On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
> gcjwebplugin is a Java plugin for web browsers. It does not include the
> security manager which is a crucial part of the "sandboxing" of Java
> applets. The maintainers have "fixed" this bug (#267040) merely by
> adding a warning prompt before running applets, which is well known to
> be an insufficient means of protecting users from malware. Please do
> not include it in lenny. (Unfortunately it is built from the classpath
> source package, so that will have to be modified to remove it.)
I had discussed this with Michael Koch some time ago; the version
in Lenny implements a security manager, but it's not yet clear whether
it's fully appropriate. We didn't reach a final conclusion, but I guess
the warning is sufficient for Lenny.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
