Date: Mon, 14 Jul 2003 08:30:45 -0400 From: Leonard Rosenthol <leonardr@xxxxxxxxxxxxx> At 7:16 AM -0500 7/14/03, Stephen J Baker wrote: >One issue we should at least think about with JAR is that since it >*is* the JAVA library mechanism, there is perhaps a risk of >allowing virus writers to attach bits of JAVA executable in what >*appears* to be a GIMP image. If you don't open up the JAR file with a Java-based tool - you can't have Java executing. And even if you DO use Java to open up the JAR, nothing "auto-executes" - you'd have to manually kick it off. SO even if someone were to put Java bytecodes into a GIMP image file, it would never get executed... What happens if in the future someone writes a gimp-java interface (like gimp-perl)? Would there be any security issues there? -- Robert Krawitz <rlk@xxxxxxxxxxxx> Tall Clubs International -- http://www.tall.org/ or 1-888-IM-TALL-2 Member of the League for Programming Freedom -- mail lpf@xxxxxxxxxxxx Project lead for Gimp Print -- http://gimp-print.sourceforge.net "Linux doesn't dictate how I work, I dictate how Linux works." --Eric Crampton
