Ubuntu
flashplugin-nonfree package

Bug #173890
Comment #127

Comment 127 for bug 173890

Revision history for this message

Jim (jwyllie83) wrote on 2008-01-18: Re: [Bug 173890] Re: flashplugin-nonfree fails to install... new version?

#127

> This is not simple. Flash is working for all people who currently use
> konqueror so lets think at the consequences of each choices :

I think it's time to dispel that notion that that's some kind of sizable
percentage of Linux users. I have reasonably-high volume sites to which
I have stats access. Last I saw, The Hurd had more hits than Konqueror.

> 1. Updating flashplugin-nonfree to 9.0.115.0 : The majority of all
> konqueror users are still able to use flash because it has been
> installed in 9.0.48 version. Once the update is added in ubuntu
> repositories, ALL konqueror users won't be able to use flashplugin
> anymore, and there will be no workaround to fix this problem.

Sure there is. As was noted in the threads, you can download the
"install all versions" Flash download (it's like 65MB) and install the
last version that works. Yeah, it's harder than what Firefox users do
now, but it is, indeed, a workaround.

> Actual
> Firefox users won't see any difference and new ubuntu firefox users will
> be able to install flashplugin-nonfree again.

... um, they'll see apt's Flash package working like it should for new
users? Current users can also update Flash to the new version, giving
them the patches to the vulnerabilities fixed in the Flash update. Your
option should be amended. Based on your final solution, you can get one
of the two outcomes:

-- 1)
Largely inconvenienced Konqueror users who all now have to do manual
installs of Flash from the huge archive (there are very, very few of
these users)
No inconvenience to Firefox users (there are tons of these users)
Firefox users are patched against additional security vulnerabilities

-- 2)
Moderately inconvenienced Konqueror users: new installations fail, old
ones still work.
Moderately inconvenienced Firefox users
Firefox users aren't patched against latest security vulnerabilities

The few Konqueror users can head to the forums to learn how to install
the version they need so that exponentially more new Firefox users don't
have to and already-established Firefox users can get patched Flash
vulnerabilities. How can you justify #1 as your answer?

> 2. Don't update flashplugin-nonfree : All Firefox/konqueror users are
> still able to use flash, new Firefox users need support in order to
> install flash, but it's still possible, and new konqueror users can't
> install flash player.

I would argue that there are more Ubuntu-based installations daily that
will use Flash on a non-konqueror browser than there are Konqueror users
total who really want Flash. In terms of total number of inconvenienced
users, it's no contest. In terms of security, only #1 is responsible.
In terms of hours spent fixing the problem (which is probably the best
metric), #1 is far, *far* less.

> I don't know about your opinion, but I think that option 1 is worst than
> 2.

It should be clear by now: my opinion is that konqueror isn't important
enough to inconvenience nearly every user of a distribution that touts
itself as being very, very easy to use.

> If konqueror doesn't comply with Xembed ( that is used by latest
> flash plugin ), it won't be possible to install flash for konqueror.

I noted the possible solution above. That actually makes a #3 option
that you didn't present: change the package to point to the larger
download of all Flash versions, and install what everyone needs. At
60ish MB for the download, I can see why people aren't fans of it...
the number of modem users / those without limitless fast bandwidth
*isn't* trivial, and this would be prohibitive to them.

> There has been some serious work on this in the last weeks and ubuntu
> people are not sleeping.. Patches for konqueror AND latest flashplugin-
> nonfree are both availaible for Hardy. Because it's relatively new,
> these patches needs testing before they are updated as updates for all
> stable ubuntu releases. I tested latest konqueror in Hardy and didn't
> get expected result yet.
>
> I opened bug #184149 for the konqueror issue. Once it will get fixed, I
> believe that it will be possible for ubuntu developers to think about
> patching konqueror and updating flash on all stable ubuntu release.
>
> Unfortunately, it's not possible to change the download link in the
> 9.0.48.0 package to download the 9.0.48.0 version of flash because this
> flash version is now in a huge archive of 61 Mb which contains all 9
> version of flash for Linux. Also this is not a viable solution since
> 9.0.48.0 version has serious security bugs which needs to be fixed by
> updating to 8.0.115.0

I'm glad to hear that the fixed are aggressively being back-ported, but
this has gone on far too long. All new Ubuntu installations since this
was started have not been able to install Flash as the documentation
says you should. How many has that been? How many man-hours looking up
what's wrong with their Flash distribution? How many do you think would
have been spent if, a week after the problem was found and discussed,
the md5 sum was just updated?

