<div dir="ltr">I prefer OpenJDK<div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, May 14, 2013 at 8:44 AM, Reindl Harald <span dir="ltr"><<a href="mailto:h.reindl@thelounge.net" target="_blank">h.reindl@thelounge.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
Am 13.05.2013 20:34, schrieb Bill Davidsen:<br>
<div class="im">> Fernando Cassia wrote:<br>
>> On Fri, May 3, 2013 at 6:09 PM, Reindl Harald <<a href="mailto:h.reindl@thelounge.net">h.reindl@thelounge.net</a>> wrote:<br>
>>> do NOT install it if you are not really use it!<br>
>><br>
>> I could be wrong, but I believe the current OpenJDK and Icedtea-web<br>
>> approach is NOT to run unsigned applets by default, and modern<br>
>> browsers (ie Mozilla's Firefox) now feature CLICK TO RUN on all<br>
>> plug-in content.<br>
>><br>
>> So, while I know by now -due to your repetition at every opportunity-<br>
>> that you hate applets, that advice is not needed anymore. There's no<br>
>> way code could run if you do not click-enable the plugin in the<br>
>> browser + grant permission on a per-site basis in the plugin's own<br>
>> dialogs.<br>
>><br>
> What does it matter if he hate applets? His advice is good on this particular topic, forcing the user to be aware<br>
> of the security issues and make good decisions about what to run is a bad thing, too many people follow the "you<br>
> have to click this stupid warning before you can run the neat _steal all my data_ game" approach<br>
<br>
</div>and the "There's no way code could run" attitude is naive<br>
there maybe in the future *a exploit* for the plugin itself<br>
leading to execute code *before* you have anything to click<br>
<br>
in case of security there is only one thumb rule:<br>
<br>
do not install and/or enable *anything* you do not *really*<br>
need and use, what is not there can not be affected by a<br>
security hole<br>
<br>
<br>--<br>
users mailing list<br>
<a href="mailto:users@lists.fedoraproject.org">users@lists.fedoraproject.org</a><br>
To unsubscribe or change subscription options:<br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/users</a><br>
Guidelines: <a href="http://fedoraproject.org/wiki/Mailing_list_guidelines" target="_blank">http://fedoraproject.org/wiki/Mailing_list_guidelines</a><br>
Have a question? Ask away: <a href="http://ask.fedoraproject.org" target="_blank">http://ask.fedoraproject.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Regards,<br>Michael Leung<br><a href="http://www.itblogs.info" target="_blank">http://www.itblogs.info</a> - My IT Blog<div><a href="http://diary.skynovel.info" target="_blank">http://diary.skynovel.info</a> - My Blog<br>
<a href="http://www.michaelleung.info" target="_blank">http://www.michaelleung.info</a> - My Homepage</div>
</div>