unsigned packages on F18

Craig White craigwhite at azapple.com
Thu Jan 31 23:11:03 UTC 2013 

On Thu, 2013-01-31 at 15:04 -0800, Dave Stevens wrote:
> Quoting Craig White <craigwhite at azapple.com>:
> 
> > On Thu, 2013-01-31 at 13:02 -0800, Dave Stevens wrote:
> >> Quoting Reindl Harald <h.reindl at thelounge.net>:
> >>
> >> >
> >> >
> >> > Am 31.01.2013 20:53, schrieb Jan Litwiński:
> >> >> Dnia 2013-01-31, o godz. 10:25:00
> >> >> Dave Stevens <geek at uniserve.com> napisał(a):
> >> >>
> >> >>> I tried to install Java in Firefox and after the download I get an
> >> >>> error saying the package is unsigned and installation halts. Have
> >> >>> got the same response with another widely used package. Using the
> >> >>> x86_64 live spin. What to do?
> >> >>>
> >> >>> Dave
> >> >>>
> >> >> try yum localinstall javapackage
> >> >
> >> > not a smart idea - usually ANY fedora package is signed
> >> >
> >> > missing signatures should be a WARNING SINGAL and not
> >> > ignored like trained monkeys confirm any SSL warning
> >> > in a webbrowser
> >> >
> >> >
> >>
> >> it isn't a fedora package. I wanted to used a js app in firefox and it
> >> needed the plugin and went looking for one. the download came from
> >> Oracle. I have some criticisms of Oracle as a firm but I suppose they
> >> can be trusted to that extent. Anyway I'll try that suggestion when I
> >> get back to that computer.
> > ----
> > just an fyi...
> >
> > There are many who suggest that even the very latest java update doesn't
> > fix the security issues with the browser plug-in and pretty much
> > everyone and his brother recommend disabling the plug-in right now
> > (Apple did it for you with their last OSX update). It's become a real
> > security nightmare. Don't say you weren't warned and this security issue
> > is even more serious than not having a signed package.
> >
> > Craig
> 
> yes, thanks, I've been following the news. I've got a facility I use  
> in virtualmin that needs java, what would I do for a replacement?
----
the file manager? That's pretty long in the tooth anyway.

I'm not suggesting anything other than the obvious... if the plugin is
installed and active, it may be enough to lose control of your system
and the advice is clear... disable.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the users mailing list