[rfc][icedtea-web] "Always trust content from this publisher" defaulting to checked

[Jiri Vanek]

On 05/20/2014 06:04 PM, Andrew Azores wrote:
> Hi,
>
> I think the "Always Trust" checkbox that appears on the CertWarningPane for fully signed applets should not default to being checked anymore. I assume it is currently checked by default to encourage users to trust fully signed applets so that the dialogs do not continually appear - however, I don't think that's necessarily the right course of action now. Now that we have the ability to assign custom policies to different applets, persistently or per individual run of the applet I think more emphasis should be placed on this ability. Currently, the dialog also disables the Sandbox button (which then disables all ability to run the applet without granting it all permissions) when the checkbox is selected because
> it was decided at the time that it doesn't make sense to say "I always trust this publisher, but I want to run the applet as if I don't really trust the publisher." I think this behaviour should be kept. So the only change being made is to default the checkbox to unchecked, so that the Sandboxing options are presented as available to begin with, increasing their visibility.
>
> This comes down to simply changing one value for the checkbox. Also bundled with this patch are making a utility method static, and removing two unused fields.
>
> ChangeLog:
> * netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java (policyMenu, policyEditor): unused fields removed.
>    (getImageIcon): made static. (addButtons): default alwaysTrust checkbox to not selected.
>
> Thanks,
>


Hmm. The "always trust" is prechecked only when certificate is verified and trusted. Otherwise it is not selected by defaul.

or am I missing something?

J.