icedtea-web installed and enabled by default in Fedora 19
Josh Bressers
bressers at redhat.com
Mon Jun 17 14:56:28 UTC 2013
----- Original Message -----
> Florian Weimer (fweimer at redhat.com) said:
> > I noticed that icedtea-web (the Java browser plugin implementation
> > for OpenJDK) is installed and enabled by default (as part of the
> > "GNOME Desktop" set). This is a bit surprising, considering that
> > the rest of the world tries to move away from Java browser plugin
> > technology (and even browser plugin technology in general).
> >
> > We cannot really remove installed packages after the release, so I'm
> > wondering if we still can fix this prior to release.
>
> We could, I suppose. What do people think? (It's just one line in comps.)
>
> Nearly all live images drop it for space reasons.
>
I think given all the trouble this plugin has caused recently, it wouldn't
be wise to install it for everyone. If you need it, great, install it, but
if a users doesn't need it, it's really just creating a level of risk we
probably don't want.
Fedora currently has a reputation for being pretty secure, I think this
could damage that reputation.
Thanks.
--
Josh Bressers / Red Hat Product Security Team
More information about the devel
mailing list