| 1 |
On Wed, Jan 16, 2013 at 2:43 AM, Daniel Campbell <dlcampbell@×××.com> wrote: |
| 2 |
> On 01/15/2013 11:32 PM, Nilesh Govindrajan wrote: |
| 3 |
>> On Wednesday 16 January 2013 10:32:11 AM IST, Kevin Brandstatter wrote: |
| 4 |
>>> I'm curious as well about the potential exploitability of icedtea. I |
| 5 |
>>> would think that since the icedtea vm is not the same as the sun/oracle |
| 6 |
>>> one and so I don't think the code base is the same, which would mean an |
| 7 |
>>> exploit in the sun/oracle jvm would not necessarily affect icedtea. |
| 8 |
>>> However, I know very little on this matter and seeing as i think both |
| 9 |
>>> are open sourced i have no idea how much or if there is any code overlap. |
| 10 |
>>> |
| 11 |
>> |
| 12 |
>> Oracle Java is open source? |
| 13 |
>> |
| 14 |
>> -- |
| 15 |
>> Nilesh Govindarajan |
| 16 |
>> http://nileshgr.com |
| 17 |
>> |
| 18 |
> |
| 19 |
> I was thinking the same thing. Last I knew, the VM is closed while the |
| 20 |
> language is pretty much open. |
| 21 |
|
| 22 |
IIRC, the VM spec is open, the implementation isn't. Further, the |
| 23 |
supporting libraries are open (as in you can see them). The biggest |
| 24 |
'closed' aspect is the pricey (and terms-restricting) certification |
| 25 |
process to get a different implementation certified. |
| 26 |
|
| 27 |
But I might be woefully out of date. |
| 28 |
|
| 29 |
-- |
| 30 |
:wq |
Archives