Re: Bypassing NetBeans Plugin Portal

Ernie Rael Wed, 08 Jul 2020 13:09:14 -0700

On 7/7/2020 9:25 PM, Jaroslav Tulach wrote:

Thanks Antonio.


Companies aren't going to upload modules with their update centers to
Apache NetBeans PP3, right?

This discussion isn't about removing some AutoUpdate APIs (e.g.
functionality), just about better verification of the modules that the
Apache NetBeans project recommends

Recommends? Surely you don't mean that. Or is that part of yourproposal/discussion, only include recommended plugins in the pluginportal catalog?

  the users to download (by default, after
installing fresh copy of the IDE).

-jt


Dne út 7. 7. 2020 14:46 uživatel Antonio <anto...@vieiro.net> napsal:

Hi,

I don't see a security threat here if we warn the user about the
security implications of downloading stuff from a third party update
center.

I can't remember if we are alerting the user properly, though. Maybe we
could improve the message.

Being able to add third-party plugin centers is a useful feature, I
think, for both developers and for companies that have network
restrictions, and that may be wishing to setup a private update center
of their own. So I wouldn't impose using a NetBeans specific update center.

Kind regards,
Antonio

El 06/07/2020 a las 19:13, Jaroslav Tulach escribió:

Hi.
Recently I have noticed discussion explaining how to bypass NetBeans

Plugin Portal. The

usual way is to create a NetBeans module extension to provide own update

center

definition and register it in NetBeans Plugin Portal. Once a user

downloads such module,

the provided update center gets activated and can distribute new updates

or new

modules.

Isn't this a security thread? Shouldn't we ban modules that register own

update centers?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org
For additional commands, e-mail: dev-h...@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org
For additional commands, e-mail: dev-h...@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists

Re: Bypassing NetBeans Plugin Portal

Reply via email to