[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: leaks in our only-signed-software fortress

Am 18.02.2012 15:30, schrieb Josselin Mouette:
Personally I decided to use GNOME-fallback, but via the meta-packages I
still got the GNOME shell... today
I've noticed that it silently installs an extension, which (I can only
assume this by the little
description) does some software installation/enabling for GNOME shell
from extensions.gnome.org.
To me this sounds more like a root-kit than a feature.

No GNOME shell extension is ever downloaded without your consent. The
browser plugin is only here to make this possible. Plugin integrity is guaranteed by SSL, and extensions have been checked before being put on
the website.

Well I guess the problem here are three things:
- Communication
You say now, that GNOME checks all what they put up there, and nothing is every installed automatically. This makes things a bit better,... but it's not really obviously documented. At least not for a just-a-user like me. Of course one can always say read the code + go into the developer docs,... but if I have to do this for everything, than I'm just screwed.

- Trust
I really do not trust GNOME/Mozilla etc. here do do all this in a secure and right way. At least for Mozilla there are hundredths of extensions, they surely can't check them all.

- Bypassing the package management system
IMHO, software in Debian should ONLY be installed by the package management system with one exception:
When the user really downloads/(optionally compiles)/installs himself.
Especially software should not bring its own package management system in form of app-store-like thingies.

Of course I know it's difficult to prevent this. Upstreams just do it... and ways around it (e.g. our Mozilla Extension Packages) are a big effort for us.
Nevertheless, solve this via packages, would be the right way (IMHO).

Anyway this doesn’t work very well so we’d be better with just putting
those extensions in another Debian package, but I see this more as a
functional problem than a security one.

Great :)


Reply to: