icedtea-web installed and enabled by default in Fedora 19

Dhiru Kholia dhiru.kholia at
Wed Jun 19 05:29:17 UTC 2013

On 06/18/13 at 01:50pm, Josh Bressers wrote:
> > Is java environment the only security flawed software distributed in
> > Fedora by default? I don't think so. Please, correct me if I'm
> > wrong.  Does it mean Fedora should drop about 1/3 of packages
> > because they have security bugs? What about Linux Kernel? It's also
> > buggy. Should it be not included in Fedora?
> This is probably the wrong way to think of it. We're not telling anyone
> they shouldn't be using the web plugin, we're saying it carries with it a
> certain amount of risk. Should we subject all users, even the ones who
> don't use this plugin, to that risk?

Some recent news,

"The majority are vulnerable through browser plugins, 11 of which are
exploitable for complete control of the underlying operating system,"
said Ross Barrett, senior manager of security engineering at Rapid7.


This is not the first time that so many (40!) security bugs have been
found and fixed in Java.

I don't think that any Fedora package has a worse security record than
Java stuff in recent times.


More information about the devel mailing list