On Nov 24, 2012, at 6:03 AM, Landry Breuil <lan...@rhaalovely.net> wrote:
> Hi, > > i'd like to remove www/firefox35 from the ports tree : > - it's been EOL'ed upstream since 18 months, and thus receives no > security updates. I have no idea if there are users of this port still > around. > - it was originally kept in the tree because it was the only version > working with the java plugin from devel/jdk/1.6, but the java plugin > is known for an enormous amount of security vulns those days, and i > think 1.6 doesnt receive security updates regarding this (kurt ?) Correct. The java plugin wasn't released under GPL and Sun/Oracle stopped releasing the updates for the plugin a long time ago. > Firefox blocks it by default, see > http://blog.mozilla.org/addons/2012/04/02/blocking-java/ and > https://addons.mozilla.org/en-US/firefox/blocked/p80. I havent > personally tested that. > - those days we have www/icedtea-web, which apparently works not so > badly, and is maintained. > > So, unless someone steps up with a valid usecase (ie 'my java applet used > by thousands of users work in the old crusty insecure java plugin and not > icedtea-web'), i'd like to remove www/firefox35. > > Opinions ? Yays ? I'm okay with it. Getting rid of the need for the 1.6 plugin lets me consider moving 1.6 to OpenJDK 1.6 (GPL w/ packages). > > Landry > > (of course, www/firefox36, even if EOL'ed upstream too, stays for sparc64.. > sigh.)
