On Wed, 2008-11-05 at 11:33 -0600, Lukasz Szybalski wrote: > On Wed, Nov 5, 2008 at 11:08 AM, Franklin PIAT wrote: > > Lukasz Szybalski wrote: > >> On Wed, Nov 5, 2008 at 1:10 AM, Frank Lin PIAT > >>> > >>> On Tue, 2008-11-04 at 17:33 -0600, Lukasz Szybalski wrote: > >>>> Did you verify before you deleted the section form manualhowto? > >>>> The manual-howto had instruction on how to manually install flash > >>>> player to /usr/lib/mozilla/plugins/ vs the "flash=player page does > >>>> not. > >>> > >>> As I mentioned in the changelog, I removed that section because it > >>> duplicate the content of the page FlashPlayer. > >>> I decided not to merge the content because explaining how to manually > >>> install something is just the wrong way to do things: I defeats the > >>> purpose of having a distribution. > >>> People willing to install or compile stuffs manually should use LFS, > >>> Gentoo, Windows or whatever. > >> > >> I agree that installing things manually is a pain but in this case it > >> seems as one of the options. > >> First flash player was in sarge, but didn't work, Then sarge fixed it > >> year later > >> Second etch came in with flash player, it worked then got removed > > > >> Third, backports repository is questionable... > >> so the only way to me seems like a manual install is one of the options. > > > > Installing anything manually is a bad practice. > > - One have to reinstall it again and again, especially when new security > > updates are published. > > - A vulnerable version could remain installed for a while. > > - The file isn't managed by apt/dpkg (conflict and dependencies) > > - Why do manually waht can be done automacically > > - And many other reasons that don't comes to my mind... > > > >> Above point doesn't matter now. I've merged the changes to Flash-player > >> page. > > > > Document this procedure on your own website if you want, but not on the > > wiki, where we only list recommended practices. > > > > At the risk of getting you upset, I'll remove that again. > > How about just add the warning you just mentioned... > " > >Installing anything manually is a bad practice. > > - One have to reinstall it again and again, especially when new security > > updates are published. > > - A vulnerable version could remain installed for a while. > > - The file isn't managed by apt/dpkg (conflict and dependencies) > > - Why do manually what can be done automatically > "
> Because If you don't want to use backports then that is your only option. Why wouldn't you install backports? > My opinion on the plugins is that they are exception to a lot of > things. Why? > They are not stable and if you don't have most recent flash > plugin then your website don't work, and if you website don't work > then debian doesn't work. The maintainer is quite responsive (flash v10 have been in experimental for a while). On the other hand, new versions of software can introduce regression (i.e are not compatible with existing sites, and security issues). > So I think manual option instructions should > be available. No, no, no. Please. > I'll add the warning you just mentioned. Have you every seen a software vendor documenting a procedure, then say "Hey, this is a hack, don't do it" (Well, ok, I know one such vendor that keeps saying "Don't modify you registry directly"!) > I know for sure there are places that have "not recommended practice" > so I would put the warning on and let user decide instead of forcing > users to use one way over another. If you know any such page, then fix it please (fix = delete the wrong part). > If there was a security bug in a software and since its proprietary we > really can't do patches to it, this means that this can happen again. > If lenny was stable now and there was a security problem flashplayer > would get removed again. I wonder if a better solution would be to > create a package that gets the newest version from flashplayer > website. Something similar to "djbdns" or broadcom firmware package. > > I'll post the question to the bug. Make sure you read previous flashplugin-nonfree bugs (and mailing list?). I'm pretty sure the question was already explained. Franklin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
