On Friday 29 August 2008, Craig White wrote:
>On Fri, 2008-08-29 at 10:38 -0400, Gene Heskett wrote:
>> On Friday 29 August 2008, Rahul Sundaram wrote:
>> >Gene Heskett wrote:
>> >> And the simple fact that those of us who want a working java are going
>> >> to the sun site, getting the latest jre and installing it, never again
>> >> to click on an ICED TEA update in yumex. Really, I think that says it
>> >> all. You for legal reasons are defending an emasculated version, but
>> >> the final say on what gets run is us, its our machine. Sue us? I
>> >> doubt it.
>> >It is not iced tea now. It is called OpenJDK and that is a certified
>> >Java from Sun. I won't sue for getting the details wrong ;-)
>> Oh? From my yumex screen (F8 install)
>> and from an rpm -qa|grep java
>> Humm, I may be wrong about not having icedtea
>icedtea was F8, but not F9
>> [root@coyote ~]# which java
>> [root@coyote ~]# ls -l `which java`
>> lrwxrwxrwx 1 root root 22 2008-03-31
>> 19:34 /usr/bin/java -> /etc/alternatives/java
>> [root@coyote ~]# ls -l /etc/alternatives/java/
>> ls: cannot access /etc/alternatives/java/: Not a directory
>> [root@coyote ~]# ls -l /etc/alternatives/java
>> lrwxrwxrwx 1 root root 39 2008-03-31
>> 19:41 /etc/alternatives/java -> /usr/lib/jvm/jre-1.7.0-icedtea/bin/java
>> However, from FF's about
lugins, I get this:
>> Java(TM) Plug-in 1.6.0_06-b02
>> File name: /usr/java/jre1.6.0_06/plugin/i386/ns7/libjavaplugin_oji.so
>> Java(TM) Plug-in 1.6.0_06
>which java command is for running java from command shell
>java plugin in Firefox is a separate issue...what's so difficult to
>understand about that?
>> So, do I need to replace that link? By installing the yumex offerings and
>> bearing in mind that I long since gave up trying to keep up with every new
>> browser version having its own plugins dir, created one & put all the
>> plugins there, and linked all the other browsername/plugins to it?
>> In that case, is it safe to do so since updates are not yet flowing?
>> Those are old packages that have been sitting there for a month or more.
>> A side note, we (my local group of friends) have found a blog
>> <http://blogs.zdnet.com/security/?p=1803&tag=nl.e539> that gives a few
>> hints on finding out if we too have been infected. According to it, no
>> systems here are. The point being that the extreme privacy this has been
>> kept under has now been exposed, letting the horse out of the barn so to
>> speak, and this list deserves more candor from its 'parent' regarding it.
>> We had been led to believe this was only a debian problem because of the
>> speedup shortcut in the random number section of the code supposedly only
>> they used. If this is a different exploit, then we need to know. We
>> aren't above pulling in the src's and building our own you know, however
>> my reading that code is not going to tell me if its safe, so I've told the
>> one in my local group who was going to do that to hold off another day or
>> so... His exposure to an exploit is 100x that of mine, so lets see some
>> activity of some kind other than take a potato and wait. We are beginning
>> to need a second potato to stave off the hunger here.
>as someone who runs gui as root...you have so many issues to worry about
>I wouldn't know where to start...in fact, your assertion that someone
>else has an exposure to exploitation more than you is laughable.
When I get hacked and rootkitted is the time to gloat, until then, well..
(this is occasionally a mixed list)
And may I complement you on your ability to change the subject when I ask a
potentially embarrassing question?
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
That feeling just came over me.
-- Albert DeSalvo, the "Boston Strangler"
fedora-list mailing list
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list