[rfc][icedtea-web] "Always trust content from this publisher" defaulting to checked

Andrew Azores aazores at redhat.com
Tue May 20 17:31:11 UTC 2014 

On 05/20/2014 12:28 PM, Jiri Vanek wrote:
> On 05/20/2014 06:04 PM, Andrew Azores wrote:
>> Hi,
>>
>> I think the "Always Trust" checkbox that appears on the 
>> CertWarningPane for fully signed applets should not default to being 
>> checked anymore. I assume it is currently checked by default to 
>> encourage users to trust fully signed applets so that the dialogs do 
>> not continually appear - however, I don't think that's necessarily 
>> the right course of action now. Now that we have the ability to 
>> assign custom policies to different applets, persistently or per 
>> individual run of the applet I think more emphasis should be placed 
>> on this ability. Currently, the dialog also disables the Sandbox 
>> button (which then disables all ability to run the applet without 
>> granting it all permissions) when the checkbox is selected because
>> it was decided at the time that it doesn't make sense to say "I 
>> always trust this publisher, but I want to run the applet as if I 
>> don't really trust the publisher." I think this behaviour should be 
>> kept. So the only change being made is to default the checkbox to 
>> unchecked, so that the Sandboxing options are presented as available 
>> to begin with, increasing their visibility.
>>
>> This comes down to simply changing one value for the checkbox. Also 
>> bundled with this patch are making a utility method static, and 
>> removing two unused fields.
>>
>> ChangeLog:
>> * netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java 
>> (policyMenu, policyEditor): unused fields removed.
>>    (getImageIcon): made static. (addButtons): default alwaysTrust 
>> checkbox to not selected.
>>
>> Thanks,
>>
>
>
> Hmm. The "always trust" is prechecked only when certificate is 
> verified and trusted. Otherwise it is not selected by defaul.
>
> or am I missing something?
>
> J.

Yes, that's what I'm talking about. I think it makes sense for it by 
default to never be selected.

Thanks,

-- 
Andrew A

More information about the distro-pkg-dev mailing list