Web start sandboxing and security
Jiri Vanek
jvanek at redhat.com
Wed Dec 4 09:01:47 PST 2013
On 12/04/2013 05:52 PM, Andrew wrote:
>
>
> ----- Original Message -----
>> On 12/04/2013 05:12 PM, Andrew wrote:
>>> ----- Original Message -----
>>>> On 12/04/2013 11:37 AM, helpcrypto helpcrypto wrote:
>>>>> Hi
>>>>>
>>>>> I dont know if the same rules apply to Java Applets.
>>>>> In our case we use a crypto applet to sign documents using user
>>>>> certificates.
>>>>>
>>>>> Said so, i think providing user "less options" is sometimes better/easier
>>>>> for them. A "yes/no"
>>>>> dialog is much simpler than a multiple selection option.
>>>>
>>>> true
>>>>
>>>>> Anyhow, I understand your concerns, and considering Google is "switching
>>>>> off" Java (Chrome is a big
>>>>> part of browsers market share), i suggest you "moving out" from Java
>>>>> Applets/JNLP. ;)
>>>>
>>>> jnlp have nothing to do with chrome, and google i behaving nasty in this
>>>> topic - namely misusing its
>>>> position. Now I think about chrome in same way as about IE. And about
>>>> google
>>>> nearly as bad as about
>>>> Microsoft - Forcing theirs technologies no matter of cost.
>>>>>
>>>
>>> What are you basing this on? As I understand it, Google are not 'switching
>>> off'
>>> Java, but simply dropping support for an older plugin API (NPAPI) in favour
>>> of
>>> a newer one with greater security (PPAPI) [0]. Have you considered porting
>>> IcedTea-Web
>>> to this API?
>>
>>
>> And whos child ppapi is?
>>
>> Yes, I was already digging around it. It is not simple task. And firefox is
>> not going to support
>> ppapi, so it means maintain TWO apis. All together == *bad*
>>
>
> Maintaining TWO APIs is exactly what Google's motivation is for dropping NPAPI,
> as far as I can tell. They've developed a newer API with superior features, it's
> had sufficient time out in the wild being tested and now they want to drop the
> older one.
>
> The real fault is with Mozilla for not adopting the newer API. It already
> means that Firefox can't make use of newer versions of Flash.
>
Everybody hopes flash will die as quick as it can, or not?
J.
More information about the distro-pkg-dev
mailing list