I agree. Let's find a better / more secure way of installing the Oracle JDK - that would fix all the problems we are seeing.
Anyone willing to port InstallJDK.fromURL() from jclouds 1.4.0? Any other ideas? On Tue, Feb 21, 2012 at 3:10 PM, Karel Vervaeke <[email protected]>wrote: > I'm not a big fan of the install_oab_java.sh thing to be honest > 30 Sorry that I didn't express this earlier, I couldn't put my finger on > it. > 30 It's a security liability: It requires pulling from two github > repos who are only controlled by the individuals who own the > repository. > If they decide to slip in maliscious stuff, everybody installing java > via those scripts is going to be affected. > It would be (slightly) better if we forked the repository (e.g. under > the apache github account, but I doubt the infrastructure for that is > up). > And possibly even better if the actual commands were embedded in whirr > (rather than fetched from external sources at runtime) > Even if the owners don't have malicious intentions, chances are > they'll update their scripts, possibly breaking whirr in the proces > (without even knowing they are breaking anything) > > WDYT? > > Regards, > Karel > -- > Karel Vervaeke > http://outerthought.org/ > Open Source Content Applications > Makers of Kauri, Daisy CMS and Lily >
