>>>>> "Jakub" == Jakub Jelinek <jakub@xxxxxxxxxx> writes: >> Why not adapt the firefox source rpm to build an extra binary ( >> of /usr/lib/firefox-1.0.4/firefox-bin ) package called >> Snowfox - a White list Firefox for intranets. Jakub> That's unnecessary. gcjwebplugin already works as a small Jakub> mozilla/firefox plugin and the Java applet is running in a Jakub> separate process. To make gcjwebplugin really usable, Jakub> AppletSecurityManager class needs to be written (ATM it is just Jakub> a dummy class that allows almost everything), I guess some Java Jakub> auditing needs to be done and SELinux policy written for Jakub> gcjappletviewer. A few things are needed before I would be comfortable advertising libgcj's applet security. I have a to-do list here with the tasks, I'll put it on the gcc wiki or in the gcc bugzilla or something soon. A couple of us are pressing for "make applets work" to be the next big target for gcj development. This means finishing the security tasks and also some AWT improvements. AFAIK this decision isn't settled yet; and we're taking suggestions. (Another related task I want to see is java web start support, so we can run applications off the web. Most of the pieces for this exist once we've got security working.) Defense in depth sounds like a great plan to me, so an SELinux policy should definitely be included. Tom -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
