Bug#267040: gcjwebplugin runs untrusted code without sandbox
Robert Millan
rmh at aybabtu.com
Tue Sep 9 13:12:54 UTC 2008
[ whoops, resending again...]
On Mon, Sep 08, 2008 at 11:51:55PM +0100, Ben Hutchings wrote:
> >
> > How is this different from the multitude of interfaces in the system in
> > which data is assumed to be trusted?
>
> Data from the network is generally treated as untrusted;
The user is in charge. Data from the network becomes trusted when the user
decides so. This applies to a lot of different situations, I assume it's not
necessary for me to give examples?
> They can use the Sun Java plugin.
I can't believe you're actually arguing that the solution against blindly
trusting a website is blindly trusting a binary blob.
Here's my advice: If you don't like gcjwebplugin, don't use it. If you like
binary blobs, go use them. If you don't care about Java, don't use either.
Just don't impose your view on everyone else by requesting arbitrary removal
of a package.
--
Robert Millan
The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
how) you may access your data; but nobody's threatening your freedom: we
still allow you to remove your data and not access it at all."
More information about the pkg-java-maintainers
mailing list