Hi Kenneth,
No need to apologize at all. On the contrary. I think it's very good
reporting things that we think are security concerns. Whether these are
really affecting users' security or not can be discussed later. The
important thing is to raise these quickly and clearly, as you've done.
So thank you for that.
Kind regards,
Antonio
On 25/09/18 22:28, Kenneth Jaeger wrote:
Apologies for not classifying this correctly. Yes, this is not a security
issue with NetBeans itself.
On Tue, Sep 25, 2018 at 1:47 PM Antonio <[email protected]> wrote:
Hi Kenneth,
I fully agree with you. I'd add a JIRA so we can remember it, but I
won't classify this as a security problem. For me security issues have
special priority, I don't see that priority here.
Kind regards,
Antonio
On 25/09/18 19:16, Kenneth Jaeger wrote:
I understand since there is no login information being sent to
plugins.netbeans.org, that security is less of a concern, but this is a
front facing website. It is not just used by the IDE. Browsers are
going
to start yelling at us when we go to any http site (as I personally think
they should be). Call me paranoid, but I think the trend toward 100% of
web traffic being TLS encrypted is a good one. Also if
plugins.netbeans.org
upgrades to HTTP2, it MUST be TLS then.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
