Le 29/03/2012 23:06, Florian Hubold a écrit :
Am 29.03.2012 22:23, schrieb Maarten Vanraes:
Op donderdag 29 maart 2012 21:08:22 schreef David Walser:
Guillaume Rousse<guillomovitch@...> writes:
If I want to keep a proprietary JRE on my computers, because I trust it
more to run crap proprietary applications (also called
corporate-compliants), than marvelous free-licensed environment they
have never been tested with, that is my choice, not yours.
So you say that you really want to keep an outdated
package with many security holes, which even the
infamous Zeus bot is said to exploit?
I think I'm best placed than anyone else to evaluate the exact risk I'm
facing on the machines I'm running, because I know what they are used
for, how they are managed, and how they are protected exactly from
external threat such as Zeus. The decision of how to manage this problem
exactly belongs to me.
Sure, that's your choice and you're free to do this,
but we can't keep our users susceptible to such
problems.
You're not a system administrator, whose duty is to take this kind of
decision, you are a technical solution provider. You're clearly
confusing the roles here.
Removing the sun java package from the distribution is perfectly fine
(and anyway, there is no real choice). Explaining it in release notes,
with alternative solutions suggestions also. But automatically removing
software for security concerns, without asking for user consent, would
be a first step into transfering decision power from user to operating
system vendor. Trusted computing approach, in other terms.
--
BOFH excuse #301:
appears to be a Slow/Narrow SCSI-0 Interface problem
