Comment 6 for bug 860492

Security review:
- does not check return codes in several places surrounding malloc() and xmlrpc_* calls
- SSL is not used due to bug #833994

I would really like to see the error checking done at some time. I realize this is a time crunch and don't see a vulnerability with the shallow audit I perfromed. That said, this should be fixed, especially since cobbler-enlist is intended to be run as a privileged user, and I have filed bug #862558.

To fully address the SSL issues, bug #833994 needs to be adjusted in the installer and cobbler-enlist. Since it is too late for that, I suggest:
- adjusting the already existing debconf questions/notes to include language that the information is currently submitted in unencrypted form (and a way to abort)
- add language to the --help text that the information is currently submitted in unencrypted form
- add a manpage which among other things includes language that the information is currently submitted in unencrypted form
- add text to README.Debian explaining the lack of SSL, language that the information is currently submitted in unencrypted form and a reference to bug #833994

I have filed bug #862567 to address this.

Since there is no difference between supporting the udeb for cobbler-enlist and the regular deb for cobbler-enlist, please feel free to promote and seed once bug #862567 is fixed.

Thanks!