Re: default messaging/VoIP client for Debian 8/Jessie

[Russ Allbery <rra@debian.org>]

Kevin Chadwick <ma1l1ists@yahoo.co.uk> writes:

> I guess you missed all the exploits in JAVA over the years and
> especially last year where it was banned for long periods from all
> browsers. To the point that the pressure is building on web hosts to
> drop JAVA KVM clients completely.

Most of the exploits in Java (I have no idea why you write the word in all
caps) are flaws in the sandbox security model.  While those are real
vulnerabilities in the context of running untrusted Java applets
downloaded from the network, they're not horribly interesting in the
context of running trusted applications installed through normal signed
apt repositories.

> I'm starting to question if Debian takes security and correctness
> seriously enough.

While we would be sad to lose your insightful commentary in debian-devel,
I'm sure we'd all understand if you felt like you needed to move to a
different distribution.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>