Ubuntu
software-center package

Should confirm package conflicts from the user as apturl can silently uninstall vital packages like network-manager

Bug #793318 reported by André Pirard
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apturl (Ubuntu)
New
Undecided
Unassigned
software-center (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

Binary package hint: apturl, software center

Update:
Please note that this report has a much wider scope than just APTURL not preventing system destruction.
I used to claim that Windows' installer is a black box hiding from the user what it's stuffing into the system.
You may well install a whole database system bundle unnoticed just to use a small program.
And you may well install it in English when you would have liked it in French.
On the opposite, Ubuntu is telling you package by package, file by file, with exact byte size what it is installing.
It is showing you what's going on

And now I must tell them that Ubuntu, in a constant strive to resemble Windows, has become just as bad.
They even removed Synaptics.

---EOU ---

This happened on Ubuntu 10.04 upgraded from 8.10 and with latest updates applied.

   1. What you expected to happen

The same as what happened, but without the inconvenience

   2. What actually happened

In order to help Belgian people paying their income taxes, I reviewed, modified and tested
http://doc.ubuntu-fr.org/tutoriel/utiliser_carte_identite_electronique_belge
In the process, I uninstalled all the Belgian middleware *beid* as well as *pcsc* software.
(Not pcsclite1 because network-manager depends on it)

Then I clicked the following link on that page apt://pcscd,libpcsclite-dev,beidgui
And this is what happened, taken from the APT logs.
APTURL did not display what it was doing, even less ask the permission to do it:

Start-Date: 2010-10-17 05:06:49
Install: pcscd (1.5.3-1ubuntu4)
Remove: libacr38ucontrol0 (1.7.10-1), network-manager (0.8-0ubuntu3), libgnokii5 (0.6.28.dfsg-1ubuntu0.1), ubuntu-desktop (1.197), network-manager-gnome (0.8-0ubuntu3), libpcsclite1 (1.5.3-1ubuntu4.1), gnome-phone-manager (0.65-1ubuntu2), libacr38u (1.7.10-1), wpasupplicant (0.6.9-3ubuntu3)
End-Date: 2010-10-17 05:07:56

Start-Date: 2010-10-17 07:05:14
Remove: pcscd (1.5.3-1ubuntu4)
End-Date: 2010-10-17 07:05:32

Start-Date: 2010-10-17 07:34:37
Remove: network-manager (0.8-0ubuntu3), network-manager-gnome (0.8-0ubuntu3), libpcsclite1 (1.5.3-1ubuntu4.1), wpasupplicant (0.6.9-3ubuntu3)
End-Date: 2010-10-17 07:35:16

The system must never uninstall the network-manager nor anything without asking the permission.

   3. The minimal series of steps necessary to make it happen, where step 1 is "start the program"

1: "start the program"
2: all of the above

Conclusions:

1 it's an extremely bad idea to make an installer (APTURL) behave silently and blindly.
No detail of what is being done, no permission and even no indication that the operation is complete.
I have seen that the Ubuntu Software Center operates the same silent, blind and dangerous way too.

2 it looks like it's a bad idea to have each packet of the same aptline installed separately

See original description
Tags: lucid
André Pirard (a.pirard)
summary: - apturl can silently uninstall vital packets like network-manager
+ apturl can silently uninstall vital packages like network-manager
papukaija (papukaija)
tags: added: lucid
Revision history for this message
papukaija (papukaija) wrote : Re: apturl can silently uninstall vital packages like network-manager

This has likely been a dependence issue in pcsc-lite or beidgui since apturl just calls apt-get to make to actual install. I've cheched the dependencies for the aforementioned packages and they don't depend on NM. Also, the pcsclite1 package has been removed from the repositories. Therefore, the pcsc-lite part (all pcsc related packages seem to use pcsc-lite for bug management and other tasks in LP) of this bug is fixed. I'm leaving this bug open since I guess that you want apturl to be less destructive.

Btw, I tagged this bug with lucid since the package versions mentioned in the apt log are from Lucid's repositories.

summary: - apturl can silently uninstall vital packages like network-manager
+ Should confirm package conflicts from the user as apturl can silently
+ uninstall vital packages like network-manager
Revision history for this message
André Pirard (a.pirard) wrote : Re: [Bug 793318] Re: apturl can silently uninstall vital packages like network-manager

Thanks for taking care of this bug.
Please note that it has nothing to do with pcsc etc... but with the fact
that APTURL is a black box that, as opposed to Synaptic, does secret
things to your system including possibly destroying it.
I have started writing a full text about that. Wait a little bit. I'll
finish it and I'll include it in here.

André Pirard (a.pirard)
affects: apturl (Ubuntu) → software-center (Ubuntu)
André Pirard (a.pirard)
description: updated
Gary Lasker (gary-lasker)
Changed in software-center (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Revision history for this message
Matthew Paul Thomas (mpt) wrote :

Marking as a duplicate of a newer bug report because it is more concise.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.