Moritz Muehlenhoff wrote:
On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
gcjwebplugin is a Java plugin for web browsers. It does not include the
security manager which is a crucial part of the sandboxing of Java
applets. The maintainers have fixed this bug (#267040) merely
On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
gcjwebplugin is a Java plugin for web browsers. It does not include the
security manager which is a crucial part of the sandboxing of Java
applets. The maintainers have fixed this bug (#267040) merely by
adding a warning prompt
On Tue, Sep 09, 2008 at 11:11:45PM +0100, Ben Hutchings wrote:
It's not arbitrary. As it stands, this package is a security hole
just waiting to be exploited if it gets released.
I take it gdebi (or whatever it's called) is also a security hole then? It
installs untrusted data when the user
On Tue, Sep 09, 2008 at 11:11:45PM +0100, Ben Hutchings wrote:
I can't believe you're actually arguing that the solution against blindly
trusting a website is blindly trusting a binary blob.
I would rather use a secure free plugin than a secure non-free plugin,
but apparently that doesn't
Hi,
On Tue, Sep 09, 2008 at 11:11:45PM +0100, Ben Hutchings wrote:
On Tue, Sep 09, 2008 at 03:12:54PM +0200, Robert Millan wrote:
...
When a user navigates to a web page, they want to see that page. Any
prompts on the way tend to be interpreted as do you want to see this
web page or not?, to
On Mon, Sep 08, 2008 at 11:51:55PM +0100, Ben Hutchings wrote:
How is this different from the multitude of interfaces in the system in
which data is assumed to be trusted?
Data from the network is generally treated as untrusted;
The user is in charge. Data from the network becomes
On Tue, Sep 09, 2008 at 03:12:54PM +0200, Robert Millan wrote:
[ whoops, resending again...]
On Mon, Sep 08, 2008 at 11:51:55PM +0100, Ben Hutchings wrote:
How is this different from the multitude of interfaces in the system in
which data is assumed to be trusted?
Data from
I can't believe you're actually arguing that the solution against blindly
trusting a website is blindly trusting a binary blob.
I would rather use a secure free plugin than a secure non-free plugin,
but apparently that doesn't exist. Since the choice is between a secure
non-free plugin and an
On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
gcjwebplugin is a Java plugin for web browsers. It does not include the
security manager which is a crucial part of the sandboxing of Java
applets. The maintainers have fixed this bug (#267040) merely by
adding a warning prompt
[ sorry for the duplicate, my first reply didn't get to -release ]
On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
gcjwebplugin is a Java plugin for web browsers. It does not include the
security manager which is a crucial part of the sandboxing of Java
applets. The
On Mon, Sep 08, 2008 at 05:02:11PM +0200, Robert Millan wrote:
On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
gcjwebplugin is a Java plugin for web browsers. It does not include the
security manager which is a crucial part of the sandboxing of Java
applets. The maintainers
[Ben Hutchings]
Please do not include it in lenny. (Unfortunately it is built from
the classpath source package, so that will have to be modified to
remove it.)
Are there any free applet plugins available in main now? Perhaps the
gcjwebplugin should be replaced by something from openjdk?
12 matches
Mail list logo