W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1995

Re: Hot Java is here! And it *rocks*

From: Sarr Blumson <sarr@citi.umich.edu>
Date: Tue, 04 Apr 1995 09:55:15 -0400
Message-Id: <9504041356.AA02686@www10.w3.org>
To: David.Halls@cl.cam.ac.uk
Cc: sarr@citi.umich.edu, www-talk@www10.w3.org

In message <9504030915.AA12306@ouse.cl.cam.ac.uk>you write:
>> Others have mentioned the safety issue, but let me put it a little more 
>> strongly.  I will NEVER EVER run a browser that depends on (no, is 
>> willing to) executing binaries downloaded from a server, at least on 
>> any currently extant hardware architecture.  Nor will I trust a machine 
>> where somebody has.
>So you will NEVER download packages from the net, compile them and install
>them? You rely on your native OS and its utilities completely. No-one
>checks source code (e.g. Gnu <fill-in-here>, XV etc etc) for "rm -r *".
>Just because you compile them doesn't make them safe. The same amount
>of trust applies.

Of course I do those things.  Sometimes.  When I do I think carefully 
about where I'm getting them from, look at the source, and run them for 
a while under an account I keep for that purpose with no access to 
anything (the reason why I believe that even single user machines need 
multiuser security, but that's another argument).  People actually do 
this.  I recall a discussion on this very list a few months ago about a 
package who's installation script downloaded another script and 
executed it without warning.  People noticed.

If I were a using a browser that downloaded binary applets on a regular 
basis, even that level of care would become unmanageable.  Even 
assuming that the browser warned me that it was happening.

Sarr Blumson                     sarr@umich.edu
voice: +1 313 764 0253           FAX: +1 313 763 4434
CITI, University of Michigan     http://www.citi.umich.edu:80/users/sarr
519 W William, Ann Arbor, MI 48103-4943
Received on Tuesday, 4 April 1995 11:00:18 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:16 UTC