Is flash safe to install

[LIsLinuxIsSogood]

What is the reason that flash is masked in the gentoo portage tree...ideally, like all packages in the tree it should be safe to use, correct? Are there any security concerns with it, or is there something that I should be careful about in terms of system stability with that?

[Hu]

Based solely on the history of Adobe security exploits, I would say that no, Flash is not safe to install, never has been, and very likely never will be. Yes, ideally, all in-tree packages should be safe, but certain exceptions apply in practice. In the case of Flash, despite its numerous security flaws over the years, some sites still insist on using it as an exclusive content distribution mechanism. None of the attempts to make a Free compatible replacement have achieved sufficient feature coverage to match Flash in all practical cases. There are sites that offer their content only in Flash format, only Adobe Flash can adequately render that content, and some users need access to that content. Thus, as a practical matter, Flash is in-tree despite being closed-source and having an infamous security background, because if people will use Flash regardless, it may as well be maintained at the distribution level instead of requiring users to manage it themselves.

It should not adversely impact system stability, since it is only a user process, not a kernel module. Due to its security record, I recommend avoiding Flash if at all possible; if that is not possible, run it only on sites you trust not to serve any malware.

[NeddySeagoon]

LIsLinuxIsSogood,

What Hu said ++

Start off without Flash and see what you miss. You can add it later.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

[havana8]

I don't think there are any security concerns with it, at least I haven't heard anybody complain

[Naib]

[Roman_Gruber]

[LIsLinuxIsSogood]

I must agree with Naib and Roman_Gruber here, and since this was a question about a minimal desktop installation I ended up going the route of not installing flash. The thing was I wanted to watch some videos online and what I found instead was a way of using a more basic browser (w3m) for associating certain filetypes with 2nd-ary and 3rd,4th, all the way up 9 different alternatives for opening links from the buffer. Hence, with some other basic tools (namely mpv the standard for playing movies in linux) I was able to bypass the need altogether for it.

The reason flash probably sucks is because it like windows it is so regularly used (e.g. Chrome-pepper) that it could be a major target for hacks. That is why on one installation at least of gentoo, which is my minimal installation environment, I am going to opt for without it instead.

However, Roman_Gruber, I don't know that the idea that Opera or Firefox which are browsers that I will use frequently, even Chrome on occasion (I don't like the API for it which is the only reason I stay away)...these browsers don't seem to always have a working flash installed so I'm a bit confused about the point you were making regarding flash and this list of browsers. Was it that these are a list of compatible browsers? Because if that's what you were saying then I think you might need to add in a host of others, including those built for windows like Int Explorer and all the all other browsers that mimic the layout in general. I am still considering how to apply the results of this discussion to the other gentoo installs I have such as my "go to" working and office environment which is my laptop that is really anything but minimal. Currently I have many browsers on that machine, like Roman_Gruber says I think it helps to ensure that various options or settings can be followed, but keeping track of that stuff can be sort of tough, like finding a needle in a haystack... But so far at least the flash-less browsers on this machine have been working fine, so we agree there at least. And if given a risk at all, which clearly there is at least some risk to it, then I would prefer to work around it at all costs.

[LIsLinuxIsSogood]

[Hu]

[havana8]

[Naib]

[1clue]

I can still remember when Flash came out, it was such a fantastic thing.

Six months later, I was hoping it would someday get stable.

Six months after that, I was hoping it would someday get stable and free of exploits.

Six years after that, (sooner actually, but I started saying six so...) I was hoping it would die out and be replaced by something that could one day be stable and free of exploits. And that websites requiring it would vanish.

That said, almost all that time I've been stuck using it because some aspect of my income insists on having Flash.

[LIsLinuxIsSogood]

Does anyone know what language Flash is? Maybe skipping the idea of developing it and just working around the issues with patch like code for web designers to embed safer or more reliable access to the content. What 1clue says about the existence of it seeming to be good at first, means there's some reliable component to begin with it. Maybe. Or else did it just fill the void of web video content at that time? either way, there is obviously no sense in denying the multitude of issues in designing things for browsers that are themselves very unsafe on the whole, and worse yet none of those are actually doing what they need to do to make browsing the web more secure.

[1clue]