Installing binaries in ~/.dropbox-dist/ of each user and letting any user process update them there is certainly not a good choice from a security point of view (and it's certainly not in line with the Debian policy). Having a single way to install the binary system-wide and having that mechanism verify the signature provided by Dropbox is the correct choice.
Marc, I tried to work with dropbox but they are not interested to improve the situation any further. They do control the software that gets installed and they could teach that software to force an upgrade in case of security issue (i.e. simply call "dropbox update" the wrapper script that installs the software) but for various reasons, they have not accepted to do this. ** Summary changed: - nautilus-dropbox doesn't install dropbox client to correct location + nautilus-dropbox forbids dropbox's non-free binaries to replace themselves by properly installing dropbox system-wide -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/909488 Title: nautilus-dropbox forbids dropbox's non-free binaries to replace themselves by properly installing dropbox system-wide To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nautilus-dropbox/+bug/909488/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
