Moritz Muehlenhoff wrote:
> On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
> > gcjwebplugin is a Java plugin for web browsers. It does not include the
> > security manager which is a crucial part of the "sandboxing" of Java
> > applets. The maintainers have "fixed" this bug (#2670
On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
> gcjwebplugin is a Java plugin for web browsers. It does not include the
> security manager which is a crucial part of the "sandboxing" of Java
> applets. The maintainers have "fixed" this bug (#267040) merely by
> adding a warning p
Hi,
On Tue, Sep 09, 2008 at 11:11:45PM +0100, Ben Hutchings wrote:
> On Tue, Sep 09, 2008 at 03:12:54PM +0200, Robert Millan wrote:
...
> When a user navigates to a web page, they want to see that page. Any
> prompts on the way tend to be interpreted as "do you want to see this
> web page or not?
On Tue, Sep 09, 2008 at 11:11:45PM +0100, Ben Hutchings wrote:
> > I can't believe you're actually arguing that the solution against blindly
> > trusting a website is blindly trusting a binary blob.
>
> I would rather use a secure free plugin than a secure non-free plugin,
> but apparently that do
On Tue, Sep 09, 2008 at 11:11:45PM +0100, Ben Hutchings wrote:
> It's not arbitrary. As it stands, this package is a security hole
> just waiting to be exploited if it gets released.
I take it "gdebi" (or whatever it's called) is also a security hole then? It
installs untrusted data when the use
I can't believe you're actually arguing that the solution against blindly
trusting a website is blindly trusting a binary blob.
I would rather use a secure free plugin than a secure non-free plugin,
but apparently that doesn't exist. Since the choice is between a secure
non-free plugin and an i
On Tue, Sep 09, 2008 at 03:12:54PM +0200, Robert Millan wrote:
>
> [ whoops, resending again...]
>
> On Mon, Sep 08, 2008 at 11:51:55PM +0100, Ben Hutchings wrote:
> > >
> > > How is this different from the multitude of interfaces in the system in
> > > which data is assumed to be trusted?
> >
[ whoops, resending again...]
On Mon, Sep 08, 2008 at 11:51:55PM +0100, Ben Hutchings wrote:
> >
> > How is this different from the multitude of interfaces in the system in
> > which data is assumed to be trusted?
>
> Data from the network is generally treated as untrusted;
The user is in char
On Mon, Sep 08, 2008 at 11:51:55PM +0100, Ben Hutchings wrote:
> >
> > How is this different from the multitude of interfaces in the system in
> > which data is assumed to be trusted?
>
> Data from the network is generally treated as untrusted;
The user is in charge. Data from the network becom
On Mon, Sep 08, 2008 at 05:02:11PM +0200, Robert Millan wrote:
> On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
> > gcjwebplugin is a Java plugin for web browsers. It does not include the
> > security manager which is a crucial part of the "sandboxing" of Java
> > applets. The mai
[ sorry for the duplicate, my first reply didn't get to -release ]
On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
> gcjwebplugin is a Java plugin for web browsers. It does not include the
> security manager which is a crucial part of the "sandboxing" of Java
> applets. The maint
On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
> gcjwebplugin is a Java plugin for web browsers. It does not include the
> security manager which is a crucial part of the "sandboxing" of Java
> applets. The maintainers have "fixed" this bug (#267040) merely by
> adding a warning p
[Ben Hutchings]
> Please do not include it in lenny. (Unfortunately it is built from
> the classpath source package, so that will have to be modified to
> remove it.)
Are there any free applet plugins available in main now? Perhaps the
gcjwebplugin should be replaced by something from openjdk?
gcjwebplugin is a Java plugin for web browsers. It does not include the
security manager which is a crucial part of the "sandboxing" of Java
applets. The maintainers have "fixed" this bug (#267040) merely by
adding a warning prompt before running applets, which is well known to
be an insufficient
14 matches
Mail list logo
