From owner-freebsd-gnome@FreeBSD.ORG Fri Sep 23 20:21:08 2005 Return-Path: X-Original-To: gnome@freebsd.org Delivered-To: freebsd-gnome@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 807D416A41F for ; Fri, 23 Sep 2005 20:21:08 +0000 (GMT) (envelope-from mezz7@cox.net) Received: from eastrmmtao06.cox.net (eastrmmtao06.cox.net [68.230.240.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id E0DA743D45 for ; Fri, 23 Sep 2005 20:21:07 +0000 (GMT) (envelope-from mezz7@cox.net) Received: from mezz.mezzweb.com ([68.103.32.140]) by eastrmmtao06.cox.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with ESMTP id <20050923202106.IHPX17424.eastrmmtao06.cox.net@mezz.mezzweb.com>; Fri, 23 Sep 2005 16:21:06 -0400 Date: Fri, 23 Sep 2005 15:21:32 -0500 To: "Greg Lewis" References: <20050923170032.GA12227@misty.eyesbeyond.com> <20050923181857.GA13250@misty.eyesbeyond.com> From: "Jeremy Messenger" Content-Type: text/plain; format=flowed; delsp=yes; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID: In-Reply-To: <20050923181857.GA13250@misty.eyesbeyond.com> User-Agent: Opera M2/8.50 (Linux, build 1358) Cc: gnome@freebsd.org Subject: Re: Update for JPI_LIST. X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Sep 2005 20:21:08 -0000 On Fri, 23 Sep 2005 13:18:57 -0500, Greg Lewis wrote: > On Fri, Sep 23, 2005 at 12:33:37PM -0500, Jeremy Messenger wrote: >> On Fri, 23 Sep 2005 12:00:32 -0500, Greg Lewis >> wrote: >> >All, >> > >> >Attached is a patch to update the JPI_LIST variable in the firefox, >> >mozilla and mozilla-devel ports. It removes the 1.3.1 plugins (these >> >have had security problems for some time), the 1.4.1 plugin (ditto >> >plus anyone using 1.4 almost certainly has 1.4.2) and >> >> Leave them alone are probably the best thing to do, since they exist in >> ports tree and if one of them have any security issue then Java port >> should be disable, not us. Also, it's up to the user's decision if they >> want to use old Java as they exist in ports tree. >> >> Well, if old Java will not work with Firefox at all then the remove is >> reasonable. > > The ports themselves have either been FORBIDDEN when the plugin is > requested (1.3.1) or completely superseded (1.4.1). The problem is > that if they installed the ports prior to the security alerts then > the browser will automatically create this link for them without > their knowledge and leave them vulnerable. I think we would do our > users a disservice by leaving them there. > > I can't comment as to whether the old plugins work with Firefox, > although I can give them a try tonight and find out. > >> >corrects the patch for the 1.5.0 plugin now that we have >> >functioning. >> > >> >Any objections? >> >> No object for 1.5.0 plugin fix, but let me merge your fix of 1.5.0 >> plugin >> with another fix that will do the bump PORTREVISION at the same time. I >> will commit it in the evening to see if your topic will get more >> feedback. > > If its more convenient to merge it in then by all means do that :). Okay, I think I will go with your full patch. Hey team, what do you think? jdk13 depends on gtk12 and is out of date, there is no 1.4.1 in ports tree. At last, it should be no big deal because there is no Java package. Honestly, I think leave them alone is harmless. Cheers, Mezz -- mezz7@cox.net - mezz@FreeBSD.org FreeBSD GNOME Team http://www.FreeBSD.org/gnome/ - gnome@FreeBSD.org