Snowfox:White list firefox with gcj for intranets [was What next]

[Tom Tromey]

>>>>> "Jakub" == Jakub Jelinek <jakub at redhat.com> writes:

>> Why not adapt the firefox source rpm to build an extra binary (
>> of /usr/lib/firefox-1.0.4/firefox-bin ) package called 
>> Snowfox - a White list Firefox for intranets.

Jakub> That's unnecessary.  gcjwebplugin already works as a small
Jakub> mozilla/firefox plugin and the Java applet is running in a
Jakub> separate process.  To make gcjwebplugin really usable,
Jakub> AppletSecurityManager class needs to be written (ATM it is just
Jakub> a dummy class that allows almost everything), I guess some Java
Jakub> auditing needs to be done and SELinux policy written for
Jakub> gcjappletviewer.

A few things are needed before I would be comfortable advertising
libgcj's applet security.  I have a to-do list here with the tasks,
I'll put it on the gcc wiki or in the gcc bugzilla or something soon.

A couple of us are pressing for "make applets work" to be the next big
target for gcj development.  This means finishing the security tasks
and also some AWT improvements.  AFAIK this decision isn't settled
yet; and we're taking suggestions.  (Another related task I want to
see is java web start support, so we can run applications off the web.
Most of the pieces for this exist once we've got security working.)

Defense in depth sounds like a great plan to me, so an SELinux policy
should definitely be included.

Tom