[RFC][icedtea-web] Update security dialogs to be more descriptive
Deepak Bhole
dbhole at redhat.com
Thu Jul 19 13:40:38 PDT 2012
* Danesh Dadachanji <ddadacha at redhat.com> [2012-07-18 16:14]:
> On 18/07/12 04:10 PM, Danesh Dadachanji wrote:
> >Hello,
> >
> >The following patch fixes RH838417 and RH838559. [1][2]
> >
> >It adds the following message along with the description to dialogs that are shown when a jar cert is unverified or has signing errors:
> >"The code executed will be given full permissions, ignoring any java policies you may have."
> >
> >I've also added the warning.png icon to HTTPS cert dialogs.
> >
> >You can test the patch using this[3] website or see my attached image. =)
> >
> >ChangeLog:
> >+2012-07-18 Danesh Dadachanji <ddadacha at redhat.com>
> >+
> >+ Update message to security dialog, explicitly telling users they will be
> >+ executing code that has AllPermissions and ignores policy files.
> >+ * NEWS: Added entries for RH838417 and RH838559.
> >+ * netx/net/sourceforge/jnlp/resources/Messages.properties:
> >+ Added SWarnFullPermissionsIgnorePolicy and updated SHttpsUnverified.
> >+ * netx/net/sourceforge/jnlp/security/CertWarningPane.java: Display
> >+ SWarnFullPermissionsIgnorePolicy if the cert is from a jar and is either
> >+ unverified or has a signing error. Also added warning.png to HTTPS dialogs.
> >+
> >
> >[1] https://bugzilla.redhat.com/show_bug.cgi?id=838417
> >[2] https://bugzilla.redhat.com/show_bug.cgi?id=838559
> >[3] https://www.portalbank.no/1100/
>
> Woops, forgot to mention, I'd like to push this to 1.2, 1.3 on top of HEAD if others think it's okay.
>
Assuming you have tested this, OK for 1.2, 1.3 and HEAD.
However please add bug #/summary to changelog before pushing.
Thanks,
Deepak
More information about the distro-pkg-dev
mailing list