desktop-packages team mailing list archive

Thread
Date

[Bug 870821] [NEW] Numerous plugins should not be bundled together in packages for security reasons

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <870821@xxxxxxxxxxxxxxxxxx>
Date: Sat, 08 Oct 2011 20:04:39 -0000
Reply-to: Bug 870821 <870821@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug:

Web browser plugins are a major vector for exploit on the internet. For
security reasons, it is best not to install plugins you don't need.  Yet
Ubuntu-packages bundle numerous plugins together. For example, if I use
one single plugin (e.g., Windows Media Player Plug-in), I have to
install the gecko-mediaplayer package. Yet the gecko-mediaplayer package
installs 4 additional plugins in addition to the Windows Media Player
Plug-in. I NEVER use the 4 additional plugins that are installed.
Further, among the 4 additional plugins installed are QuickTime and
RealPlayer. Two plugins that are notoriously exploited on the web.

Packages should not bundle so many plugins together. A separate package
should exist for each plugin. Or some other solution should be developed
that allows users to only install the plugin they actually use.

Security is a major problem these days and users should not have to
install more plugins than they actually use, especially when the unused
plugins are notorious for security vulnerabilities.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: gnome-session-bin 3.2.0-0ubuntu3
ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
Uname: Linux 3.0.0-12-generic i686
ApportVersion: 1.23-0ubuntu2
Architecture: i386
Date: Sat Oct  8 12:08:41 2011
ExecutablePath: /usr/bin/gnome-session
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Beta i386 (20110901)
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: gnome-session
UpgradeStatus: Upgraded to oneiric on 2011-10-06 (1 days ago)

** Affects: gnome-session (Ubuntu)
     Importance: Undecided
         Status: Confirmed


** Tags: apport-bug i386 oneiric running-unity
-- 
Numerous plugins should not be bundled together in packages for security reasons
https://bugs.launchpad.net/bugs/870821
You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu.