On Fri, 2008-08-29 at 10:38 -0400, Gene Heskett wrote: > On Friday 29 August 2008, Rahul Sundaram wrote: > >Gene Heskett wrote: > >> And the simple fact that those of us who want a working java are going to > >> the sun site, getting the latest jre and installing it, never again to > >> click on an ICED TEA update in yumex. Really, I think that says it all. > >> You for legal reasons are defending an emasculated version, but the final > >> say on what gets run is us, its our machine. Sue us? I doubt it. :) > > > >It is not iced tea now. It is called OpenJDK and that is a certified > >Java from Sun. I won't sue for getting the details wrong ;-) > > > >Rahul > > Oh? From my yumex screen (F8 install) > java-1.7.0-icedtea > jave-1.7.0-icedtea-plugin > > and from an rpm -qa|grep java > java-1.7.0-icedtea-1.7.0.0-0.19.b21.snapshot.fc8 > java-1.5.0-gcj-1.5.0.0-17.fc8 > tzdata-java-2008d-1.fc8 > glib-java-0.2.6-10.fc8 > java_cup-0.10-0.k.6jpp.1 > java-1.7.0-icedtea-plugin-1.7.0.0-0.19.b21.snapshot.fc8 > > Humm, I may be wrong about not having icedtea ---- icedtea was F8, but not F9 ---- > [root@coyote ~]# which java > /usr/bin/java > [root@coyote ~]# ls -l `which java` > lrwxrwxrwx 1 root root 22 2008-03-31 > 19:34 /usr/bin/java -> /etc/alternatives/java > [root@coyote ~]# ls -l /etc/alternatives/java/ > ls: cannot access /etc/alternatives/java/: Not a directory > [root@coyote ~]# ls -l /etc/alternatives/java > lrwxrwxrwx 1 root root 39 2008-03-31 > 19:41 /etc/alternatives/java -> /usr/lib/jvm/jre-1.7.0-icedtea/bin/java > > However, from FF's about:plugins, I get this: > Java(TM) Plug-in 1.6.0_06-b02 > > File name: /usr/java/jre1.6.0_06/plugin/i386/ns7/libjavaplugin_oji.so > Java(TM) Plug-in 1.6.0_06 ---- which java command is for running java from command shell java plugin in Firefox is a separate issue...what's so difficult to understand about that? ---- > > So, do I need to replace that link? By installing the yumex offerings and > bearing in mind that I long since gave up trying to keep up with every new > browser version having its own plugins dir, created one & put all the plugins > there, and linked all the other browsername/plugins to it? > > In that case, is it safe to do so since updates are not yet flowing? Those > are old packages that have been sitting there for a month or more. > > A side note, we (my local group of friends) have found a blog > <http://blogs.zdnet.com/security/?p=1803&tag=nl.e539> that gives a few hints > on finding out if we too have been infected. According to it, no systems > here are. The point being that the extreme privacy this has been kept under > has now been exposed, letting the horse out of the barn so to speak, and this > list deserves more candor from its 'parent' regarding it. We had been led to > believe this was only a debian problem because of the speedup shortcut in the > random number section of the code supposedly only they used. If this is a > different exploit, then we need to know. We aren't above pulling in the > src's and building our own you know, however my reading that code is not > going to tell me if its safe, so I've told the one in my local group who was > going to do that to hold off another day or so... His exposure to an exploit > is 100x that of mine, so lets see some activity of some kind other than take > a potato and wait. We are beginning to need a second potato to stave off the > hunger here. ---- as someone who runs gui as root...you have so many issues to worry about I wouldn't know where to start...in fact, your assertion that someone else has an exposure to exploitation more than you is laughable. Craig -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
