MULTIBIT NEEDS JAVA SE6 - ONE THAT WAS RELEASESD IN 2014 - how safe is this?

[steakpie13]

well because I had urgent need I installed it

https://support.apple.com/kb/DL1572?locale=en_US

This is where it took me and told me to download it

as you guys know java is very vulnerable and I had to install a YEAR OLD VERSION OF JAVA!!


how safe is this?

I can delete this carp from my computer right now , I mean java completely from my mac right now,

PLEASE HELP 

Well this is crazy


I just upgraded to oxX 10.10 yosemite btw this is where I'm getting issues.


Thanks.

[virtualx]

Multibit is created in the Java programming language, that is why you need it. If you don't want to use Java you should use another bitcoin wallet. Bitcoin does not need Java, but Multibit does. Java SE6 is old but not very old.

[Muhammed Zakir]

-snip-
as you guys know java is very vulnerable and I had to install a YEAR OLD VERSION OF JAVA!!
 -snip-

Who said this? "Java is more vulnerable" is a popular factoid.

 Java is not less secure than other languages but more secure than C or C++ because of no buffer overflows etc.. See http://security.stackexchange.com/questions/57646/why-do-i-hear-about-so-many-java-insecurities-are-other-languages-more-secure for more details.

[btchris]

as you guys know java is very vulnerable and I had to install a YEAR OLD VERSION OF JAVA!!

On my Windows box, MultiBit (Classic) works perfectly fine with the most recent Java SE8.

Who said this? "Java is more vulnerable" is a popular factoid.

Agreed. The vulnerabilities you often hear about relate to the Java sandbox, not to Java itself. The sandbox is responsible for enforcing security rules on untrusted applications, typically run from inside a web browser. (Yes, the Java sandbox is infamous for its security bugs, and deservedly so).

MultiBit does not run inside a sandbox because it is not an untrusted app (you do trust it, don't you?). It has just as much access to your PC as any other normal Win32 app.

Also, if you have a need to, nothing prevents you from installing multiple versions of Java, in which case browser-based Java apps requiring the sandbox will use the most recent version by default.

[d4n13]

Who said this? "Java is more vulnerable" is a popular factoid.

I started another thread on this in BitcoinJ, though my question was different.  It was whether Oracle Inc is less trust worthy than an Open source endeavor (Open JDK)

That said, as long as there is broad enough JDK peer review on RNG, I have no problem with Java per se.