Comment 4 for bug 909488
Revision history for this message
| Raphaƫl Hertzog (hertzog) wrote Re: nautilus-dropbox doesn't install dropbox client to correct location | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
Installing binaries in ~/.dropbox-dist/ of each user and letting any user process update them there is certainly not a good choice from a security point of view (and it's certainly not in line with the Debian policy). Having a single way to install the binary system-wide and having that mechanism verify the signature provided by Dropbox is the correct choice.
Marc, I tried to work with dropbox but they are not interested to improve the situation any further. They do control the software that gets installed and they could teach that software to force an upgrade in case of security issue (i.e. simply call "dropbox update" the wrapper script that installs the software) but for various reasons, they have not accepted to do this.