[rfc][icedtea-web] policytool in itweb-settings

Andrew Azores aazores at redhat.com
Tue Jan 21 08:52:20 PST 2014

On 01/21/2014 11:29 AM, Jacob Wisor wrote:
> On 01/21/2014 16:09, Andrew Azores wrote:
>> On 01/20/2014 06:19 PM, Jacob Wisor wrote:
>>> On 01/20/2014 01:27 PM, Jiri Vanek wrote:
>>>> On 01/17/2014 10:08 PM, Andrew Azores wrote:
>>>>> On 01/17/2014 11:52 AM, Jiri Vanek wrote:
>>>>>>  [...]
>>>>>> Not sure if we will backport this, but probably yes.. Depends on 
>>>>>> final
>>>>>> compelxiity.
>>>>> [...]
>>>>>> ok. Ok to head, and please elaborate on backport to 1.4 it is 
>>>>>> worthy.
>>>>>> Also please fix the closing of window asap (as new chngeset)
>>>>> 1.4 doesn't have DirectoryValidator... what should we do here 
>>>>> then? Also
>>>>> backport
>>>>> DirectoryValidator? Or just let the 1.4 backport have less of a 
>>>>> guarantee that
>>>>> the policy tool will
>>>>> be able to successfully launch, and try to provide useful errors 
>>>>> if not?
>>>> Dependes on you. I'm for *not* backporting the directory validator, 
>>>> and live
>>>> with "maybe not readable file". But also I would just ensure the 
>>>> parent dir
>>>> creation.
>>> :-o Nooooo, please do not backport this! It is actually a new 
>>> feature, so it
>>> should rather go into the next minor version release.
>>> Jacob
>> I'd agree with you if there was actually any work done to support custom
>> policies in the classloader or security manager or anything like that,
> Right, there is none, so introducing that kind of or similar support 
> is a topic of its own. From the user's (and design) perspective , it 
> does not matter whether this additional "security feature" is 
> implemented internally in the one way or the other. The effect is 
> important.

My point is that the support is already there. The security feature 
currently exists. The implementation is complete. There is no topic 
needed for the introduction of support, because that has already passed.

>> but this
>> is really just a minor cosmetic addition to the control panel. I 
>> think that's
>> acceptable to backport (assuming no work to add support is required).
> It is beyond cosmetics. The gravity of added functionality in software 
> engineering is not measured by the amount of buttons or what ever UI 
> controls newly introduced to an existing UI. It is rather measured in 
> the amount of *functionality* and the *consequences* there of, hence 
> the effects.
> Jacob

This patch introduces no new functionality. PolicyTool already exists, 
as does the implementation making use of policies on the system. The 
only thing this patch does is add a button giving users an easy way to 
launch PolicyTool with the correct file path presupplied. Exactly which 
consequences are you talking about, here? I really do not see what 
negative impact there will be from adding one button to the control 
panel - a button that does absolutely nothing new other than provide a 


Andrew A

More information about the distro-pkg-dev mailing list