severity 692297 grave tag 692297 wheezy fixed-upstream confirmed thanks
Package: youtube-dl Priority: grave Version: 2012.02.27-1 As reported Youtube-dl, when used in testing, is unable to download *any* videos from Youtube. Unless the system administrator uses it's "update" functionality, which basicly will download a *new* version of the program and install it on the system the package is quite useless. I'm raising the severity of this bug, tagging it accordinly and providing additional information in this bug report. Below is an annotated transcript of a session right after installing the program in a testing system in order to download a video. As you can see: - the program fails with an error "ERROR: unable to download video" which does not indicate the cause (this is a known bug upstream, see: https://github.com/rg3/youtube-dl/issues/427) - the reason it fails is only found by Googling, it turns out that the Youtube make changes that turned this program incompatible - the only fix is to update from upstream (or from sid) - the update from upstream is actually installing software as root in the system downloaded from the web without any signature changes as far as I see I'm labeling this bug as 'grave' for testing since it makes the package useless unless updated. I don't think we should release this package in its current state. Note: the bug is *not* present on sid. But even if we fixed this with the 'sid' package, the manpage and errors should indicate the user that if downloads fail (might happen in the future) then he might probably need to update the package from backports. It seems that the current bug might reappear if Youtube.com changes something in its download mechanisms again. Here's a transcript of a use of youtube-dl: -------------------- TRANSCRIPT BEGIN -------------------- $ youtube-dl http://www.youtube.com/watch?v=fGFNmEOntFA [youtube] Setting language [youtube] fGFNmEOntFA: Downloading video webpage [youtube] fGFNmEOntFA: Downloading video info webpage [youtube] fGFNmEOntFA: Extracting video information ERROR: unable to download video [ The error here is completely useless. It does not indicate the user what might be the problem. Network error? Permissions? Error in the download? If you debug the connection you actually see a 403 error being returned by Youtube ] $ man youtube-dl [ No information is found on the manpage regarding possible errors. There is no BUG section ] [ Googling a bit you find all these sites which point the user towards updating the program: https://github.com/rg3/youtube-dl/issues/427 http://askubuntu.com/questions/194420/youtube-dl-is-not-working ] $ sudo youtube-dl --update Updating to latest version... Updated youtube-dl. Restart youtube-dl to use the new version. [ First update, as root, downloads and installs a new binary version. There does not seem to be any indication of checks done of the remote server, so a user that runs this exposes himself to a MITM attack. He could be tricked into obtaining a binary which is trojanized, a virus or whatever ] $ youtube-dl http://www.youtube.com/watch?v=fGFNmEOntFA Hi! We changed distribution method and now youtube-dl needs to update itself one more time. This will only happen once. Simply press enter to go on. Sorry for the trouble! The new location of the binaries is https://github.com/rg3/youtube-dl/downloads, not the git repository. ERROR: no write permissions on /usr/bin/youtube-dl [ Ok. the first update did not work, we have to update *again* ] $ sudo youtube-dl --update Hi! We changed distribution method and now youtube-dl needs to update itself one more time. This will only happen once. Simply press enter to go on. Sorry for the trouble! The new location of the binaries is https://github.com/rg3/youtube-dl/downloads, not the git repository. Done! Now you can run youtube-dl. [ OK. We need to run as root and download *another* untrusted binary from the network. At least now it looks like the download connection is SSL. I wonder how is the certificate checked ... ] $ youtube-dl http://www.youtube.com/watch?v=fGFNmEOntFA [youtube] Setting language [youtube] fGFNmEOntFA: Downloading video webpage [youtube] fGFNmEOntFA: Downloading video info webpage [youtube] fGFNmEOntFA: Extracting video information [download] Destination: fGFNmEOntFA.mp4 [download] 100.0% of 183.93M at 6.05M/s ETA 00:00 [ finally the download works ] $ youtube-dl --version 2012.12.11 $ debsums youtube-dl /usr/bin/youtube-dl FAILED /usr/share/doc/youtube-dl/NEWS.Debian.gz OK /usr/share/doc/youtube-dl/changelog.Debian.gz OK /usr/share/doc/youtube-dl/copyright OK /usr/share/man/man1/youtube-dl.1.gz OK [ We are not, however running the version provided by the package ] -------------------- TRANSCRIPT END -------------------- Hope the information above is useful. Best regards Javier -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
