Web start sandboxing and security

Andrew gnu.andrew at redhat.com
Wed Dec 4 08:12:22 PST 2013

----- Original Message -----
> On 12/04/2013 11:37 AM, helpcrypto helpcrypto wrote:
> > Hi
> >
> > I dont know if the same rules apply to Java Applets.
> > In our case we use a crypto applet to sign documents using user
> > certificates.
> >
> > Said so, i think providing user "less options" is sometimes better/easier
> > for them. A "yes/no"
> > dialog is much simpler than a multiple selection option.
> true
> > Anyhow, I understand your concerns, and considering Google is "switching
> > off" Java (Chrome is a big
> > part of browsers market share), i suggest you "moving out" from Java
> > Applets/JNLP. ;)
> jnlp have nothing to do with chrome, and google i behaving nasty in this
> topic - namely misusing its
> position. Now I think about chrome in same way as about IE. And about google
> nearly as bad as about
> Microsoft - Forcing theirs technologies no matter of cost.
> >

What are you basing this on?  As I understand it, Google are not 'switching off'
Java, but simply dropping support for an older plugin API (NPAPI) in favour of
a newer one with greater security (PPAPI) [0].  Have you considered porting IcedTea-Web
to this API?

I don't see how this is "forcing" their technology on anyone.  It's certainly not
comparable to the Microsoft case, where they were illegally utilising an existing
monopoly to obtain a monopoly in other areas.

[0] https://en.wikipedia.org/wiki/NPAPI#PPAPI
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07

More information about the distro-pkg-dev mailing list