[rfc][icedtea-web] "Always trust content from this publisher" defaulting to checked
helpcrypto helpcrypto
helpcrypto at gmail.com
Tue May 20 18:18:29 UTC 2014
Really I don't care too much, but considering the certificate is already
trusted, disabling the default-enabled checkbox causes users to have to
click for each use (or clicking the checkbox).
For our company, the less users have to think/do, the better.
My two cents: leave it checked.
My two cents (2): I really don't care :P
On Tue, May 20, 2014 at 8:12 PM, Jiri Vanek <jvanek at redhat.com> wrote:
> On 05/20/2014 07:31 PM, Andrew Azores wrote:
>
>> On 05/20/2014 12:28 PM, Jiri Vanek wrote:
>>
>>> On 05/20/2014 06:04 PM, Andrew Azores wrote:
>>>
>>>> Hi,
>>>>
>>>> I think the "Always Trust" checkbox that appears on the CertWarningPane
>>>> for fully signed applets should not default to being checked anymore. I
>>>> assume it is currently checked by default to encourage users to trust fully
>>>> signed applets so that the dialogs do not continually appear - however, I
>>>> don't think that's necessarily the right course of action now. Now that we
>>>> have the ability to assign custom policies to different applets,
>>>> persistently or per individual run of the applet I think more emphasis
>>>> should be placed on this ability. Currently, the dialog also disables the
>>>> Sandbox button (which then disables all ability to run the applet without
>>>> granting it all permissions) when the checkbox is selected because
>>>> it was decided at the time that it doesn't make sense to say "I always
>>>> trust this publisher, but I want to run the applet as if I don't really
>>>> trust the publisher." I think this behaviour should be kept. So the only
>>>> change being made is to default the checkbox to unchecked, so that the
>>>> Sandboxing options are presented as available to begin with, increasing
>>>> their visibility.
>>>>
>>>> This comes down to simply changing one value for the checkbox. Also
>>>> bundled with this patch are making a utility method static, and removing
>>>> two unused fields.
>>>>
>>>> ChangeLog:
>>>> * netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java
>>>> (policyMenu, policyEditor): unused fields removed.
>>>> (getImageIcon): made static. (addButtons): default alwaysTrust
>>>> checkbox to not selected.
>>>>
>>>> Thanks,
>>>>
>>>>
>>>
>>> Hmm. The "always trust" is prechecked only when certificate is verified
>>> and trusted. Otherwise it is not selected by defaul.
>>>
>>> or am I missing something?
>>>
>>> J.
>>>
>>
>> Yes, that's what I'm talking about. I think it makes sense for it by
>> default to never be selected.
>>
>
> I think that verified (ONLY verified) certs should remain checked. But
> others my think differently (now we are 1:1 :) )
>
> Sorry for blocking it. TBH i do not care :) And there are few applications
> which I actually really unselected although they are verified. So I
> scrumbled to stay 0.8:1
>
>
> As for the code,
> - alwaysTrust.setSelected(alwaysTrustSelected);
>
> is alwaysTrustSelected now reused? I would suspect it to be abandoned...
>
> J.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140520/daf6a436/attachment.html>
More information about the distro-pkg-dev
mailing list