Re: icedtea-web installed and enabled by default in Fedora 19

On 06/19/2013 01:29 AM, Dhiru Kholia wrote: Some recent news, http://www.theregister.co.uk/2013/06/14/java_june_critical_patch_update/ "The majority are vulnerable through browser plugins, 11 of which are exploitable for complete control of the underlying operating system," said Ross Barrett,

Re: icedtea-web installed and enabled by default in Fedora 19

On Tue, Jun 18, 2013 at 11:29 PM, Dhiru Kholia wrote: > Some recent news, > > http://www.theregister.co.uk/2013/06/14/java_june_critical_patch_update/ > > "The majority are vulnerable through browser plugins, 11 of which are > exploitable for complete control of the underlying operating system," >

Re: icedtea-web installed and enabled by default in Fedora 19

Florian Weimer redhat.com> writes: > > I noticed that icedtea-web (the Java browser plugin implementation for > OpenJDK) is installed and enabled by default (as part of the "GNOME > Desktop" set). This is a bit surprising, considering that the rest of > the world tries to move away from Java

Re: icedtea-web installed and enabled by default in Fedora 19

On Tue, Jun 18, 2013 at 11:18 PM, Rahul Sundaram wrote: > > The plugin used to be problematic before but have you tried it recently? Maybe a year ago or so. > Do file a bug report if there are still issues thanks for the tip. -- Ismael Olea http://olea.org/diario/ -- devel mailing lis

Re: icedtea-web installed and enabled by default in Fedora 19

On 06/18/13 at 01:50pm, Josh Bressers wrote: > > Is java environment the only security flawed software distributed in > > Fedora by default? I don't think so. Please, correct me if I'm > > wrong. Does it mean Fedora should drop about 1/3 of packages > > because they have security bugs? What about

Re: icedtea-web installed and enabled by default in Fedora 19

On 06/18/2013 02:59 PM, Ismael Olea wrote: When I needed a java plugin (particularly for some government websites) I always should got to install the Sun/Oracle one. In those cases icedtea-web has been 100% useless to me :-/ The plugin used to be problematic before but have you tried it re

Re: icedtea-web installed and enabled by default in Fedora 19

On Mon, Jun 17, 2013 at 4:32 PM, Bill Nottingham wrote: > > We cannot really remove installed packages after the release, so I'm > > wondering if we still can fix this prior to release. > > We could, I suppose. What do people think? (It's just one line in comps.) > When I needed a java plugin

Re: icedtea-web installed and enabled by default in Fedora 19

> > Is java environment the only security flawed software distributed in > Fedora by default? I don't think so. Please, correct me if I'm wrong. > Does it mean Fedora should drop about 1/3 of packages because they have > security bugs? What about Linux Kernel? It's also buggy. Should it be not > i

Re: icedtea-web installed and enabled by default in Fedora 19

On Jun 17, 2013 9:03 AM, "Bill Nottingham" wrote: ... > > > > > > > I think given all the trouble this plugin has caused recently, it wouldn't > > be wise to install it for everyone. If you need it, great, install it, but > > if a users doesn't need it, it's really just creating a level of risk we

Re: icedtea-web installed and enabled by default in Fedora 19

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/17/2013 06:31 PM, Matthew Garrett wrote: > On Mon, Jun 17, 2013 at 11:03:26AM -0400, Bill Nottingham wrote: >> The one issue I can see with removing it is that the plugin >> finder you then get in Firefox if you hit a Java site doesn't >> work to

Re: icedtea-web installed and enabled by default in Fedora 19

On 17.06.2013 21:26, Dan Mashal wrote: > On Mon, Jun 17, 2013 at 8:25 AM, Mateusz Marzantowicz > wrote: >> On 17.06.2013 17:18, Heiko Adams wrote: >> >> From my point of view the java-plugin is a big security hole and should be >> kicked from default installations ASAP. >> >> >> >> Then, why not f

Re: icedtea-web installed and enabled by default in Fedora 19

On Mon, Jun 17, 2013 at 11:03:26AM -0400, Bill Nottingham wrote: > The one issue I can see with removing it is that the plugin finder you > then get in Firefox if you hit a Java site doesn't work to actually get you > the Fedora version. Well, if we're looking at this for F20, it's probably worth

Re: icedtea-web installed and enabled by default in Fedora 19

* Rahul Sundaram [2013-06-17 15:42]: > Hi > > > On Mon, Jun 17, 2013 at 3:26 PM, Dan Mashal wrote: > > > > There is no way in hell anyone here is going to fix the security holes > in Java (open or closed). > > The only way to avoid the security holes caused by java is to not use

