OpenJRE or Oracle Jre

Bill Davidsen davidsen at tmr.com
Mon May 13 18:34:08 UTC 2013 

Fernando Cassia wrote:
> On Fri, May 3, 2013 at 6:09 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>> do NOT install it if you are not really use it!
>
> I could be wrong, but I believe the current OpenJDK and Icedtea-web
> approach is NOT to run unsigned applets by default, and modern
> browsers (ie Mozilla's Firefox) now feature CLICK TO RUN on all
> plug-in content.
>
> So, while I know by now -due to your repetition at every opportunity-
> that you hate applets, that advice is not needed anymore. There's no
> way code could run if you do not click-enable the plugin in the
> browser + grant permission on a per-site basis in the plugin's own
> dialogs.
>
What does it matter if he hate applets? His advice is good on this 
particular topic, forcing the user to be aware of the security issues 
and make good decisions about what to run is a bad thing, too many 
people follow the "you have to click this stupid warning before you can 
run the neat _steal all my data_ game" approach.

It is good practice not to install any additional features you don't 
need, because any coding error could expose your system to problems. 
Incompetence is as dangerous as malice, and a lot more common.

> Plus, not installing Icedtea-web not only prevents you from running
> applets (which would be a plus for some) but also prevents you from
> running desktop apps delivered via Java Web Start (.jnlp).
>
Which is why you don't install things until you need them. Financial 
institutions LOVE these little programs running on your computer, glitzy 
sites make more money, and the customer doesn't realize it's client side 
not server side doing the work.

> In the words of RedHat´s Andrew Haley on the OpenJDK list
> distro-pkg-dev:
>
> "(Hiding the plug-in) is truly dreadful reasoning. Either we think
> that the plugin is safe enough for people to use, or we don't ship
> it."
>
You seem to have the idea that not installing something you don't need 
is somehow "hiding" it, rather than good system administration. Has the 
difference between "be prepared" and "looking for trouble" eluded you?

-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

More information about the users mailing list