[rfc][icedtea-web] policytool in itweb-settings

Mon Jan 27 06:43:27 PST 2014

On 01/24/2014 08:34 PM, Andrew Azores wrote:
> On 01/21/2014 02:35 PM, Andrew Azores wrote:
>> On 01/21/2014 12:29 PM, Jacob Wisor wrote:
>>> On 01/21/2014 05:52 PM, Andrew Azores wrote:
>>>> (snip)
>>>
>>> I am not talking about technical effects. I am talking about effects on support staff and admins.
>>> They may not be familiar with J2SE's policy system yet when their user's and customers start
>>> calling in for help. You know, it is not uncommon for large organizations that provide in-house
>>> support to have their staff (really, this does sometimes happen indeed!) trained for a specific
>>> set of applications and thus features. They truly rely on specific feature sets and incremental
>>> evolution of software. Of course, this feature will probably not generate as many support calls
>>> as resetting passwords, but lets not make those people's lives miserable by introducing effects
>>> that they assumed not to exist with the current minor version release. So please, just do all of
>>> us a favor and do not backport it. Believe me, I know what I am talking about.
>>>
>>> Jacob
>>
>> Well, I see what you mean. I don't really see it causing problems but "better safe than sorry" I
>> suppose.
>>
>> Jiri, do you have a compelling argument against Jacob's? ;)
>>
>> Thanks,
>>
>
> After much discussion and debate on IRC, I've been convinced to go ahead and create a 1.4 backport
> patch and propose it here. It is attached. Here is the justification for the backport as far as I
> remember:
>
> (1) The underlying feature already exists, this simply makes it more accessible/visible
> (2) The permission system is constructive only, and so it is very difficult to imagine a scenario
> where a user's custom policy file can possibly break an application. This would mean the application
> depends on being denied runtime permissions. Most users are probably never going to bother trying
> this, and if they do, it should be completely harmless
>
> And the arguments against backporting:
>
> (3) Additional load on IT support people in companies that are using IcedTea-Web, as this is a "new
> feature" being introduced within the same minor version number
> -- However, this is thought to be negligible because of (2) above
>
> Personally, I do not care much either way. I don't believe there is any strong reason to not
> backport, and I also don't see much benefit to backport. This is because I consider the custom
> policy editing to be of little use without functionality similar to what is provided by the "Run In
> Sandbox button" patch (ie introducing a way to run signed applets with a restricted permissions set
> rather than granting AllPermission immediately and universally), which certainly will not be
> backported to 1.4.
>
> Thanks,
>

I'm happy for this backport. Please go on. Please dont forget to backport also changes noted in
Re: /hg/icedtea-web: Improve PolicyTool launch method in PolicyPanel thread

You can push now and then push the rest, or wait until those are resolved and push together.

Thanx

J.