On Wed, 1 Jun 2016 16:56:20 +0200 Kernc <kernc...@gmail.com> wrote:
> Bart,
>
> Thank you for maintaining this package for so long. Possibly hundreds of
> thousands depend on in to maintain a working Flash player. Thanks!
>
> Given how this bug really pops up a lot [1], and given how its
severity is
> always grave (because it's mostly a huge security issue), have you or
would
> you consider patches that adapted the update script to fetch the tar.gz
> from the upstream site directly? The upstream download site _is_
available
> over HTTPS [2]. Could this be acceptable?
>
> [1]:
>
https://bugs.debian.org/cgi-bin/pkgreport.cgi?dist=unstable;package=flashplugin-nonfree
> [2]:
> https://www.ssllabs.com/ssltest/analyze.html?d=fpdownload.macromedia.com
@Kernc
What are the exact changes to the update script you are proposing?
Mind uploading a diff, so we can review and test it?
Thanks in advance,
Tycho.
