> Do NOT install Java from your distro. Do NOT install Java by giving the root password (or by directly using the root account): no rpm, no deb.
This advice is fundamentally confused about how computer security works: the issue is not how the code is installed, it's whether an attacker can get your browser / email client to execute it. If the code runs as you, it has all the access it needs even if the files are owned by root.
> Fetch, from a regular user account, the Java .tar.gz and install Java in your dev user account.
So I don't get updates from the very responsive Ubuntu / Debian groups and instead rely on obsessively checking the news? That seems a LOT worse than simply disabling the Java browser plugin.
This advice is fundamentally confused about how computer security works: the issue is not how the code is installed, it's whether an attacker can get your browser / email client to execute it. If the code runs as you, it has all the access it needs even if the files are owned by root.
> Fetch, from a regular user account, the Java .tar.gz and install Java in your dev user account.
So I don't get updates from the very responsive Ubuntu / Debian groups and instead rely on obsessively checking the news? That seems a LOT worse than simply disabling the Java browser plugin.