[icedtea-web] "Not All Signed" dialog and low-security setting
Jiri Vanek
jvanek at redhat.com
Sun Nov 10 02:57:43 PST 2013
On 11/07/2013 08:47 PM, Andrew Azores wrote:
> Hi,
>
> Should the "Not All Signed" dialog (SecurityDialogs.showNotAllSignedWarningDialog(JNLPFile)) still appear when extended applet security is set to "low?" This can happen with signed applets with external main-classes, or applets with mixed signing. To me it seems like it should not appear when running one of these applets on low security. Changing this behaviour would also make it possible for me to add a reproducer for the recent signed applet with external main-class fix (PR1513).
>
> Thanks,
One dialogue is definitely enough. If "not all signed" dialogue appear, then no extended applet security dialog should occur (not depending on actual settings)
However vice versa approach looks dangerous. At first user agrees that unsigned app is running (itis in sandbox) and then he *should* be warned then some part of it is signed, and so it is running out of box.
- Here I would stay with two dialogues :(
J.
More information about the distro-pkg-dev
mailing list