Mailinglist Archive: opensuse (1264 mails)

< Previous Next >
Re: [opensuse] flash plugin compromised
In data domenica 11 giugno 2017 10:10:12 CEST, Andrei Borzenkov ha scritto:
11.06.2017 09:28, stakanov пишет:
In data domenica 11 giugno 2017 08:19:16 CEST, jdd@xxxxxxxxx ha scritto:
Hello,

For some reason I forget, I once installed the flash plugin from:

http://linuxdownload.adobe.com/linux/x86_64/

that seems an official Adobe repository

No, it is not. Official FP download from Adobe would be:

https://get.adobe.com/flashplayer/download/?installer=FP_25.0_for_Linux_64
-bit_(.rpm)_-_NPAPI&stype=6593&standalone=1
This repository provides the same RPM versions as download site.

and then it is http so you do not even know what and from where you
downloaded.

RPMs in repo are signed (and those you get from your URL are not). Do
not ask me why Adobe decided to build them twice; probably to avoid RPM
warnings when you install packages from web download.

So if anything packages from repo are more secure as you can always
verify them stand-alone, without knowing where they come from.

But in any case - they are the same version (currently 25.0.0.171) so
the question is why they were not updated. Probably repo was disabled.

I will never understand why they first tried to brake the working trust system
of repos and wanted to give their version on their very own. Then they
"decided" not to develop a Linux version any more, only "bugfixes". then turned
back on the decision and now are doing again an updated Linux versions.
Anyway, with ffmpeg I converted effortlessly the flv that I had to mp4. Worked
great no problem. For the rest I do not see any need for it anymore (and was
somewhat irritated that the default install does pull them in as it seems. So
I had to blacklist the packages.




--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >