[icedtea-web] Idea - do not start ITW applets automatically

Adam Domurad adomurad at redhat.com
Fri Nov 16 08:41:33 PST 2012

> Interesting idea, probably worthy to implement.
> Default behaviour should be definitely set-up-able from itw-settings.
> As you summarised, we need to take care only about unsigned applets, 
> as signed ones already have launch/launch always/dont launch/never 
> launch (or similar)

I actually hadn't thought about the fact that we can just leave signed 
applets-as-they-are (because they require confirmation), but its obvious 
now that I think about it. So this would be a setting for unsigned 
applets, which don't require confirmation currently (possibly also 
option to disable 'always trust cert' feature for paranoid people).

> Or this setting can be independent on signatures and so be checked 
> even before signatures (launch/launch always/dont launch/never 
> launch), and then trustworthiness will be checked.
> Or maybe some mixture :) - but I'm probably for second approach - 
> before and independent on the signatures.

I'm not sure what you mean by 'independent on the signatures', sorry

> What is little bit more in my mind is, if you want to avoid of 
> launching of jvm at all. If you want, then then it will probably not 
> possible to have some interactive communication with user.
> If you will suffer launching of jvm, ten we can probably misuse splash 
> - before actual loading starts, there wil be not-animated spalsh with 
> text eg  "this is applet, destiny of applets on domain blahblah.bl is 
> not specified, would you like to launc/launchalways?"

Destiny is a funny word to use here :)
Launching JVM is fine by me. This is mostly motivated by applets trying 
to be sneaky, and as you said 'Do not launch JVM' is a good option to 
have (probably worded as 'Do not load applets at all' vs 'Do not 
automatically launch applets')

> Not sure if this is what you wanted to hear, but think about it as 
> "brainstorming" :)
> J.

It was exactly what I wanted to hear, thanks!

More information about the distro-pkg-dev mailing list