Web start sandboxing and security

Jiri Vanek jvanek at redhat.com
Wed Dec 4 09:01:47 PST 2013

On 12/04/2013 05:52 PM, Andrew wrote:
> ----- Original Message -----
>> On 12/04/2013 05:12 PM, Andrew wrote:
>>> ----- Original Message -----
>>>> On 12/04/2013 11:37 AM, helpcrypto helpcrypto wrote:
>>>>> Hi
>>>>> I dont know if the same rules apply to Java Applets.
>>>>> In our case we use a crypto applet to sign documents using user
>>>>> certificates.
>>>>> Said so, i think providing user "less options" is sometimes better/easier
>>>>> for them. A "yes/no"
>>>>> dialog is much simpler than a multiple selection option.
>>>> true
>>>>> Anyhow, I understand your concerns, and considering Google is "switching
>>>>> off" Java (Chrome is a big
>>>>> part of browsers market share), i suggest you "moving out" from Java
>>>>> Applets/JNLP. ;)
>>>> jnlp have nothing to do with chrome, and google i behaving nasty in this
>>>> topic - namely misusing its
>>>> position. Now I think about chrome in same way as about IE. And about
>>>> google
>>>> nearly as bad as about
>>>> Microsoft - Forcing theirs technologies no matter of cost.
>>> What are you basing this on?  As I understand it, Google are not 'switching
>>> off'
>>> Java, but simply dropping support for an older plugin API (NPAPI) in favour
>>> of
>>> a newer one with greater security (PPAPI) [0].  Have you considered porting
>>> IcedTea-Web
>>> to this API?
>> And whos child ppapi is?
>> Yes, I was already digging around it. It is not simple task.  And firefox is
>> not going to support
>> ppapi, so it means maintain TWO apis. All together == *bad*
> Maintaining TWO APIs is exactly what Google's motivation is for dropping NPAPI,
> as far as I can tell.  They've developed a newer API with superior features, it's
> had sufficient time out in the wild being tested and now they want to drop the
> older one.
> The real fault is with Mozilla for not adopting the newer API.  It already
> means that Firefox can't make use of newer versions of Flash.

Everybody hopes flash will die as quick as it can, or not?


More information about the distro-pkg-dev mailing list