Hi, I discovered that the "jdk" of icedtea includes "demos", "samples" and even a "src.zip" file. These are as big as 50 MB, where the src.zip contributes by 43 MB. Thee 50MB are ca. 12% of the whole jdk.
IMHO, all of these should not be there since they are rarely needed. Also it is common security best-practice to *not* include any demo code on production systems - which should at least followed by such large packages. The reasoning is that demos and examples are often prone to errors and offering attack points. Shall I move these to "doc" or to a new output (e.g. "examples"). We should use the same scheme later for all packages where the examples will get a package by their own. -- Schönen Gruß (Please mind Hartmut Goebel Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer Information Security Management, Security Governance, Secure Software Development Goebel Consult, Landshut http://www.goebel-consult.de Blog: http://www.goebel-consult.de/blog/bewertung-pgp-verschlusselung-bei-web.de-und-gmx Kolumne: http://www.cissp-gefluester.de/2011-09-kommerz-uber-recht-fdp-die-gefaellt-mir-partei
smime.p7s
Description: S/MIME Cryptographic Signature
