Default Apps Discussion

Registered by Jason Warner on 2011-05-12

Semi-annual default apps discussion....

Blueprint information

Status:
Complete
Approver:
Martin Pitt
Priority:
Essential
Drafter:
Jason Warner
Direction:
Approved
Assignee:
Martin Pitt
Definition:
Approved
Series goal:
Accepted for oneiric
Implementation:
Implemented
Milestone target:
milestone icon oneiric-alpha-2
Started by
Martin Pitt on 2011-10-24
Completed by
Martin Pitt on 2011-10-24

Related branches

Sprints

Whiteboard

Work items for oneiric-alpha-1:
[didrocks] clean/review unity 2D packaging: DONE
[didrocks] seed unity 2D on the ubuntu CD: DONE

Work items for oneiric-alpha-2:
[didrocks] Backport some ATK/features from 4/8 to 4/7: DONE
[didrocks] Package and MIR qt-at-spi: DONE
[didrocks] Discuss with zg upstream how we can integrate non opened files in zg search (after an upgrade, usb keys…): DONE
Drop applications from default install: pitivi (moved to DVD), computer-janitor: DONE

Work items for oneiric-alpha-3:
[didrocks] Discuss with design and zg upstream about zg activity log manager and if the indexing script should be runned automatically: DONE

Work items for oneiric-beta-1:
[themuso] enable the QT_ACCESSIBILITY=1 env variable for the session when accessibility is enabled (little chance that that we get this cycle the a11y dbus signal): DONE

Add Deja Dup (separate blueprint for this)

[quadrispro]
font-manager as fonts management default application

INFO: 2011-05-20 jdstrand (Ubuntu Security)
chromium-browser in main
- designed with security in mind from the start, and the design is very good. Design is better than Mozilla, which has only recently added plugin-container support, but not yet a security feature
- upstream is very responsive to security vulnerabilities and has bounties to encourage code auditing. Mozilla is very popular (and thus receives a lot of scrutiny) and is also responsive (tie)
- accessibility support is lacking
- certificate manager non-existent/doesn't work, which is a regression over Mozilla
- upstream is not responsive to regressions they introduce in Ubuntu (eg, stored passwords bug-- they broke it such that people lost their saved passwords on upgrade. We asked for them to fix, but several weeks later nothing. We had to publish a broken chromium to users because security vulnerabilities were accumulating. Still not fixed). This regression points to a lack of QA on (at least) Ubuntu. In contrast, Mozilla is responsive and seems to have a better QA process
- Google chrome guys said they target Windows (Mozilla cares about Ubuntu)
- no predisclosure or notification of new security update builds (Mozilla does this). This results in our updates for chromium-browser always lagging behind upstream (ie, we only know to build when they release (some work can be done with prebuilds, but not optimal by any means))
- tried contacting upstream security guy, but has not answered emails
- armel compilation issues (doesn't build more than half the time, upstream is not particularly reactive)
Bottom line: while very good from a security point of view, upstream doesn't seem to care about Ubuntu, which makes chromium-browser very hard to recommend as the default browser. Assuming upstream can fix armel, address feature regressions (accessibility and certificate manager) and if the relationship can be improved such that good Ubuntu QA is done by upstream internally, they are responsive to chromium bugs in Ubuntu, and they give advanced notification of security updates, then I have no objection moving over to it as the default browser.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.