[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Wiki FlashPlayer page

On Wed, 2008-11-05 at 11:33 -0600, Lukasz Szybalski wrote:
> On Wed, Nov 5, 2008 at 11:08 AM, Franklin PIAT  wrote:
> > Lukasz Szybalski wrote:
> >> On Wed, Nov 5, 2008 at 1:10 AM, Frank Lin PIAT 
> >>>
> >>> On Tue, 2008-11-04 at 17:33 -0600, Lukasz Szybalski wrote:
> >>>> Did you verify before you deleted the section form manualhowto?
> >>>> The manual-howto had instruction on how to manually install flash
> >>>> player to /usr/lib/mozilla/plugins/ vs the "flash=player page does
> >>>> not.
> >>>
> >>> As I mentioned in the changelog, I removed that section because it
> >>> duplicate the content of the page FlashPlayer.
> >>> I decided not to merge the content because explaining how to manually
> >>> install something is just the wrong way to do things: I defeats the
> >>> purpose of having a distribution.
> >>> People willing to install or compile stuffs manually should use LFS,
> >>> Gentoo, Windows or whatever.
> >>
> >> I agree that installing things manually is a pain but in this case it
> >> seems as one of the options.
> >> First  flash player was in sarge, but didn't work, Then sarge fixed it
> >> year later
> >> Second etch came in with flash player, it worked then got removed
> >
> >> Third, backports  repository is questionable...
> >> so the only way to me seems like a manual install is one of the options.
> >
> > Installing anything manually is a bad practice.
> > - One have to reinstall it again and again, especially when new security
> > updates are published.
> > - A vulnerable version could remain installed for a while.
> > - The file isn't managed by apt/dpkg (conflict and dependencies)
> > - Why do manually waht can be done automacically
> > - And many other reasons that don't comes to my mind...
> >
> >> Above point doesn't matter now. I've merged the changes to Flash-player
> >> page.
> >
> > Document this procedure on your own website if you want, but not on the
> > wiki, where we only list recommended practices.
> >
> > At the risk of getting you upset, I'll remove that again.
> 
> How about just add the warning you just mentioned...
> "
> >Installing anything manually is a bad practice.
> > - One have to reinstall it again and again, especially when new security
> > updates are published.
> > - A vulnerable version could remain installed for a while.
> > - The file isn't managed by apt/dpkg (conflict and dependencies)
> > - Why do manually what can be done automatically
> "

> Because If you don't want to use backports then that is your only option.

Why wouldn't you install backports? 

> My opinion on the plugins is that they are exception to a lot of
> things.

Why?

> They are not stable and if you don't have most recent flash
> plugin then your website don't work, and if you website don't work
> then debian doesn't work.

The maintainer is quite responsive (flash v10 have been in experimental
for a while).

On the other hand, new versions of software can introduce regression
(i.e are not compatible with existing sites, and security issues).

> So I think manual option instructions should
> be available. 

No, no, no.
Please.

> I'll add the warning you just mentioned.

Have you every seen a software vendor documenting a procedure, then say
"Hey, this is a hack, don't do it" (Well, ok, I know one such vendor
that keeps saying "Don't modify you registry directly"!)

> I know for sure there are places that have "not recommended practice"
> so I would put the warning on and let user decide instead of forcing
> users to use one way over another.

If you know any such page, then fix it please (fix = delete the wrong
part).

> If there was a security bug in a software and since its proprietary we
> really can't do patches to it, this means that this can happen again.
> If lenny was stable now and there was a security problem flashplayer
> would get removed again. I wonder if a better solution would be to
> create a package that gets the newest version from flashplayer
> website. Something similar to "djbdns" or broadcom firmware package.
> 
> I'll post the question to the bug.

Make sure you read previous flashplugin-nonfree bugs (and mailing
list?). I'm pretty sure the question was already explained.

Franklin
Reply to: