[Bug 870821] Re: Numerous plugins should not be bundled together in packages for security reasons

Nick Rundy 870821 at bugs.launchpad.net
Fri Sep 21 11:42:31 UTC 2012

Hey Colin.

I created a new bug specifically for the gecko-mediaplayer package.


You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-meta in Ubuntu.

  Numerous plugins should not be bundled together in packages for
  security reasons

Status in “ubuntu-meta” package in Ubuntu:

Bug description:
  Web browser plugins are a major vector for exploit on the internet.
  For security reasons, it is best not to install plugins you don't
  need.  Yet Ubuntu-packages bundle numerous plugins together. For
  example, if I use one single plugin (e.g., Windows Media Player Plug-
  in), I have to install the gecko-mediaplayer package. Yet the gecko-
  mediaplayer package installs 4 additional plugins in addition to the
  Windows Media Player Plug-in. I NEVER use the 4 additional plugins
  that are installed. Further, among the 4 additional plugins installed
  are QuickTime and RealPlayer. Two plugins that are notoriously
  exploited on the web.

  Packages should not bundle so many plugins together. A separate
  package should exist for each plugin. Or some other solution should be
  developed that allows users to only install the plugin they actually

  Security is a major problem these days and users should not have to
  install more plugins than they actually use, especially when the
  unused plugins are notorious for security vulnerabilities.

  ProblemType: Bug
  DistroRelease: Ubuntu 11.10
  Package: gnome-session-bin 3.2.0-0ubuntu3
  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
  Uname: Linux 3.0.0-12-generic i686
  ApportVersion: 1.23-0ubuntu2
  Architecture: i386
  Date: Sat Oct  8 12:08:41 2011
  ExecutablePath: /usr/bin/gnome-session
  InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Beta i386 (20110901)
   PATH=(custom, no user)
  SourcePackage: gnome-session
  UpgradeStatus: Upgraded to oneiric on 2011-10-06 (1 days ago)

To manage notifications about this bug go to:

More information about the foundations-bugs mailing list