[Mageia-dev] Removal of sun java

Guillaume Rousse guillomovitch at gmail.com
Fri Mar 30 09:52:06 CEST 2012


Le 29/03/2012 23:06, Florian Hubold a écrit :
> Am 29.03.2012 22:23, schrieb Maarten Vanraes:
>> Op donderdag 29 maart 2012 21:08:22 schreef David Walser:
>>> Guillaume Rousse<guillomovitch at ...>  writes:
>>>> If I want to keep a proprietary JRE on my computers, because I trust it
>>>> more to run crap proprietary applications (also called
>>>> corporate-compliants), than marvelous free-licensed environment they
>>>> have never been tested with, that is my choice, not yours.
> So you say that you really want to keep an outdated
> package with many security holes, which even the
> infamous Zeus bot is said to exploit?
I think I'm best placed than anyone else to evaluate the exact risk I'm 
facing on the machines I'm running, because I know what they are used 
for, how they are managed, and how they are protected exactly from 
external threat such as Zeus. The decision of how to manage this problem 
exactly belongs to me.

> Sure, that's your choice and you're free to do this,
> but we can't keep our users susceptible to such
> problems.
You're not a system administrator, whose duty is to take this kind of 
decision, you are a technical solution provider. You're clearly 
confusing the roles here.

Removing the sun java package from the distribution is perfectly fine 
(and anyway, there is no real choice). Explaining it in release notes, 
with alternative solutions suggestions also. But automatically removing 
software for security concerns, without asking for user consent, would 
be a first step into transfering decision power from user to operating 
system vendor. Trusted computing approach, in other terms.
-- 
BOFH excuse #301:

appears to be a Slow/Narrow SCSI-0 Interface problem


More information about the Mageia-dev mailing list