As discussed in #847952: Suspend CVS account for Kaltura (spyware) the Kaltura module has a spotty history of spam SEO links, and undisclosed data collection.

These issues are being sorted out in #847952: Suspend CVS account for Kaltura (spyware). Until that issue is satisfactorily resolved, I suggest that the top of the project page contain the following text:

"Older versions of the Kaltura module contained hidden SEO links and an undisclosed iframe that collected site information during the install process. For a full review of these concerns, see this issue."

Once #847952: Suspend CVS account for Kaltura (spyware) gets resolved, this text can be removed from the project page.

I'm putting this here for community feedback. While I have the rights to just edit the page and add this in myself, I did not want to short circuit the ability of the community to provide feedback.

Comments

xurizaemon’s picture

xurizaemon
he/him
Location Ōtepoti, Aotearoa 🏝
commented

I don't object to this. Maybe it could specify the exact versions (SEO links to vX.x-X.X, iframe to vX.x-X.X)?

xurizaemon’s picture

xurizaemon
he/him
Location Ōtepoti, Aotearoa 🏝
commented

#847952: Suspend CVS account for Kaltura (spyware) is marked fixed currently, but it's been marked fixed once or twice already I think :)

How should we define "satisfactorily resolved"?

xurizaemon’s picture

xurizaemon
he/him
Location Ōtepoti, Aotearoa 🏝
commented
Status: Active » Fixed

IMO this has been resolved with SA-CONTRIB-2010-078 - Kaltura - Information disclosure today.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.