----- Original Message ----- > Florian Weimer (fwei...@redhat.com) said: > > I noticed that icedtea-web (the Java browser plugin implementation > > for OpenJDK) is installed and enabled by default (as part of the > > "GNOME Desktop" set). This is a bit surprising, considering that > > the rest of the world tries to move away from Java browser plugin > > technology (and even browser plugin technology in general). > > > > We cannot really remove installed packages after the release, so I'm > > wondering if we still can fix this prior to release. > > We could, I suppose. What do people think? (It's just one line in comps.) > > Nearly all live images drop it for space reasons. >
I think given all the trouble this plugin has caused recently, it wouldn't be wise to install it for everyone. If you need it, great, install it, but if a users doesn't need it, it's really just creating a level of risk we probably don't want. Fedora currently has a reputation for being pretty secure, I think this could damage that reputation. Thanks. -- Josh Bressers / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
