Web browser plugins are a major vector for exploit on the internet. For security reasons, it is best not to install plugins you don't need. Yet Ubuntu-packages bundle numerous plugins together. For example, if I use one single plugin (e.g., Windows Media Player Plug-in), I have to install the gecko-mediaplayer package. Yet the gecko-mediaplayer package installs 4 additional plugins in addition to the Windows Media Player Plug-in. I NEVER use the 4 additional plugins that are installed. Further, among the 4 additional plugins installed are QuickTime and RealPlayer. Two plugins that are notoriously exploited on the web.
Packages should not bundle so many plugins together. A separate package should exist for each plugin. Or some other solution should be developed that allows users to only install the plugin they actually use.
Security is a major problem these days and users should not have to install more plugins than they actually use, especially when the unused plugins are notorious for security vulnerabilities.
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: gnome-session-bin 3.2.0-0ubuntu3
ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
Uname: Linux 3.0.0-12-generic i686
ApportVersion: 1.23-0ubuntu2
Architecture: i386
Date: Sat Oct 8 12:08:41 2011
ExecutablePath: /usr/bin/gnome-session
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Beta i386 (20110901)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnome-session
UpgradeStatus: Upgraded to oneiric on 2011-10-06 (1 days ago)
Status changed to 'Confirmed' because the bug affects multiple users.