Hi,
I don't see a security threat here if we warn the user about the
security implications of downloading stuff from a third party update center.
I can't remember if we are alerting the user properly, though. Maybe we
could improve the message.
Being able to add third-party plugin centers is a useful feature, I
think, for both developers and for companies that have network
restrictions, and that may be wishing to setup a private update center
of their own. So I wouldn't impose using a NetBeans specific update center.
Kind regards,
Antonio
El 06/07/2020 a las 19:13, Jaroslav Tulach escribió:
Hi.
Recently I have noticed discussion explaining how to bypass NetBeans Plugin
Portal. The
usual way is to create a NetBeans module extension to provide own update center
definition and register it in NetBeans Plugin Portal. Once a user downloads
such module,
the provided update center gets activated and can distribute new updates or new
modules.
Isn't this a security thread? Shouldn't we ban modules that register own update
centers?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org
For additional commands, e-mail: dev-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
