[Bug 793318] Re: apturl can silently uninstall vital packages like network-manager

Sun Nov 6 00:51:27 UTC 2011

This has likely been a dependence issue in pcsc-lite or beidgui since
apturl just calls apt-get to make to actual install. I've cheched the
dependencies for the aforementioned packages and they don't depend on
NM. Also, the pcsclite1 package has been removed from the repositories.
Therefore, the pcsc-lite part (all pcsc related packages seem to use
pcsc-lite for bug management and other tasks in LP) of this bug is
fixed. I'm leaving this bug open since I guess that you want apturl to
be less destructive.

Btw, I tagged this bug with lucid since the package versions mentioned
in the apt log are from Lucid's repositories.

** Summary changed:

- apturl can silently uninstall vital packages like network-manager
+ Should confirm package conflicts from the user as apturl can silently uninstall vital packages like network-manager

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apturl in Ubuntu.
https://bugs.launchpad.net/bugs/793318

Title:
  Should confirm package conflicts from the user as apturl can silently
  uninstall vital packages like network-manager

Status in “apturl” package in Ubuntu:
  New

Bug description:
  Binary package hint: apturl

  This happened on Ubuntu 10.04 upgraded from 8.10 and with latest
  updates applied.

     1. What you expected to happen

  The same as what happened, but without the inconvenience

     2. What actually happened

  In order to help Belgian people paying their income taxes, I reviewed, modified and tested
  http://doc.ubuntu-fr.org/tutoriel/utiliser_carte_identite_electronique_belge
  In the process, I uninstalled all the Belgian middleware *beid* as well as *pcsc* software.
  (Not pcsclite1 because network-manager depends on it)

  Then I clicked the following link on that page   apt://pcscd,libpcsclite-dev,beidgui
  And this is what happened, taken from the APT logs.
  APTURL did not display what it was doing, even less ask the permission to do it:

  Start-Date: 2010-10-17  05:06:49
  Install: pcscd (1.5.3-1ubuntu4)
  Remove: libacr38ucontrol0 (1.7.10-1), network-manager (0.8-0ubuntu3), libgnokii5 (0.6.28.dfsg-1ubuntu0.1), ubuntu-desktop (1.197), network-manager-gnome (0.8-0ubuntu3), libpcsclite1 (1.5.3-1ubuntu4.1), gnome-phone-manager (0.65-1ubuntu2), libacr38u (1.7.10-1), wpasupplicant (0.6.9-3ubuntu3)
  End-Date: 2010-10-17  05:07:56

  Start-Date: 2010-10-17  07:05:14
  Remove: pcscd (1.5.3-1ubuntu4)
  End-Date: 2010-10-17  07:05:32

  Start-Date: 2010-10-17  07:34:37
  Remove: network-manager (0.8-0ubuntu3), network-manager-gnome (0.8-0ubuntu3), libpcsclite1 (1.5.3-1ubuntu4.1), wpasupplicant (0.6.9-3ubuntu3)
  End-Date: 2010-10-17  07:35:16

  The system must never uninstall the network-manager nor anything
  without asking the permission.

     3. The minimal series of steps necessary to make it happen, where
  step 1 is "start the program"

  1: "start the program"
  2: all of the above

  Conclusions:

  1 it's an extremely bad idea to make an installer (APTURL) behave silently and blindly.
  No detail of what is being done, no permission and even no indication that the operation is complete.
  I have seen that the Ubuntu Software Center operates the same silent, blind and dangerous way too.

  2 it looks like it's a bad idea to have each packet of the same
  aptline installed separately

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apturl/+bug/793318/+subscriptions