[Foundation-l] Java becomes Open Source, what next?

Robert Scott Horning robert_horning at netzero.net
Tue Nov 14 09:41:48 UTC 2006


Anthony wrote:

>Sorry if you find my sarcasm rude, but using java in this way has some
>major security issues.  In fact, just using java applets at all has
>enough security and privacy issues that it isn't enabled by default on
>Firefox, and I personally haven't turned it on in quite a while.
>
>Sorry again if I've been overly blunt.  It's a good general idea, but
>I think it's way before its time.  Hopefully the opening of the source
>code to java will speed up the addressing of these types of issues.
>
>Alternatively, though this would be a much harder route, maybe some
>subset of the java language could be made available, in much the same
>way wiki-syntax translates into a subset of html.
>
>Anthony
>
Adding my own $0.02 here, this is indeed a bad idea for security issues 
alone.  I completely agree here with Anthony's sentiments as Java has 
some very significant security holes that would open up some incredible 
liability and other problems if used on Wikimedia sites.  The very 
thought of allowing anonymous users to post Java source code that would 
be served up through Wikimedia servers..... I can't think of a worse 
possible problem.  It makes all of the issues with hacking the front 
page of Wikimedia projects seem very tame and mild by comparison.

If there were some very heavilily restricted Java-language sub-set that 
was allowed (a sanitized version used with MediaWiki) that might be 
something worth looking at, but that is a major developer task and not 
somthing to simply throw Java support into MediaWiki just because you 
can do it.  Similar issues have come up with even having Javascript 
enabled with Wikimedia projects, for the very same reasons.

That said, it would be incredible if we could allow Wikimedia users the 
option of having some custom tools that go beyond what can be served up 
with HTML and server-side tool.  The discussion to deal with this is 
going to be long and involved and will take a team of very dedicated 
individuals who really understand the software engineering issues before 
it will become a reality.

-- 
Robert Scott Horning






More information about the foundation-l mailing list