Plugin needs to update automatically

Status changed to 'Confirmed' because the bug affects multiple users.

I think the only reason this bug does not have more people is no one knows it is not being updated.

Thank you! I have no idea I have to run updates manually. That is not good...

$ update-pepperflashplugin-nonfree --status
Flash Player version installed on this system : 13.0.0.182
Flash Player version available on upstream site: 14.0.0.177

$ update-pepperflashplugin-nonfree --install --quiet

Wow I thought that I would get automatic update through the Update Manager... I stumbled upon an article on a website that said the plugin didn't update itself and refered to this page. Hopefully this will be fixed soon.

Debian status is inaccurate, it is actually something like "Invalid" / "Wontfix", not "Fix Released".

I do think this is a valid bug. The "proper" solution probably is: Release an updated pepperflashplugin-nonfree package every time Google updates the flash plugin. The package should contain a checksum of the current .so file and download&extract&check&install the library on installation. (This will only work if old chrome download files are available even after a new version is released… otherwise, the package installation will fail as soon as a new chrome version is released. In that case, the checksum verification should be skipped, but still: a new debian package should released every time flash gets updated.)

The Debian wiki says that this is not suitable for Debian because it's apparently difficult to get security updates into stable if they are not 100% security related. So I wonder why there's no special exception for closed-source software in Debian where patching ONLY security issues is simply not possible… It really sounds stupid.

> But that would reopen the debate on how to get the updated Debian package
> in stable in a user friendly way and sufficiently fast. Note that the Debian
> package would pull in a combination of feature updates and security fixes in a
> new upstream release of closed-source software, which is somewhat difficult
> for Debian procedures to install quickly in stable.

So Debian apparently prefers having really dangerous outdated versions of flash installed on their users' systems (because ~~nobody knows about update-pepperflashplugin-nonfree) instead of pushing one isolated closed-source software package (that might do a little more than fixing security issues) into stable.

The debian process is not very well suited for closed-source software. I wonder if Ubuntu would be willing to improve this. It probably depends on the number of Chromium users, most of which probably use pepperflash-plugin-nonfree without knowing about the risk for their system when installing & forgetting about that package.

So … please: Either drop the pepperflash package and recommend upstream chrome for users that need flash, or fix the package.

I had forgotten about this. So my flash was way out of date...

It should be noted that this package is irrelevant in Ubuntu for at least 9 months.

https://www.reddit.com/r/Ubuntu/comments/32levk/adobeflashplugin_package_in_1504_development/

Instaling adobe-flashplugin from Canonical Partners repo will give you both NPAPI and PPAPI at it's latest versions in all currently supported Ubuntu releases. And that starts with 12.04 LTS.

The PPAPI is even newer than in pepperflasplugin-nonfree.

https://launchpad.net/ubuntu/+source/adobe-flashplugin

Unfortunately this package and bug is still relevant for the users of Yandex.Browser.

If it's deprecated, shouldn't it be removed, or changed to show that it is deprecated?

For people unaware of the new package, I did not have `Canonical Partners source` active, it should notice people, or it should uninstall flash.

Leaving people with old (broken vulnerable) flash plugins seems to me a very bad idea. Better no flash then.
http://askubuntu.com/questions/828238/why-is-flash-for-chromium-pepperflashplugin-not-automatically-updated