Re: icedtea-web installed and enabled by default in Fedora 19

Hi On Mon, Jun 17, 2013 at 3:26 PM, Dan Mashal wrote: > > > There is no way in hell anyone here is going to fix the security holes > in Java (open or closed). > > The only way to avoid the security holes caused by java is to not use it. > That is too extreme. It is certainly possible to fix se

Re: icedtea-web installed and enabled by default in Fedora 19

On Mon, Jun 17, 2013 at 8:25 AM, Mateusz Marzantowicz wrote: > On 17.06.2013 17:18, Heiko Adams wrote: > > From my point of view the java-plugin is a big security hole and should be > kicked from default installations ASAP. > > > > Then, why not fix it? > > > Mateusz Marzantowicz There is no way

Re: icedtea-web installed and enabled by default in Fedora 19

On 06/17/2013 10:03 AM, Bill Nottingham wrote: > The one issue I can see with removing it is that the plugin finder you > then get in Firefox if you hit a Java site doesn't work to actually get you > the Fedora version. The one issue I see is that it's darn near impossible to find the package if y

Re: icedtea-web installed and enabled by default in Fedora 19

On Mon, 17 Jun 2013 17:09:57 +0200, Dan Mashal wrote: > if I'm doing anything Android related (or other various things) I must use > sun jdk/jre. Is it filed/tracked/known? Jan -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel

Re: icedtea-web installed and enabled by default in Fedora 19

Because IMHO Java itself is the security problem but it's easier to remove the plugin because there are AFAIK no packages which require it and are relevant to normal desktop users. 2013/6/17 Mateusz Marzantowicz > On 17.06.2013 17:18, Heiko Adam

Re: icedtea-web installed and enabled by default in Fedora 19

On 06/17/2013 05:03 PM, Bill Nottingham wrote: The one issue I can see with removing it is that the plugin finder you then get in Firefox if you hit a Java site doesn't work to actually get you the Fedora version. Hmm. Our Firefox has a pretty clear fingerprint over HTTPS (no user agent brand

Re: icedtea-web installed and enabled by default in Fedora 19

On 17.06.2013 17:18, Heiko Adams wrote: > From my point of view the java-plugin is a big security hole and > should be kicked from default installations ASAP. > > > Then, why not fix it? Mateusz Marzantowicz -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mail

Re: icedtea-web installed and enabled by default in Fedora 19

>From my point of view the java-plugin is a big security hole and should be kicked from default installations ASAP. 2013/6/17 Dan Mashal > > On Jun 17, 2013 8:03 AM, "Bill Nottingham" wrote: > > The one issue I can see with removing it is that the plugin finder you > > then get in Firefox if y

Re: icedtea-web installed and enabled by default in Fedora 19

On Jun 17, 2013 8:03 AM, "Bill Nottingham" wrote: > The one issue I can see with removing it is that the plugin finder you > then get in Firefox if you hit a Java site doesn't work to actually get you > the Fedora version. I would keep it if people really use it. I'm on the opposite side, where i

Re: icedtea-web installed and enabled by default in Fedora 19

Josh Bressers (bress...@redhat.com) said: > - Original Message - > > Florian Weimer (fwei...@redhat.com) said: > > > I noticed that icedtea-web (the Java browser plugin implementation > > > for OpenJDK) is installed and enabled by default (as part of the > > > "GNOME Desktop" set). This i

Re: icedtea-web installed and enabled by default in Fedora 19

- Original Message - > Florian Weimer (fwei...@redhat.com) said: > > I noticed that icedtea-web (the Java browser plugin implementation > > for OpenJDK) is installed and enabled by default (as part of the > > "GNOME Desktop" set). This is a bit surprising, considering that > > the rest of

Re: icedtea-web installed and enabled by default in Fedora 19

Florian Weimer (fwei...@redhat.com) said: > I noticed that icedtea-web (the Java browser plugin implementation > for OpenJDK) is installed and enabled by default (as part of the > "GNOME Desktop" set). This is a bit surprising, considering that > the rest of the world tries to move away from Java

Re: icedtea-web installed and enabled by default in Fedora 19

On 06/16/2013 08:20 PM, Rahul Sundaram wrote: On 06/16/2013 05:49 AM, Florian Weimer wrote: I noticed that icedtea-web (the Java browser plugin implementation for OpenJDK) is installed and enabled by default (as part of the "GNOME Desktop" set). This is a bit surprising, considering that the re

Re: icedtea-web installed and enabled by default in Fedora 19

On 06/16/2013 05:49 AM, Florian Weimer wrote: I noticed that icedtea-web (the Java browser plugin implementation for OpenJDK) is installed and enabled by default (as part of the "GNOME Desktop" set). This is a bit surprising, considering that the rest of the world tries to move away from Java