1 |
On Wed, Jan 16, 2013 at 2:43 AM, Daniel Campbell <dlcampbell@×××.com> wrote: |
2 |
> On 01/15/2013 11:32 PM, Nilesh Govindrajan wrote: |
3 |
>> On Wednesday 16 January 2013 10:32:11 AM IST, Kevin Brandstatter wrote: |
4 |
>>> I'm curious as well about the potential exploitability of icedtea. I |
5 |
>>> would think that since the icedtea vm is not the same as the sun/oracle |
6 |
>>> one and so I don't think the code base is the same, which would mean an |
7 |
>>> exploit in the sun/oracle jvm would not necessarily affect icedtea. |
8 |
>>> However, I know very little on this matter and seeing as i think both |
9 |
>>> are open sourced i have no idea how much or if there is any code overlap. |
10 |
>>> |
11 |
>> |
12 |
>> Oracle Java is open source? |
13 |
>> |
14 |
>> -- |
15 |
>> Nilesh Govindarajan |
16 |
>> http://nileshgr.com |
17 |
>> |
18 |
> |
19 |
> I was thinking the same thing. Last I knew, the VM is closed while the |
20 |
> language is pretty much open. |
21 |
|
22 |
IIRC, the VM spec is open, the implementation isn't. Further, the |
23 |
supporting libraries are open (as in you can see them). The biggest |
24 |
'closed' aspect is the pricey (and terms-restricting) certification |
25 |
process to get a different implementation certified. |
26 |
|
27 |
But I might be woefully out of date. |
28 |
|
29 |
-- |
30 |
:wq |