Comment 14 for bug 175255

I don't have any experience with writing system software, so if this suggestion is really bad for some reason, I apologize in advance. I also apologize for not providing a patch to implement my suggestion, I wouldn't know how to code it.

The problem seems to be that the installer script (flashplugin-nonfree) assumes that the available version of the external package (Adobe flash) is always the same, and therefore the expected value of the md5sum is hardcoded. However, the external package does change, because Adobe changes it, and the hardcoded md5sum becomes unsynchronized with the only easily available version of the package.

There seem to be two basic ways to fix the problem:

i) Convince Adobe to make older versions of the package available at fixed locations, and modify flashplugin-nonfree so that it downloads always a fixed version (possibly not the latest one).

ii) Modify flashplugin-nonfree so that it can (almost) always successfully install the latest version of the package.

As it was mentioned before, option (ii) is not optimal because newer versions of Flash may break other packages, so (i) would be better, but we don't have that yet.

As a stop-gap measure, I propose the following way to make (ii) work: instead of hard-coding the "correct" value of the md5sum in flushplugin-nonfree, store it in a webpage and have flashplugin-nonfree read it from there.

In this way we would have the benefits of checking the md5sum to make sure the file being downloaded from an external source is the correct one, but also the md5sum could be easily kept updated by the flashplugin-nonfree package maintainer without needing to go through the complicated process of generating an updated version of the
package, and getting it in the repositories.