|Summary:||Installs un-necessary browser plugin|
|Product:||Red Hat Enterprise Linux 7||Reporter:||Michael Peters <alice>|
|Component:||rhythmbox||Assignee:||Bastien Nocera <bnocera>|
|Status:||CLOSED NOTABUG||QA Contact:||Desktop QE <desktop-qa-list>|
|Fixed In Version:||Doc Type:||If docs needed, set a value|
|Doc Text:||Story Points:||---|
|Last Closed:||2018-06-08 15:03:58 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Michael Peters 2016-11-03 05:19:20 UTC
Description of problem: rhythmbox installs a mozilla plugin that is not packaged separately Version-Release number of selected component (if applicable): rhythmbox-2.99.1-4.el7.x86_64 How reproducible: always Steps to Reproduce: 1. rpm -ql rhythmbox |grep itms 2. 3. Actual results: /usr/lib64/mozilla/plugins/librhythmbox-itms-detection-plugin.so Expected results: null Additional info: If there is a way to disable a plugin in FireFox I have not found it. From about:plugins it seems the purpose of the plugin is: "This plug-in detects the presence of iTunes when opening iTunes Store URLs in a web page with Firefox." If that feature is even wanted in Enterprise Linux, then it should be packaged as a separate RPM that requires rhythmbox (assuming it does) rather than as part of rhythmbox itself. Browser plugins are a source of security issues, and also can be used to fingerprint users remotely when they visit a web page (even just their presence, and from the version information they report). Please remove this file from the rhythmbox package and if it has utility for anyone (I sure have no need for it), offer it as a sub-package.
Comment 2 Bastien Nocera 2018-06-08 15:03:58 UTC
The plugin fingerprinting is a problem for Firefox to solve. The plugin is necessary for iTunes pages to detect that we can handle itms:// locations, as mentioned in: https://bugzilla.gnome.org/show_bug.cgi?id=489874 If you want to discuss the removal of this plugin, please do so upstream by filing a new issue at: https://gitlab.gnome.org/GNOME/rhythmbox/issues I don't have any interest in seeing this package diverge from upstream.