Disable --update option
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
youtube-dl (Debian) |
Fix Released
|
Unknown
|
|||
youtube-dl (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Won't Fix
|
High
|
Unassigned |
Bug Description
[Impact]
The --update option downloads content from a third party site (a URL hardcoded in the script) and then copies it into /usr/bin/
Unfortunately, the --update option is extraordinarily handy since youtube frequently changes its web interface, which breaks the script. Indeed the version of youtube-dl currently in Precise is broken as of Nov 4, 2012 and can't retrieve videos. Running youtube-dl --update fixes this by installing a new version of the script. However this new script is a binary executable.
[Test Case]
$ ls -l /usr/bin/
-rwxr-xr-x 1 root root 159848 Feb 27 2012 /usr/bin/
bd2f1db2f3edafc
/usr/bin/
$ sudo youtube-dl --update
[sudo] password for XXX:
Updating to latest version...
Updated youtube-dl. Restart youtube-dl to use the new version.
$ ls -l /usr/bin/
-rwxr-xr-x 1 root root 43730 Nov 4 20:50 /usr/bin/
02c2a961099f067
/usr/bin/
[Regression Risk]
The patch removes code (and functionality), so doesn't risk new bugs. The loss of functionality is intentional to fix this issue.
[Original Report]
Shouldn't automatic updates be disabled, as with other packages (e.g. Firefox) ?
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: youtube-dl 2012.02.27-1 [modified: usr/bin/youtube-dl]
ProcVersionSign
Uname: Linux 3.2.0-31-
ApportVersion: 2.0.1-0ubuntu13
Architecture: i386
Date: Mon Oct 8 02:04:53 2012
PackageArchitec
ProcEnviron:
LANGUAGE=fr_FR:en
TERM=xterm
PATH=(custom, no user)
LANG=fr_FR.UTF-8
SHELL=/bin/bash
SourcePackage: youtube-dl
UpgradeStatus: Upgraded to precise on 2012-04-27 (164 days ago)
description: | updated |
Changed in youtube-dl (Ubuntu Quantal): | |
importance: | Undecided → High |
Changed in youtube-dl (Ubuntu Precise): | |
importance: | Undecided → High |
status: | New → Triaged |
Changed in youtube-dl (Ubuntu Quantal): | |
status: | New → Triaged |
tags: | added: patch |
Changed in youtube-dl (Debian): | |
status: | Unknown → Won't Fix |
Changed in youtube-dl (Debian): | |
status: | Won't Fix → Fix Released |
Agreed. I think this option might pose a security risk.