Hi Johannes, On Tue, 14 Jul 2015 11:04:54 +0200 (CEST), Johannes Meixner wrote:
On Jul 13 16:51 David Disseldorp wrote (excerpt):
Considering the seemingly endless stream of CVEs[1], as well as the recent uptake of HTML5 video, I propose that flash-player be removed from the default package install list in future openSUSE releases.
What is your ultimate goal?
Improved security.
If it is security, I think it does not really matter whether or not an insecure package is installed by default. I.e. when an insecure package is not installed by default but when it is provided by openSUSE to be installable, then maintenance updates for security issues are needed.
I agree that updates are required regardless of whether it's installed by default or not. Still, I think the openSUSE userbase as a whole is at less risk if it isn't installed by default, and that the added inconvenience is IMO an acceptable price to pay.
If security in future openSUSE releases should be improved the insecure package would have to be completely dropped from future openSUSE releases (as far as I know).
As broken as it is, I don't think dropping flash completely will be an option for some time yet. Cheers, David -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org