Moritz Muehlenhoff wrote:
> On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
> > gcjwebplugin is a Java plugin for web browsers. It does not include the
> > security manager which is a crucial part of the "sandboxing" of Java
> > applets. The maintainers have "fixed" this bug (#267040) merely by
> > adding a warning prompt before running applets, which is well known to
> > be an insufficient means of protecting users from malware. Please do
> > not include it in lenny. (Unfortunately it is built from the classpath
> > source package, so that will have to be modified to remove it.)
>
> I had discussed this with Michael Koch some time ago; the version
> in Lenny implements a security manager, but it's not yet clear whether
> it's fully appropriate. We didn't reach a final conclusion, but I guess
> the warning is sufficient for Lenny.
I haven't heard back from Michael and I believe we should err on the
safe side and not lure users into a false sense of security.
Since we now have icedtea-gcjwebplugin in Lenny, we have a web plugin
based on OpenJDK and should drop the gcjwebplugin binary package from
Lenny.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
