----- Original Message -----
> Florian Weimer (fwei...@redhat.com) said:
> > I noticed that icedtea-web (the Java browser plugin implementation
> > for OpenJDK) is installed and enabled by default (as part of the
> > "GNOME Desktop" set).  This is a bit surprising, considering that
> > the rest of the world tries to move away from Java browser plugin
> > technology (and even browser plugin technology in general).
> > 
> > We cannot really remove installed packages after the release, so I'm
> > wondering if we still can fix this prior to release.
> 
> We could, I suppose. What do people think? (It's just one line in comps.)
> 
> Nearly all live images drop it for space reasons.
> 

I think given all the trouble this plugin has caused recently, it wouldn't
be wise to install it for everyone. If you need it, great, install it, but
if a users doesn't need it, it's really just creating a level of risk we
probably don't want.

Fedora currently has a reputation for being pretty secure, I think this
could damage that reputation.

Thanks.

-- 
Josh Bressers / Red Hat Product Security Team
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Reply via email to