Re: icedtea-web installed and enabled by default in Fedora 19

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 
> Is java environment the only security flawed software distributed in
> Fedora by default? I don't think so. Please, correct me if I'm wrong.
> Does it mean Fedora should drop about 1/3 of packages because they have
> security bugs? What about Linux Kernel? It's also buggy. Should it be not
> included in Fedora?
> 

This is probably the wrong way to think of it. We're not telling anyone
they shouldn't be using the web plugin, we're saying it carries with it a
certain amount of risk. Should we subject all users, even the ones who
don't use this plugin, to that risk?

We've made similar decisions in the past. Why do we turn on the firewall,
or make Sendmail only listen on localhost? Sometimes it makes sense to make
a decision that lowers potential risk for most users while being a slight
inconvenience for other users. I think this plugin falls into that
category.

Thanks.

-- 
Josh Bressers / Red Hat Product Security Team
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux