From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/20110121/002294.html | 82 +++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 zarb-ml/mageia-dev/20110121/002294.html (limited to 'zarb-ml/mageia-dev/20110121/002294.html') diff --git a/zarb-ml/mageia-dev/20110121/002294.html b/zarb-ml/mageia-dev/20110121/002294.html new file mode 100644 index 000000000..cc066d12f --- /dev/null +++ b/zarb-ml/mageia-dev/20110121/002294.html @@ -0,0 +1,82 @@ + + + + [Mageia-dev] Java-Policy first draft published + + + + + + + + + +

[Mageia-dev] Java-Policy first draft published

+ Michael scherer + misc at zarb.org +
+ Fri Jan 21 16:14:39 CET 2011 +

+
+ +
On Fri, Jan 21, 2011 at 10:06:21AM +0100, Thierry Vignaud wrote:
+> On 21 January 2011 00:01, nicolas vigier <boklm at mars-attacks.org> wrote:
+> >> Shipping binary jar given by upstream tarball cause trouble because you
+> >> 1) cannot patch them in case of bug
+> >> 2) cannot see how and what was compiled
+> >>
+> >> That's not very free software friendly, and I think we should refuse
+> >> that.
+> >
+> > I've already seen while trying to package java apps, a jar being shipped,
+> > but sources not available anywhere on the internet, except after
+> > searching for a few hours on an old website on archive.org with broken
+> > link to the sources zip, and developers not aware of the issue, because
+> > they never tried to find the sources, and always used this binary .jar
+> > they found on a random web site.
+> 
+> And they never though about security...
+
+Security is not a problem , it is java, no null pointer exception /o\.
+
+But that's not only security, there is simply bugs that happen, and API 
+problem ( that IMHO happens more often than security issue ).
+
+-- 
+Michael Scherer
+
+
+ + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1