[Desktop-packages] [Bug 1061734] Re: webapps-applications removes package installation prompt

Wed, 21 May 2014 13:52:19 -0700 

** Changed in: webapps-applications (Ubuntu Quantal)
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to webapps-applications in Ubuntu.
https://bugs.launchpad.net/bugs/1061734

Title:
  webapps-applications removes package installation prompt

Status in “webapps-applications” package in Ubuntu:
  Confirmed
Status in “webapps-applications” source package in Quantal:
  Won't Fix

Bug description:
  In bug 1035207, the security team was asked for permission to install
  webapps scripts without prompting the user for their password. Since
  this has a high impact on security, permission was granted if the
  following restrictions were adhered to:

  1- Installing without a password is limited to users in the "admin" group.
  2- The repository whitelist for aptdaemon is shipped in a separate 
"webapps"-named package, and not part of the aptdaemon package.
  3- Up-to-date documentation for the exact steps required for auditing the 
security of contributed webapp scripts. This needs to be written by someone 
familiar with the intricacies of how the scripts are integrated in the browser 
security model and how the webapps functionality was implemented.
  4- An webapp script security scanning tool that can detect basic security 
flaws, and can be updated with new flaws as they are discovered.
  5- A policy in place to systematically audit new webapp scripts and 
improvements to existing webapp scripts using the documentation and the 
scanning tool before they are accepted into the repository.
  6- Tracking of a "sign-off" procedure to determine when the security auditing 
of contributed scripts was performed, by who, and with what revision of the 
auditing documentation and script.

  webapps-applications (2.4.7-0ubuntu2) has been uploaded to Quantal, to
  permit a passwordless installation of webapps script, but I cannot
  find the location of requirements 3 to 6.

  This change needs to be reverted until the proper requirements are put
  in place.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/webapps-applications/+bug/1061734/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to