Re: Debian two-factor auth, GSoC?

[Russ Allbery <rra@debian.org>]

Thomas Goirand <zigo@debian.org> writes:
> On 04/12/2013 03:25 AM, Tollef Fog Heen wrote:

>> The Yubikey neo can run the java applet thingies, it seems, so it can
>> act as a GPG token too.

> Please, please, please ... no java!!!  That's a security nightmare. I
> think we'd be less safe with than without it.

You do realize that most of the Java vulnerabilities are vulnerabilities
in the sandboxing model and therefore are only particularly interesting
when you're downloading random untrustsed Java programs from the Internet
and running them in the sandbox in your web browser, right?

Those aren't flaws in the *language*.

Sandboxing programming languages is very difficult; most languages don't
even attempt it.  Perl used to have a sandboxing module and gave up on it
because it was too hard, thus making it even less secure than Java in that
specific respect, but no one calls it a security nightmare.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>