> This is not simple. Flash is working for all people who currently use
> konqueror so lets think at the consequences of each choices :

I think it's time to dispel that notion that that's some kind of sizable 
percentage of Linux users.  I have reasonably-high volume sites to which 
I have stats access.  Last I saw, The Hurd had more hits than Konqueror.

Sure there is.  As was noted in the threads, you can download the 
"install all versions" Flash download (it's like 65MB) and install the 
last version that works.  Yeah, it's harder than what Firefox users do 
now, but it is, indeed, a workaround.

> Actual
> Firefox users won't see any difference and new ubuntu firefox users will
> be able to install flashplugin-nonfree again.

... um, they'll see apt's Flash package working like it should for new 
users?  Current users can also update Flash to the new version, giving 
them the patches to the vulnerabilities fixed in the Flash update.  Your 
option should be amended.  Based on your final solution, you can get one 
of the two outcomes:

-- 1)
Largely inconvenienced Konqueror users who all now have to do manual 
installs of Flash from the huge archive (there are very, very few of 
these users)
No inconvenience to Firefox users (there are tons of these users)
Firefox users are patched against additional security vulnerabilities

-- 2)
Moderately inconvenienced Konqueror users: new installations fail, old 
ones still work.
Moderately inconvenienced Firefox users
Firefox users aren't patched against latest security vulnerabilities

The few Konqueror users can head to the forums to learn how to install 
the version they need so that exponentially more new Firefox users don't 
have to and already-established Firefox users can get patched Flash 
vulnerabilities.  How can you justify #1 as your answer?

> 2.  Don't update flashplugin-nonfree : All Firefox/konqueror users are
> still able to use flash, new Firefox users need support in order to
> install flash, but it's still possible, and new konqueror users can't
> install flash player.

I would argue that there are more Ubuntu-based installations daily that 
will use Flash on a non-konqueror browser than there are Konqueror users 
total who really want Flash.  In terms of total number of inconvenienced 
users, it's no contest.  In terms of security, only #1 is responsible. 
In terms of hours spent fixing the problem (which is probably the best 
metric), #1 is far, *far* less.

> I don't know about your opinion, but I think that option 1 is worst than
> 2.

It should be clear by now: my opinion is that konqueror isn't important 
enough to inconvenience nearly every user of a distribution that touts 
itself as being very, very easy to use.

> If konqueror doesn't comply with Xembed ( that is used by latest
> flash plugin ), it won't be possible to install flash for konqueror.

I noted the possible solution above.  That actually makes a #3 option 
that you didn't present: change the package to point to the larger 
download of all Flash versions, and install what everyone needs.  At 
60ish MB for the download, I can see why people aren't fans of it... 
the number of modem users / those without limitless fast bandwidth 
*isn't* trivial, and this would be prohibitive to them.

> There has been some serious work on this in the last weeks and ubuntu
> people are not sleeping.. Patches for konqueror AND latest flashplugin-
> nonfree are both availaible for Hardy. Because it's relatively new,
> these patches needs testing before they are updated as updates for all
> stable ubuntu releases. I tested latest konqueror in Hardy and didn't
> get expected result yet.
> 
> I opened bug #184149 for the konqueror issue. Once it will get fixed, I
> believe that it will be possible for ubuntu developers to think about
> patching konqueror and updating flash on all stable ubuntu release.
> 
> Unfortunately, it's not possible to change the download link in the
> 9.0.48.0 package to download the 9.0.48.0 version of flash because this
> flash version is now in a huge archive of 61 Mb which contains all 9
> version of flash for Linux. Also this is not a viable solution since
> 9.0.48.0 version has serious security bugs which needs to be fixed by
> updating to 8.0.115.0

I'm glad to hear that the fixed are aggressively being back-ported, but 
this has gone on far too long.  All new Ubuntu installations since this 
was started have not been able to install Flash as the documentation 
says you should.  How many has that been?  How many man-hours looking up 
what's wrong with their Flash distribution?  How many do you think would 
have been spent if, a week after the problem was found and discussed, 
the md5 sum was just updated?

Ubuntuflashplugin-nonfree package

Comment 127 for bug 173890

Ubuntu
flashplugin-nonfree package