icedtea-web installed and enabled by default in Fedora 19

[Deepak Bhole]

* Rahul Sundaram <metherid at gmail.com> [2013-06-17 15:42]:
> Hi
> 
> 
> On Mon, Jun 17, 2013 at 3:26 PM, Dan Mashal wrote:
> 
> 
> 
>     There is no way in hell anyone here is going to fix the security holes
>     in Java (open or closed).
> 
>     The only way to avoid the security holes caused by java is to not use it.
> 
> 
> That is too extreme.  It is certainly possible to fix security issues in
> IcedTea and OpenJDK.  Otherwise Fedora wouldn't be including it in the
> distribution and building a lot of packages using openJDK.   If we don't
> include IcedTea by default and there are future security issues, it still needs
> to be fixed but the chances of it affecting users are reduced however  we might
> be creating problems for users who are relying on IcedTea-Web to do their
> banking or other critical tasks and IcedTea-Web is not easily installable via
> the Firefox plugin search and it is a entirely un-obvious name for users to
> install using the package manager.   Not a lot of people understand that Java
> applet source was never open sourced by Sun or Oracle and is not part of the
> OpenJDK project.   If we can fix Firefox to install IcedTea on demand, that
> would be great.
>

+1 to fixing Firefox if we must stop it from being installed by
default.

As archaic as applets may be, they are still used in critical
applications such as for banking/trading/etc. and I think it should
always be possible for users to easily find it/install it if it is not
already done by default.

FWIW, Oracle has been taking JVM security very seriously lately -- we do
security releases on OpenJDK in Fedora and over the past few months, we
have seen a significant rise (past avg*3+) in the number of issues fixed
and also a significant rise in code hardening.

Cheers,
Deepak

> Rahul
> 
> 

> -- 
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel