Re: flashplugin-nonfree 9.0.48.0.1etch1 for Stable
[Bart Martens]
> Going via Volatile and/or Backports is interesting, but that does not
> inform Stable users who don't have Volatile or Backports in
> their /etc/apt/sources.list. So I guess that many Debian Stable users
> are still unknownly using an insecure version of the Flash plugin,
> installed via the Debian package flashplugin-nonfree in Stable. And
> that is Not Good.
Just a short message of support. I agree that having a insecure flash
package is not good. And even worse is that the flashplugin-nonfree
package in etch no longer work because the binary package it download
from adobe no longer match the old MD5 sum, and thus everyone
installing the package will fail.
> Possible approaches:
>
> 1. We could flashplugin-nonfree 9.0.48.0.1etch1 to Stable soon. The
> only change is the update of the MD5 checksums. Obviously the upstream
> Flash plugin itself may have been modified heavily, no idea.
I believe this is the one making most sense to the current users of
the package, and to all those who will try to use it in the future.
> 2. I can create a special flashplugin-nonfree package for Stable to
> remove the insecure plugin from the Stable systems, notifying the
> users of this removal, and suggesting them to use Backports.
This on the other hand will just create more work for the users of the
flash package.
We ran into this problem in Debian Edu, trying to document how to
install flash in Etch. The installer package is broken, and the two
working alternatives is to use a backported package from Sid or to
download a working package from debian-multimedia. Having a working
package in Etch would be great.
Happy hacking,
--
Petter Reinholdtsen
Reply to: