https://www.zdnet.com/article/github-warns-java-developers-of-new-malware-poisoning-netbeans-projects/
On Fri, 29 May 2020 at 15:46, Jesse Glick <[email protected]> wrote: > A further note: > > > the malware also infected any JAR files that were available in the > project, such as dependencies—not necessarily just build artifacts > > If I understand correctly what is being said here, this kind of attack > only makes sense for a build system which keeps binary dependencies in > the source tree, which of course is a bad idea anyway, but was an > aspect of the original managed Ant project type. Speaking as the > architect of that system, it should be deprecated and removed from the > default download. (If a viable version of Maven or Ivy had been > available at that time, we would have used it.) > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > For further information about the NetBeans mailing lists, visit: > https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists > > > >
