icedtea-web installed and enabled by default in Fedora 19

Josh Bressers bressers at
Mon Jun 17 14:56:28 UTC 2013

----- Original Message -----
> Florian Weimer (fweimer at said:
> > I noticed that icedtea-web (the Java browser plugin implementation
> > for OpenJDK) is installed and enabled by default (as part of the
> > "GNOME Desktop" set).  This is a bit surprising, considering that
> > the rest of the world tries to move away from Java browser plugin
> > technology (and even browser plugin technology in general).
> > 
> > We cannot really remove installed packages after the release, so I'm
> > wondering if we still can fix this prior to release.
> We could, I suppose. What do people think? (It's just one line in comps.)
> Nearly all live images drop it for space reasons.

I think given all the trouble this plugin has caused recently, it wouldn't
be wise to install it for everyone. If you need it, great, install it, but
if a users doesn't need it, it's really just creating a level of risk we
probably don't want.

Fedora currently has a reputation for being pretty secure, I think this
could damage that reputation.


Josh Bressers / Red Hat Product Security Team

More information about the devel mailing list