Strange behaviour during javaws -about
Dr Andrew John Hughes
ahughes at redhat.com
Fri Feb 18 16:01:46 PST 2011
On 10:11 Fri 18 Feb , Omair Majid wrote:
> On 02/18/2011 09:38 AM, Jiri Vanek wrote:
> > Can you anybody check it?
> > https://bugzilla.redhat.com/show_bug.cgi?id=677334
> >
> > regards J
>
> I wanted to thank you for bringing up issues that first-time users are
> likely to run into. First impressions are important and all your points
> are valid.
>
> Andrew Hughes may know more about this than I do, but I dont think we
> want to backport these changes to IcedTea6's netx - IcedTea6's netx is
> mostly receiving security fixes at this point. Most of the actual work
> is being done in icedtea-web. As such, I believe we should fix things in
> icedtea-web (only).
>
That sounds sensible to me. We want to try and push people (politely)
towards IcedTea-Web :-D 1.10 will ship soon without any NetX & plugin
stuff and we plan to disable them by default in the existing release
branches.
> Also, please be careful when making changes to files hosted on
> icedtea.classpath.org - the changes may break javaws. Please discuss
> things on this mailing list first.
>
> As for updating the things that javaws -about shows, that sounds like a
> great idea.
>
> Personally, I dont think running an online application for showing the
> about dialog is a great idea. A user using a particular version of
> icedtea-web would want to see information about that particular version
> (and not the version that just happens to be on icedtea.classpath.org).
> If anything, I think javaws -about should launch the local version about
> about. (This also takes care of the problem that we ship an about.jar
> that's completely unused!)
>
Yes, the current situation seemed very odd to me when you told me
about it. Apart from the things you already mention, it presumably
means javaws -about fails when there is no Internet connectivity!
> As for security permissions, I agree that we should remove
> all-permissions it if it's not absolutely necessary.
>
> That said, I do think the permissions are required by the about
> application as it currently stands.
> extra/net/sourceforge/jnlp/about/Main.java contains these two lines:
> import net.sourceforge.jnlp.Launcher;
> import net.sourceforge.jnlp.runtime.JNLPRuntime;
> while JNLPRuntime executes these two lines before about.jnlp gets a
> chance to run: Security.setProperty("package.access",
>
> Security.getProperty("package.access")+",net.sourceforge.jnlp");
> So I believe the about application will throw security exceptions on
> start if it does not have full permissions.
>
What is the point of these statements? What do they do as part of the
about box? I would have thought, naively, it was just displaying text
in a dialog box.
> Thanks again for raising these issues; even more for volunteering to fix
> them :)
>
Yes, thanks. Having fresh eyes on something always helps!
> Cheers,
> Omair
Cheers,
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: F5862A37 (https://keys.indymedia.org/)
Fingerprint = EA30 D855 D50F 90CD F54D 0698 0713 C3ED F586 2A37
More information about the distro-pkg-dev
mailing list