Fwd: Re: [RFC] PR568: LWJGL Applets fail to work with IcedTea Plugin
Omair Majid
omajid at redhat.com
Wed Apr 13 07:02:30 PDT 2011
On 04/13/2011 08:56 AM, Jiri Vanek wrote:
>
> Sorry for confusion. My environment was bad configured. I'm unable to
> run lwjgl applets/jnlps. I can provide reproducers if wanted.
Reproducers would be great. Are they available publicly? If so, could
you please add links to those to the bug report?
> btw - changes mentioned by deepak :
> http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-March/013058.html
> Are currently in head or not?
As stated in the email, I am waiting for the security redesign to be
done (which is targeted for the IcedTea-Web 2.0 release) before I commit
the patch. From what I have seen of lwjgl applets, they are trusted
applets that load new (possibly untrusted and/or unsigned) CodeSources.
While the patch makes sure that the new CodeSources are added to the
runtime (so lwjgl applets work), I am not sure if it does that in a
completely safe manner. The JNLPClassLoader (and the security system in
general in netx) were not designed with the idea of loading new code,
especially with possible security restrictions, after startup. Given
that adding this patch could expose the users to security risks, I am
electing to not commit the patch.
Cheers,
Omair
More information about the distro-pkg-dev
mailing list