A further note: > the malware also infected any JAR files that were available in the project, > such as dependencies—not necessarily just build artifacts
If I understand correctly what is being said here, this kind of attack only makes sense for a build system which keeps binary dependencies in the source tree, which of course is a bad idea anyway, but was an aspect of the original managed Ant project type. Speaking as the architect of that system, it should be deprecated and removed from the default download. (If a viable version of Maven or Ivy had been available at that time, we would have used it.) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
