Bug#267040: gcjwebplugin runs untrusted code without sandbox
Robert Millan
rmh at aybabtu.com
Wed Sep 10 15:34:43 UTC 2008
On Tue, Sep 09, 2008 at 11:11:45PM +0100, Ben Hutchings wrote:
> > I can't believe you're actually arguing that the solution against blindly
> > trusting a website is blindly trusting a binary blob.
>
> I would rather use a secure free plugin than a secure non-free plugin,
> but apparently that doesn't exist. Since the choice is between a secure
> non-free plugin and an insecure free plugin, them I'm afraid I'd go for
> the former because I trust Sun much more than I trust many of the web
> sites I visit. I'd be very surprised if you can honestly say the
> opposite.
I suppose it's different for everyone. But if you want my opinion, the
reason I refuse to use Sun's plugin is not because of security, but simply
because I believe I am my own master. And since I don't owe allegiance to
Sun, I don't kneel to them.
Then again, the "security" issue is not real.
--
Robert Millan
The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
how) you may access your data; but nobody's threatening your freedom: we
still allow you to remove your data and not access it at all."
More information about the pkg-java-maintainers
mailing list