Re: long term solution for flashplugin-nonfree in stable

To: debian-release@lists.debian.org
Subject: Re: long term solution for flashplugin-nonfree in stable
From: Philippe Cloutier <chealer@gmail.com>
Date: Thu, 27 Dec 2007 15:13:35 -0500
Message-id: <[🔎] 200712271513.35963.chealer@gmail.com>
In-reply-to: <[🔎] 200712201220.39052.chealer@gmail.com>
References: <[🔎] 200712191806.57932.holger@layer-acht.org> <[🔎] 1198148546.3935.102.camel@pluto.hg.intranet> <[🔎] 200712201220.39052.chealer@gmail.com>

Le December 20, 2007 12:20:38 pm Philippe Cloutier, vous avez écrit :
> Le December 20, 2007 06:02:26 am Bart Martens, vous avez écrit :
> > On Wed, 2007-12-19 at 23:34 +0100, Luk Claes wrote:
> > > Scott Kitterman wrote:
> > > > On Wednesday 19 December 2007 12:06, Holger Levsen wrote:
> > > >> Hi,
> > > >>
> > > >> I would like to know what the stable release managers plan to do
> > > >> regarding flashplugin-nonfree in etch.
> > > >>
> > > >> As I see it, there are three options:
> > > >>
> > > >> 1. do nothing, keep a broken package in etch
> > > >>
> > > >> 2. remove the broken package from etch
> > > >>
> > > >> 3. request another upload, as the version currently in
> > > >> stable-proposed updates has broken since it was uploaded (which was
> > > >> before r1)
> > > >>
> > > >>
> > > >> Additionally I would like to ("officially") ask the volatile team
> > > >> about their opinion of including flashplugin-nonfree in
> > > >> volatile/contrib. As I read the requierements for volatile, the
> > > >> package fully fulfills them. (The package is rock stable and just an
> > > >> installer for (the latest) nonfree flash (from adobe) - so it does
> > > >> exactly what the users expect.)
> > > >
> > > > The new Flash is *known* to break konqueror but works as intended on
> > > > FireFox, the reason for this is konqueror does not support XEmbed. 
> > > > For a stable distribution, I'm not sure what the best solution would
> > > > be.
> > >
> > > I would go for 2
> >
> > Yes, I agree about removing broken packages.
> > http://lists.debian.org/debian-release/2007/12/msg00088.html
> >
> > > if there is an updated version in volatile we point
> > > people at in the Release Notes.
> >
> > I'm not convinced that the typical updates of flashplugin-nonfree should
> > go via volatile.  Updating flashplugin-nonfree from 9.0.48.0.* to
> > 9.0.115.0.* involves a new release of closed source software, so it can
> > include surprises that are very not welcome in Debian stable.  Volatile
> > is meant for fast/frequent/safe updates, for example for updating data
> > for spam filters or virus scanners.  Anything in volatile should be
> > (almost?) as safe as stable.
> > http://www.debian.org/volatile/
>
> Why did Adobe stop distributing the 9.0.48 tar.gz separately, while
> continuing to distribute the RPM?
> If nobody knows, did somebody ask them to bring it back?
I still don't know the answer to the first question, but since there are 
serious known vulnerabilities in Flash 9.0.48, as I discovered since I asked 
the question, there is no point in requesting a separate tar.gz for Flash 
9.0.48. And, r2 was released :)

Reply to:

References:
- flashplugin-nonfree in etch
  - From: Holger Levsen <holger@layer-acht.org>
- long term solution for flashplugin-nonfree in stable
  - From: Bart Martens <bartm@debian.org>
- Re: long term solution for flashplugin-nonfree in stable
  - From: Philippe Cloutier <chealer@gmail.com>

Prev by Date: Please give back dpkg on all arches
Next by Date: Re: flashplugin-nonfree in etch
Previous by thread: Re: long term solution for flashplugin-nonfree in stable
Next by thread: Re: long term solution for flashplugin-nonfree in stable
Index(es):
- Date
- Thread