Date: Fri, 23 Sep 2005 16:23:08 -0400 From: Joe Marcus Clarke <marcus@marcuscom.com> To: Jeremy Messenger <mezz7@cox.net> Cc: Greg Lewis <glewis@eyesbeyond.com>, gnome@freebsd.org Subject: Re: Update for JPI_LIST. Message-ID: <1127506988.98415.31.camel@shumai.marcuscom.com> In-Reply-To: <op.sxkn56xz9aq2h7@mezz.mezzweb.com> References: <20050923170032.GA12227@misty.eyesbeyond.com> <op.sxkgebvd9aq2h7@mezz.mezzweb.com> <20050923181857.GA13250@misty.eyesbeyond.com> <op.sxkn56xz9aq2h7@mezz.mezzweb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-jRjurWHYKUoZcypV4gbV Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2005-09-23 at 15:21 -0500, Jeremy Messenger wrote: > On Fri, 23 Sep 2005 13:18:57 -0500, Greg Lewis <glewis@eyesbeyond.com> =20 > wrote: >=20 > > On Fri, Sep 23, 2005 at 12:33:37PM -0500, Jeremy Messenger wrote: > >> On Fri, 23 Sep 2005 12:00:32 -0500, Greg Lewis <glewis@eyesbeyond.com> > >> wrote: > >> >All, > >> > > >> >Attached is a patch to update the JPI_LIST variable in the firefox, > >> >mozilla and mozilla-devel ports. It removes the 1.3.1 plugins (these > >> >have had security problems for some time), the 1.4.1 plugin (ditto > >> >plus anyone using 1.4 almost certainly has 1.4.2) and > >> > >> Leave them alone are probably the best thing to do, since they exist i= n > >> ports tree and if one of them have any security issue then Java port > >> should be disable, not us. Also, it's up to the user's decision if the= y > >> want to use old Java as they exist in ports tree. > >> > >> Well, if old Java will not work with Firefox at all then the remove is > >> reasonable. > > > > The ports themselves have either been FORBIDDEN when the plugin is > > requested (1.3.1) or completely superseded (1.4.1). The problem is > > that if they installed the ports prior to the security alerts then > > the browser will automatically create this link for them without > > their knowledge and leave them vulnerable. I think we would do our > > users a disservice by leaving them there. > > > > I can't comment as to whether the old plugins work with Firefox, > > although I can give them a try tonight and find out. > > > >> >corrects the patch for the 1.5.0 plugin now that we have > >> >functioning. > >> > > >> >Any objections? > >> > >> No object for 1.5.0 plugin fix, but let me merge your fix of 1.5.0 =20 > >> plugin > >> with another fix that will do the bump PORTREVISION at the same time. = I > >> will commit it in the evening to see if your topic will get more =20 > >> feedback. > > > > If its more convenient to merge it in then by all means do that :). >=20 > Okay, I think I will go with your full patch. Hey team, what do you think= ? =20 > jdk13 depends on gtk12 and is out of date, there is no 1.4.1 in ports =20 > tree. At last, it should be no big deal because there is no Java package. >=20 > Honestly, I think leave them alone is harmless. Kill the old VMs! Joe --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-jRjurWHYKUoZcypV4gbV Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBDNGQsb2iPiv4Uz4cRAkLQAKCraG8XnwyLSdj5VNW+Pcy5rktKagCeMK+u EqbjiiYDtj2n45TwQ/hZKKk= =kx+s -----END PGP SIGNATURE----- --=-jRjurWHYKUoZcypV4gbV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1127506988.98415.31.camel>