Comment 3 for bug 1709164

amano (jyaku) wrote :

I am still feeling uncomfortable shipping some crucial GNOME components like Nautilus more insecure than upstream.

An it is not just a matter of having bubblewrap in main or not. Not a matter of the default and anybody who wishes the default upstream security level could rectify this by “sudo apt install bubblewrap“. Because now sandboxing has to be turned off at build time and installing bubblewrap afterwards will not help anything.

And it is not that the risks of shipping without sandbox are just theoretical: Ubuntu got some flak for this thumbnailing hole:

Adding the Ubuntu release team a to get this in as a FFe as soon as possible. Disabling security features doesn't sound like worthwile Ubuntu modifications.