icedtea-web installed and enabled by default in Fedora 19

Deepak Bhole dbhole at
Mon Jun 17 19:56:59 UTC 2013

* Rahul Sundaram <metherid at> [2013-06-17 15:42]:
> Hi
> On Mon, Jun 17, 2013 at 3:26 PM, Dan Mashal wrote:
>     There is no way in hell anyone here is going to fix the security holes
>     in Java (open or closed).
>     The only way to avoid the security holes caused by java is to not use it.
> That is too extreme.  It is certainly possible to fix security issues in
> IcedTea and OpenJDK.  Otherwise Fedora wouldn't be including it in the
> distribution and building a lot of packages using openJDK.   If we don't
> include IcedTea by default and there are future security issues, it still needs
> to be fixed but the chances of it affecting users are reduced however  we might
> be creating problems for users who are relying on IcedTea-Web to do their
> banking or other critical tasks and IcedTea-Web is not easily installable via
> the Firefox plugin search and it is a entirely un-obvious name for users to
> install using the package manager.   Not a lot of people understand that Java
> applet source was never open sourced by Sun or Oracle and is not part of the
> OpenJDK project.   If we can fix Firefox to install IcedTea on demand, that
> would be great.

+1 to fixing Firefox if we must stop it from being installed by

As archaic as applets may be, they are still used in critical
applications such as for banking/trading/etc. and I think it should
always be possible for users to easily find it/install it if it is not
already done by default.

FWIW, Oracle has been taking JVM security very seriously lately -- we do
security releases on OpenJDK in Fedora and over the past few months, we
have seen a significant rise (past avg*3+) in the number of issues fixed
and also a significant rise in code hardening.


> Rahul

> -- 
> devel mailing list
> devel at

More information about the devel mailing list