[Bug 870821] Re: Numerous plugins should not be bundled together in packages for security reasons

Colin Watson cjwatson at canonical.com
Thu Sep 20 07:53:20 UTC 2012 

You would really be better off filing separate bugs against each of the
problematic packages.  General roll-up bugs like this don't really work
well for tracking ...

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/870821

Title:
  Numerous plugins should not be bundled together in packages for
  security reasons

Status in “ubuntu-meta” package in Ubuntu:
  Confirmed

Bug description:
  Web browser plugins are a major vector for exploit on the internet.
  For security reasons, it is best not to install plugins you don't
  need.  Yet Ubuntu-packages bundle numerous plugins together. For
  example, if I use one single plugin (e.g., Windows Media Player Plug-
  in), I have to install the gecko-mediaplayer package. Yet the gecko-
  mediaplayer package installs 4 additional plugins in addition to the
  Windows Media Player Plug-in. I NEVER use the 4 additional plugins
  that are installed. Further, among the 4 additional plugins installed
  are QuickTime and RealPlayer. Two plugins that are notoriously
  exploited on the web.

  Packages should not bundle so many plugins together. A separate
  package should exist for each plugin. Or some other solution should be
  developed that allows users to only install the plugin they actually
  use.

  Security is a major problem these days and users should not have to
  install more plugins than they actually use, especially when the
  unused plugins are notorious for security vulnerabilities.

  ProblemType: Bug
  DistroRelease: Ubuntu 11.10
  Package: gnome-session-bin 3.2.0-0ubuntu3
  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
  Uname: Linux 3.0.0-12-generic i686
  ApportVersion: 1.23-0ubuntu2
  Architecture: i386
  Date: Sat Oct  8 12:08:41 2011
  ExecutablePath: /usr/bin/gnome-session
  InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Beta i386 (20110901)
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: gnome-session
  UpgradeStatus: Upgraded to oneiric on 2011-10-06 (1 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/870821/+subscriptions

More information about the foundations-bugs mailing list