[Bart Martens] > Going via Volatile and/or Backports is interesting, but that does not > inform Stable users who don't have Volatile or Backports in > their /etc/apt/sources.list. So I guess that many Debian Stable users > are still unknownly using an insecure version of the Flash plugin, > installed via the Debian package flashplugin-nonfree in Stable. And > that is Not Good.
Just a short message of support. I agree that having a insecure flash package is not good. And even worse is that the flashplugin-nonfree package in etch no longer work because the binary package it download from adobe no longer match the old MD5 sum, and thus everyone installing the package will fail. > Possible approaches: > > 1. We could flashplugin-nonfree 9.0.48.0.1etch1 to Stable soon. The > only change is the update of the MD5 checksums. Obviously the upstream > Flash plugin itself may have been modified heavily, no idea. I believe this is the one making most sense to the current users of the package, and to all those who will try to use it in the future. > 2. I can create a special flashplugin-nonfree package for Stable to > remove the insecure plugin from the Stable systems, notifying the > users of this removal, and suggesting them to use Backports. This on the other hand will just create more work for the users of the flash package. We ran into this problem in Debian Edu, trying to document how to install flash in Etch. The installer package is broken, and the two working alternatives is to use a backported package from Sid or to download a working package from debian-multimedia. Having a working package in Etch would be great. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
