Re: Packaging of the chrome flashplayer-pepper

Top Page

Reply to this message
Author: Franz Schrober
Date:  
To: Bart Martens
CC: dmo-discussion@deb-multimedia.org
Subject: Re: Packaging of the chrome flashplayer-pepper
On Friday 13 December 2013 19:54:13 Bart Martens wrote:
[...]
> Wow, that's quite a big statement.

[...] 
> Which are available in Debian via flashplugin-nonfree.

[...] 
> Which is available in Debian via pepperflashplugin-nonfree.

[...] 
> Which is a choice in Chromium unrelated to how fast Debian supports security
> updates of the available Flash Players.

[...] 
> Which seems to be a bug unrelated to how fast Debian supports security
> updates of the available Flash Players.

[...] 
> I'm OK with that, really.  As long as popcon goes up and numbers of bugs
> remain low, I'd like to believe that I'm doing a pretty good job in Debian
> on flashplugin-nonfree and pepperflashplugin-nonfree.

[...]
> > PS: This is not against Bart Martens work

> I think you should check the facts before making big statements.

> > but the update thing seems like a big
> > problem to me.

> Well, see above.


This is exactly why I wrote the last sentence. And unfortunately, you still seem to have got it wrong. Sorry about this misunderstanding.

[...] 
> It may not be how you expect it to be, but security updates are supported :

> update-flashplugin-nonfree --install
> update-pepperflashplugin-nonfree --install


The packaging by you is fine... except the security update thing. It is one
style of packaging it and but it is not the "friendly" style of doing it. This
forces people to manage their system through multiple update procedures. They
cannot trust their package manager of keeping their software installed through
it updated (and hopefully secure) because the package manager has no
information about the versions of the software. So they have to call these (not
documented in /usr/share/doc/*/) commands in regular intervals. This seems to
be non-intuitive.

But this strategy also as good things. I am not depending on other people to
get the newest version of flash. When I am following the Adobe/Google update
news then I am able to get the newest version instantaneously without waiting
for a maintainer to have some free time to pick it up and upload it somewhere.
For this scenario, it is a perfectly fine package (superior to Christian
Marillat's package).

And here is the crux, most people don't follow the update news of these people
and expect new updates to installed "automatically" when they update their
system through the common update tools (apt-get/aptitude/synaptic/...). They
depend on flash because the web is a horrible place were such devilish things
like flash can still live on for ages. I would love to ban it everywhere but
even things like youtube don't work completely without Flash (even when
switching to the HTML5 player... funny enough, it works on my flash free phone
- weird world).

And I hope everyone here knows that updates to the flash plugin are extreme
important. The Adobe security bugs list proves it ;)