[RFC][PATCH][icedtea-web]: Added support for signed JNLP file- Updated Patch
Deepak Bhole
dbhole at redhat.com
Mon Jul 25 11:04:21 PDT 2011
* Saad Mohammad <smohammad at redhat.com> [2011-07-25 13:49]:
> On 07/25/2011 01:14 PM, Deepak Bhole wrote:
> >I thought we had this discussion on IRC before.. I may be mistaken, but
> >didn't we determine that there should never be a case where caching is
> >not possible? If so, I think aborting here would be the right thing to
> >do..
> >
> >Cheers,
> >Deepak
> Yes, we did have this talk. We talked about using the 'cache'
> attribute within jar element. eg:
> <jar href='myResource.jar' main='true' cache='no' />
>
Ah, so there is an attribute that can disable caching. Okay, in that
case I think it would be more prudent to check if it is set, and ignore
the local file not found error only if caching is disabled.
We should not allow bypass of a security check just because there is an
error in our code somewhere (i.e. when caching is enabled and file did
not get cached).
> Not really sure if the cache attribute really exist, I couldn't find
> any documentation on it. :P
> But anyways, I think Omair is talking about the 'download' attribute. eg:
> <jar href='myResource.jar' main='true' download='lazy' />
>
The download=lazy attribute is a different matter, mitigated by the
download command above it.
Cheers,
Deepak
> If the cache attribute exist, do both behave similarly? It's always cached?
>
> --
> Cheers,
> Saad Mohammad
>
More information about the distro-pkg-dev
mailing list