[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Flash removed from etch - process explained?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 27-Feb-08, at 5:54 PM, Florian Kulzer wrote:

On Wed, Feb 27, 2008 at 12:16:16 -0500, Brian McKee wrote:
From a recent message on this list I saw a link to the 4.0r3 etch
release
http://lists.debian.org/debian-announce/2008/msg00000.html

Going to that link I see that they have removed flash
Closed source and no security support

[...]

What is the normal Debian procedure here?

I think the main problem is that flash does not fit into the "normal
Debian procedure" for the stable distribution: New versions are not
supposed to be introduced to "stable" once it is released, but the
security fixes cannot be backported by the Debian security team because
flash is a closed application.

How can I find out who/how
this decision was made and why?

Look at the QA page of the package:

http://packages.qa.debian.org/f/flashplugin-nonfree.html

(more specifically, the "removed from stable" link)

or at the bugreports for the "ftp.debian.org" pseudo-package:

http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=ftp.debian.org

(search for "flashplugin").

In both cases you end up with bug report #458550, in which the
maintainer himself requests the removal of the package.


Thanks Florian,

I really appreciate the fact that the reasons for decisions like these
are out in the open and justified, whether I agree with them or not :-)
e.g. this one is laid out pretty clearly....


Most newer versions of the Adobe Flash Player are a combination of new
features and fixes for security bugs. The Debian Security Team does not
support "contrib" and "non-free".  The Debian Stable Release Managers
Team does not support fast updates in "stable".  And "volatile" is not
meant to bring new features in "stable".

It is not acceptable that users of Debian "stable" use
flashplugin-nonfree to install the Adobe Flash Plugin, and not get
updates for security bugs in the Adobe Flash Plugin within reasonable
time. And it is not acceptable that new features are thrown in "stable"
too soon too fast.



Brian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Verify this email or encrypt your email for free - see gnupg.org

iD8DBQFHxr87GnOmb9xIQHQRAiFoAJ4p6aFCiCjzd7M4JNUlWUe0XTytJgCgnrae
dRr3VFNb31Xje6eH/6Z/l84=
=zyBt
-----END PGP SIGNATURE-----


Reply to: