Date: Fri, 23 Sep 2005 12:18:57 -0600 From: Greg Lewis <glewis@eyesbeyond.com> To: Jeremy Messenger <mezz7@cox.net> Cc: gnome@freebsd.org Subject: Re: Update for JPI_LIST. Message-ID: <20050923181857.GA13250@misty.eyesbeyond.com> In-Reply-To: <op.sxkgebvd9aq2h7@mezz.mezzweb.com> References: <20050923170032.GA12227@misty.eyesbeyond.com> <op.sxkgebvd9aq2h7@mezz.mezzweb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 23, 2005 at 12:33:37PM -0500, Jeremy Messenger wrote: > On Fri, 23 Sep 2005 12:00:32 -0500, Greg Lewis <glewis@eyesbeyond.com> > wrote: > >All, > > > >Attached is a patch to update the JPI_LIST variable in the firefox, > >mozilla and mozilla-devel ports. It removes the 1.3.1 plugins (these > >have had security problems for some time), the 1.4.1 plugin (ditto > >plus anyone using 1.4 almost certainly has 1.4.2) and > > Leave them alone are probably the best thing to do, since they exist in > ports tree and if one of them have any security issue then Java port > should be disable, not us. Also, it's up to the user's decision if they > want to use old Java as they exist in ports tree. > > Well, if old Java will not work with Firefox at all then the remove is > reasonable. The ports themselves have either been FORBIDDEN when the plugin is requested (1.3.1) or completely superseded (1.4.1). The problem is that if they installed the ports prior to the security alerts then the browser will automatically create this link for them without their knowledge and leave them vulnerable. I think we would do our users a disservice by leaving them there. I can't comment as to whether the old plugins work with Firefox, although I can give them a try tonight and find out. > >corrects the patch for the 1.5.0 plugin now that we have > >functioning. > > > >Any objections? > > No object for 1.5.0 plugin fix, but let me merge your fix of 1.5.0 plugin > with another fix that will do the bump PORTREVISION at the same time. I > will commit it in the evening to see if your topic will get more feedback. If its more convenient to merge it in then by all means do that :). -- Greg Lewis Email : glewis@eyesbeyond.com Eyes Beyond Web : http://www.eyesbeyond.com Information Technology FreeBSD : glewis@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050923181857.GA13250>