[
https://issues.apache.org/jira/browse/NETBEANS-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16582402#comment-16582402
]
Mark Struberg commented on NETBEANS-1114:
-----------------------------------------
dear design_doplhin!
Thanks for your report. We really appreciate it and will do our bests to get
this handled!
Fyi, Geertjan is pretty much THE guy to handle such things anyway. He is one of
the original NetBeans authors, Apache NetBeans PPMC chair and did lead the
NetBeans project as Oracle employee, so no need to insult him.
I think what Geertjan wanted to explain to you is that Oracle NetBeans (<=8.2)
and Apache NetBeans (>= 9.0) are different things. Of course we will forward
your report to Oracle and they will take care of it. But the ASF team has no
control nor write access to the Oracle hosted servers but only to the parts
served via apache.org, means NetBeans 9.0 and beyond.
And of course we are also interested if you did also find any vulnerability in
the Apache lead Apache NetBeans 9.0 releases? Because _those_ must be fixed by
us (ASF team) as explained above.
At Apache we have quite a few mechanisms in place to prevent such a situation
as good as possible. We have our 72h voting period where the community members
do a public review of the source and binary, plus we have a distributed system
of hashes and signatures in place which can be verified. Of course that doesn't
guarantee a 100% prevention of such a situation. But an attacker would need to
hack quite a few servers.
txs,
strub on behalf of the Apache NetBeans community.
> trojan found while installing Netbeans
> --------------------------------------
>
> Key: NETBEANS-1114
> URL: https://issues.apache.org/jira/browse/NETBEANS-1114
> Project: NetBeans
> Issue Type: Bug
> Components: platform - Launchers&CLI
> Affects Versions: 8.2
> Environment: Win10 64
> Reporter: Johannes Hoffmann
> Priority: Major
>
> found by Windows Defender during the installation
> Trojan:Script/Cloxer.D!cl
> file:
> C:\Users\User\AppData\Local\Temp\tmpnb\var\cache\netigso\org.eclipse.osgi\bundles\54\1\bundlefile
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
