Thanks Antonio. Companies aren't going to upload modules with their update centers to Apache NetBeans PP3, right?
This discussion isn't about removing some AutoUpdate APIs (e.g. functionality), just about better verification of the modules that the Apache NetBeans project recommends the users to download (by default, after installing fresh copy of the IDE). -jt Dne út 7. 7. 2020 14:46 uživatel Antonio <anto...@vieiro.net> napsal: > Hi, > > I don't see a security threat here if we warn the user about the > security implications of downloading stuff from a third party update > center. > > I can't remember if we are alerting the user properly, though. Maybe we > could improve the message. > > Being able to add third-party plugin centers is a useful feature, I > think, for both developers and for companies that have network > restrictions, and that may be wishing to setup a private update center > of their own. So I wouldn't impose using a NetBeans specific update center. > > Kind regards, > Antonio > > El 06/07/2020 a las 19:13, Jaroslav Tulach escribió: > > Hi. > > Recently I have noticed discussion explaining how to bypass NetBeans > Plugin Portal. The > > usual way is to create a NetBeans module extension to provide own update > center > > definition and register it in NetBeans Plugin Portal. Once a user > downloads such module, > > the provided update center gets activated and can distribute new updates > or new > > modules. > > > > Isn't this a security thread? Shouldn't we ban modules that register own > update centers? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org > For additional commands, e-mail: dev-h...@netbeans.apache.org > > For further information about the NetBeans mailing lists, visit: > https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists > > > >
