<p dir="ltr"><br>
On Jun 17, 2013 9:03 AM, "Bill Nottingham" <<a href="mailto:notting@redhat.com">notting@redhat.com</a>> wrote:<br>
...<br>
> > ><br>
> ><br>
> > I think given all the trouble this plugin has caused recently, it wouldn't<br>
> > be wise to install it for everyone. If you need it, great, install it, but<br>
> > if a users doesn't need it, it's really just creating a level of risk we<br>
> > probably don't want.<br>
> ><br>
> > Fedora currently has a reputation for being pretty secure, I think this<br>
> > could damage that reputation.<br>
><br>
> The one issue I can see with removing it is that the plugin finder you<br>
> then get in Firefox if you hit a Java site doesn't work to actually get you<br>
> the Fedora version.<br>
><br>
> Bill<br>
> --<br>
<br>
+1</p>
<p dir="ltr">This is a strong argument for installing it by default. What would be more secure - the distro maintained package or the user maintained tarball or rpm without repo? The users that need help with security the most are the users that will follow the inline instructions by rote, without searching the repositories. </p>
<p dir="ltr">--Pete </p>