[aur-general] deleted package?

Hervé Cauwelier herve at oursours.net
Mon Sep 6 11:51:02 EDT 2010


On 09/06/10 17:15, Ng Oon-Ee wrote:
> On Mon, 2010-09-06 at 16:07 +0200, Heiko Baums wrote:
>> Am Mon, 06 Sep 2010 10:03:28 +0200
>> schrieb Hervé Cauwelier<herve at oursours.net>:
>>
>>> Thanks, I'll install flashplugin-native64.
>>
>> I'd suggest first reading the package description:
>> "... [WARNING!!! known security vulnerabilities]"
>>
>> flashplugin-native64 is an old and outdated version which has several
>> security issues as also discussed on the Arch mailing lists.
>>
>> You'd better install flashplugin from [multilib] if you really need
>> flash.
>>
>> Btw., I'm not sure if it is not better to remove the package
>> flashplugin-native64 from AUR due to these vulnerabilities.
>>
>> Heiko
>
> I think Arch users should be well-informed enough to make the decision
> for themselves. Its not like flashblock and the like are rocket-science,
> after all, and some people do have issues with nspluginwrapper (that was
> one of the reasons I was so happy when Adobe first came out with 64-bit
> flashplugin).
>

I tried nspluginwrapper, I even accepted to install like 50 lib32-* 
packages but it's unstable and slows down Flash even more.

I don't want Flash but I need it for video sites and those f-ing sites 
that are pure Flash.

I accept the risk of using a flawed package and I use Flashblock to 
choose when to suffer from this bloatware (even Youtube is blocked by 
default).

If you delete the package, I'll just use a package unknown to yaourt so 
it won't change anything. Just losing potential fixes to the PKGBUILD.

Would adding an install file stating that this package has known 
vulnerabilities and people should consider trying flashplugin from the 
multilib repo be a good compromise?

-- 
Hervé Cauwelier


More information about the aur-general mailing list