Date: Mon, 14 Jul 2003 08:30:45 -0400
From: Leonard Rosenthol <[EMAIL PROTECTED]>
At 7:16 AM -0500 7/14/03, Stephen J Baker wrote:
>One issue we should at least think about with JAR is that since it
>*is* the JAVA library mechanism, there is perhaps a risk of
>allowing virus writers to attach bits of JAVA executable in what
>*appears* to be a GIMP image.
If you don't open up the JAR file with a Java-based tool -
you can't have Java executing.
And even if you DO use Java to open up the JAR, nothing
"auto-executes" - you'd have to manually kick it off.
SO even if someone were to put Java bytecodes into a GIMP image
file, it would never get executed...
What happens if in the future someone writes a gimp-java interface
(like gimp-perl)? Would there be any security issues there?
Robert Krawitz <[EMAIL PROTECTED]>
Tall Clubs International -- http://www.tall.org/ or 1-888-IM-TALL-2
Member of the League for Programming Freedom -- mail [EMAIL PROTECTED]
Project lead for Gimp Print -- http://gimp-print.sourceforge.net
"Linux doesn't dictate how I work, I dictate how Linux works."
Gimp-developer mailing list