W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1995

Re: Hot Java is here! And it *rocks*

From: <David.Halls@cl.cam.ac.uk>
Date: Tue, 4 Apr 1995 15:03:56 +0100 (BST)
Message-Id: <9504041403.AA10766@ouse.cl.cam.ac.uk>
To: sarr@citi.umich.edu (Sarr Blumson)
Cc: David.Halls@cl.cam.ac.uk, sarr@citi.umich.edu, www-talk@www10.w3.org
> 
> Of course I do those things.  Sometimes.  When I do I think carefully 
> about where I'm getting them from, look at the source, and run them for 
> a while under an account I keep for that purpose with no access to 
> anything (the reason why I believe that even single user machines need 
> multiuser security, but that's another argument).  People actually do 
> this.  I recall a discussion on this very list a few months ago about a 
> package who's installation script downloaded another script and 
> executed it without warning.  People noticed.

Okay. So requirements are:

1. A Safe environment (account). cf. Safe Tcl/Scheme/Python/HotJava etc.
2. Trust that the code is genuine. cf. public-key cryptography.

Now, can anyone explain why they would NEVER download applets or binaries/
bytecodes given these requirements? All I'm trying to say is that a Safe Node
system for getting and executing software is safer (yes, safer) than
current practice, so rabid instance on complete security seems a bit OTT,
though of course completely justified in its own right.

Dave.
Received on Tuesday, 4 April 1995 14:10:17 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:16 UTC