[Bug 793318] Re: apturl can silently uninstall vital packages like network-manager

papukaija 793318 at bugs.launchpad.net
Sun Nov 6 00:18:09 UTC 2011 

** Tags added: lucid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apturl in Ubuntu.
https://bugs.launchpad.net/bugs/793318

Title:
  apturl can silently uninstall vital packages like network-manager

Status in “apturl” package in Ubuntu:
  New

Bug description:
  Binary package hint: apturl

  This happened on Ubuntu 10.04 upgraded from 8.10 and with latest
  updates applied.

     1. What you expected to happen

  The same as what happened, but without the inconvenience

     2. What actually happened

  In order to help Belgian people paying their income taxes, I reviewed, modified and tested
  http://doc.ubuntu-fr.org/tutoriel/utiliser_carte_identite_electronique_belge
  In the process, I uninstalled all the Belgian middleware *beid* as well as *pcsc* software.
  (Not pcsclite1 because network-manager depends on it)

  Then I clicked the following link on that page   apt://pcscd,libpcsclite-dev,beidgui
  And this is what happened, taken from the APT logs.
  APTURL did not display what it was doing, even less ask the permission to do it:

  Start-Date: 2010-10-17  05:06:49
  Install: pcscd (1.5.3-1ubuntu4)
  Remove: libacr38ucontrol0 (1.7.10-1), network-manager (0.8-0ubuntu3), libgnokii5 (0.6.28.dfsg-1ubuntu0.1), ubuntu-desktop (1.197), network-manager-gnome (0.8-0ubuntu3), libpcsclite1 (1.5.3-1ubuntu4.1), gnome-phone-manager (0.65-1ubuntu2), libacr38u (1.7.10-1), wpasupplicant (0.6.9-3ubuntu3)
  End-Date: 2010-10-17  05:07:56

  Start-Date: 2010-10-17  07:05:14
  Remove: pcscd (1.5.3-1ubuntu4)
  End-Date: 2010-10-17  07:05:32

  Start-Date: 2010-10-17  07:34:37
  Remove: network-manager (0.8-0ubuntu3), network-manager-gnome (0.8-0ubuntu3), libpcsclite1 (1.5.3-1ubuntu4.1), wpasupplicant (0.6.9-3ubuntu3)
  End-Date: 2010-10-17  07:35:16

  The system must never uninstall the network-manager nor anything
  without asking the permission.

     3. The minimal series of steps necessary to make it happen, where
  step 1 is "start the program"

  1: "start the program"
  2: all of the above

  Conclusions:

  1 it's an extremely bad idea to make an installer (APTURL) behave silently and blindly.
  No detail of what is being done, no permission and even no indication that the operation is complete.
  I have seen that the Ubuntu Software Center operates the same silent, blind and dangerous way too.

  2 it looks like it's a bad idea to have each packet of the same
  aptline installed separately

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apturl/+bug/793318/+subscriptions

More information about the foundations-bugs mailing list