previously on this list Russ Allbery contributed: > > I guess you missed all the exploits in JAVA over the years and > > especially last year where it was banned for long periods from all > > browsers. To the point that the pressure is building on web hosts to > > drop JAVA KVM clients completely. > > Most of the exploits in Java (I have no idea why you write the word in all > caps)
Just from the logo, the one I see on Windows boxes as I don't really see one anywhere else and avoid it wherever possible and which is the correct stance to take for multiple reasons. http://blog.trendmicro.com/trendlabs-security-intelligence/java-native-layer-exploits-going-up/ > are flaws in the sandbox security model. While those are real > vulnerabilities in the context of running untrusted Java applets > downloaded from the network, they're not horribly interesting in the > context of running trusted applications installed through normal signed > apt repositories. > Not horribly interesting isn't saying much and the rediculous number of vulns on osvdb this year alone not to mention the bloatedness and ability to run jars in such a complex beast outside the unix security model by default is more than enough to rule out any default java apps in I'm sure many peoples opinion. Heck CESG guidelines say to get rid of small parsers like perl and shell access. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________ I have no idea why RTFM is used so aggressively on LINUX mailing lists because whilst 'apropos' is traditionally the most powerful command on Unix-like systems it's 'modern' replacement 'apropos' on Linux is a tool to help psychopaths learn to control their anger. (Kevin Chadwick) _______________________________________________________________________ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/676094.53700...@smtp120.mail.ir2.yahoo.com