Fernando Cassia wrote:
On Fri, May 3, 2013 at 6:09 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:
do NOT install it if you are not really use it!
I could be wrong, but I believe the current OpenJDK and Icedtea-web
approach is NOT to run unsigned applets by default, and modern
browsers (ie Mozilla's Firefox) now feature CLICK TO RUN on all
plug-in content.
So, while I know by now -due to your repetition at every opportunity-
that you hate applets, that advice is not needed anymore. There's no
way code could run if you do not click-enable the plugin in the
browser + grant permission on a per-site basis in the plugin's own
dialogs.
What does it matter if he hate applets? His advice is good on this
particular topic, forcing the user to be aware of the security issues
and make good decisions about what to run is a bad thing, too many
people follow the "you have to click this stupid warning before you can
run the neat _steal all my data_ game" approach.
It is good practice not to install any additional features you don't
need, because any coding error could expose your system to problems.
Incompetence is as dangerous as malice, and a lot more common.
Plus, not installing Icedtea-web not only prevents you from running
applets (which would be a plus for some) but also prevents you from
running desktop apps delivered via Java Web Start (.jnlp).
Which is why you don't install things until you need them. Financial
institutions LOVE these little programs running on your computer, glitzy
sites make more money, and the customer doesn't realize it's client side
not server side doing the work.
In the words of RedHat´s Andrew Haley on the OpenJDK list
distro-pkg-dev:
"(Hiding the plug-in) is truly dreadful reasoning. Either we think
that the plugin is safe enough for people to use, or we don't ship
it."
You seem to have the idea that not installing something you don't need
is somehow "hiding" it, rather than good system administration. Has the
difference between "be prepared" and "looking for trouble" eluded you?
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org