I'm concerned about adding translations from potentially untrusted sources -- format strings are a ripe source of security issues in some languages and allowing any random person to provide translated strings for programs that handle private data is potentially highly dangerous.
Python, Ruby, Perl, PHP, all make it easy to dump arbitrary variables this way; Lua looks like it can easily be configured to do so as well, if authors choose to use such functionality. C, C++ format strings can read and write data into and out of memory nearly arbitrarily. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1446212 Title: Support installing localization data from click packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1446212/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
