|
From: | Hartmut Goebel |
Subject: | src.zip, demos and samples in java idk |
Date: | Sat, 3 Sep 2016 08:52:14 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
Hi, I discovered that the "jdk" of icedtea includes "demos", "samples" and even a "src.zip" file. These are as big as 50 MB, where the src.zip contributes by 43 MB. Thee 50MB are ca. 12% of the whole jdk. IMHO, all of these should not be there since they are rarely needed. Also it is common security best-practice to *not* include any demo code on production systems - which should at least followed by such large packages. The reasoning is that demos and examples are often prone to errors and offering attack points. Shall I move these to "doc" or to a new output (e.g. "examples"). We should use the same scheme later for all packages where the examples will get a package by their own. --
Schönen Gruß (Please mind Hartmut Goebel Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer Information Security Management, Security Governance, Secure Software Development
Goebel Consult, Landshut
Blog:
http://www.goebel-consult.de/blog/bewertung-pgp-verschlusselung-bei-web.de-und-gmx
|
smime.p7s
Description: S/MIME Cryptographic Signature
[Prev in Thread] | Current Thread | [Next in Thread] |