On Wed, Dec 12, 2012 at 12:52 PM, adrelanos wrote: > What is Debian policy on code execution from user websites?
Unfortunately there is none. I've tried to gain consensus that at a minimum things downloaders like this need to stay out of main, but that thought hasn't really gained traction. The real answer is that this package is in contrib and thus not security supported at all. Ultimately, for anyone even modestly security-conscious adobe flash should really be avoided at all costs. Alternatives include lightspark, gnash, and (most preferably) html5. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MOB8g0L-TwBeFmgTAd68wv=djwjkffszhhptrgc9he...@mail.gmail.com
