Re: Debian Wiki FlashPlayer page
On Wed, 2008-11-05 at 11:33 -0600, Lukasz Szybalski wrote:
> On Wed, Nov 5, 2008 at 11:08 AM, Franklin PIAT wrote:
> > Lukasz Szybalski wrote:
> >> On Wed, Nov 5, 2008 at 1:10 AM, Frank Lin PIAT
> >>>
> >>> On Tue, 2008-11-04 at 17:33 -0600, Lukasz Szybalski wrote:
> >>>> Did you verify before you deleted the section form manualhowto?
> >>>> The manual-howto had instruction on how to manually install flash
> >>>> player to /usr/lib/mozilla/plugins/ vs the "flash=player page does
> >>>> not.
> >>>
> >>> As I mentioned in the changelog, I removed that section because it
> >>> duplicate the content of the page FlashPlayer.
> >>> I decided not to merge the content because explaining how to manually
> >>> install something is just the wrong way to do things: I defeats the
> >>> purpose of having a distribution.
> >>> People willing to install or compile stuffs manually should use LFS,
> >>> Gentoo, Windows or whatever.
> >>
> >> I agree that installing things manually is a pain but in this case it
> >> seems as one of the options.
> >> First flash player was in sarge, but didn't work, Then sarge fixed it
> >> year later
> >> Second etch came in with flash player, it worked then got removed
> >
> >> Third, backports repository is questionable...
> >> so the only way to me seems like a manual install is one of the options.
> >
> > Installing anything manually is a bad practice.
> > - One have to reinstall it again and again, especially when new security
> > updates are published.
> > - A vulnerable version could remain installed for a while.
> > - The file isn't managed by apt/dpkg (conflict and dependencies)
> > - Why do manually waht can be done automacically
> > - And many other reasons that don't comes to my mind...
> >
> >> Above point doesn't matter now. I've merged the changes to Flash-player
> >> page.
> >
> > Document this procedure on your own website if you want, but not on the
> > wiki, where we only list recommended practices.
> >
> > At the risk of getting you upset, I'll remove that again.
>
> How about just add the warning you just mentioned...
> "
> >Installing anything manually is a bad practice.
> > - One have to reinstall it again and again, especially when new security
> > updates are published.
> > - A vulnerable version could remain installed for a while.
> > - The file isn't managed by apt/dpkg (conflict and dependencies)
> > - Why do manually what can be done automatically
> "
> Because If you don't want to use backports then that is your only option.
Why wouldn't you install backports?
> My opinion on the plugins is that they are exception to a lot of
> things.
Why?
> They are not stable and if you don't have most recent flash
> plugin then your website don't work, and if you website don't work
> then debian doesn't work.
The maintainer is quite responsive (flash v10 have been in experimental
for a while).
On the other hand, new versions of software can introduce regression
(i.e are not compatible with existing sites, and security issues).
> So I think manual option instructions should
> be available.
No, no, no.
Please.
> I'll add the warning you just mentioned.
Have you every seen a software vendor documenting a procedure, then say
"Hey, this is a hack, don't do it" (Well, ok, I know one such vendor
that keeps saying "Don't modify you registry directly"!)
> I know for sure there are places that have "not recommended practice"
> so I would put the warning on and let user decide instead of forcing
> users to use one way over another.
If you know any such page, then fix it please (fix = delete the wrong
part).
> If there was a security bug in a software and since its proprietary we
> really can't do patches to it, this means that this can happen again.
> If lenny was stable now and there was a security problem flashplayer
> would get removed again. I wonder if a better solution would be to
> create a package that gets the newest version from flashplayer
> website. Something similar to "djbdns" or broadcom firmware package.
>
> I'll post the question to the bug.
Make sure you read previous flashplugin-nonfree bugs (and mailing
list?). I'm pretty sure the question was already explained.
Franklin
Reply to: