed and report back.
More information about the freebsd-security