On Fri, 7 Oct 2011, Vladimir Mosgalin wrote:

> On 2011.10.07 at 01:34:38 +0200, Dag Wieers wrote next:
>
>>> Evidently, a number of stock end-user applications, such as
>>> Firefox, Thunderbird, and the like, have security holes as well as
>>> bugs, and thus need regularly kept current.
>>
>> Do you have any proof of security problems ? Was there a security
>> advisory for this release ?
>
> It's not as simple as that.
> There was no supported version of 64-bit flash 10 plugin.
> Information about security problems in betas and RCs of flash plugins
> aren't displayed on that page that you saw - it does, however, appear in
> news from adobe and in adobe blogs; but they don't add them to list of
> problems in final releases.

I am nog arguing about that. But people using 64bit flash plugins did not 
have any security for months either. I personally don't care about 
security for people that don't care about security :)

But that said, now that an official 64bit release is out, we have it too.


> Btw, 64-bit flash 10 plugin was even in more sorry state: there were
> lot of known security problems for it, but adobe stopped developing it
> and latest known (beta) version was said to be very vulnerable.

Again, no arguing against that.

If you look at the mail(s) I was replying too, I was answering to the 
general view that:

  - Not having the latest flash-plugin is a security problem

  - Red Hat is failing to provide a secure flash-plugin

Both statements are false, unless you apply them (only) to already 
insecure situations (eg. 64bit beta). Which is more of a mental excercise 
anyway.

-- 
-- dag wieers, [log in to unmask], http://dag.wieers.com/
-- dagit linux solutions, [log in to unmask], http://dagit.net/

[Any errors in spelling, tact or fact are transmission errors]