[RFC][icedtea-web] Update security dialogs to be more descriptive
dbhole at redhat.com
Thu Jul 19 13:40:38 PDT 2012
* Danesh Dadachanji <ddadacha at redhat.com> [2012-07-18 16:14]:
> On 18/07/12 04:10 PM, Danesh Dadachanji wrote:
> >The following patch fixes RH838417 and RH838559. 
> >It adds the following message along with the description to dialogs that are shown when a jar cert is unverified or has signing errors:
> >"The code executed will be given full permissions, ignoring any java policies you may have."
> >I've also added the warning.png icon to HTTPS cert dialogs.
> >You can test the patch using this website or see my attached image. =)
> >+2012-07-18 Danesh Dadachanji <ddadacha at redhat.com>
> >+ Update message to security dialog, explicitly telling users they will be
> >+ executing code that has AllPermissions and ignores policy files.
> >+ * NEWS: Added entries for RH838417 and RH838559.
> >+ * netx/net/sourceforge/jnlp/resources/Messages.properties:
> >+ Added SWarnFullPermissionsIgnorePolicy and updated SHttpsUnverified.
> >+ * netx/net/sourceforge/jnlp/security/CertWarningPane.java: Display
> >+ SWarnFullPermissionsIgnorePolicy if the cert is from a jar and is either
> >+ unverified or has a signing error. Also added warning.png to HTTPS dialogs.
> > https://bugzilla.redhat.com/show_bug.cgi?id=838417
> > https://bugzilla.redhat.com/show_bug.cgi?id=838559
> > https://www.portalbank.no/1100/
> Woops, forgot to mention, I'd like to push this to 1.2, 1.3 on top of HEAD if others think it's okay.
Assuming you have tested this, OK for 1.2, 1.3 and HEAD.
However please add bug #/summary to changelog before pushing.
More information about the distro-pkg-dev