editorconfig-eclipse icon indicating copy to clipboard operation
editorconfig-eclipse copied to clipboard

Published 20 hours ago verified publisher icon ncjones

Please sign releases

Open ben-willow opened this issue 9 years ago • 6 comments

Please sign each release, so we can know provenance of future releases, and help protect against malicious updates.

ben-willow avatar Apr 10 '15 02:04 ben-willow

@ben-willow Can you point to any case of malicious updates ?

paulvi avatar Sep 01 '15 07:09 paulvi

It's common sense to install only signed packages. I may even be company policy and would increase acceptance. Don't wait for a malicious update to happen. Prevent it in the first place.

bekopharm avatar Sep 22 '15 13:09 bekopharm

For non Eclipse foundation plugins, I know only @jeeeyul Lee signing.

And that only creates additional questions asked to user (while for Eclipse signed binaries there's no question asked)

paulvi avatar Sep 22 '15 15:09 paulvi

I agree this is common sense but I am unsure how to implement it. I've read through https://wiki.eclipse.org/JAR_Signing but this does not provide any advice for 3rd-party plugin authors. Nor did I find any advice when quickly searching through "Mastering Eclipse Plug-in Development" and "Eclipse Plug-ins, Third Edition". Any advice on how this should work?

ncjones avatar Sep 22 '15 19:09 ncjones

@ncjones Nathan, you can ask @jeeeyul

but I would suggest not to spend time on this

paulvi avatar Sep 23 '15 03:09 paulvi

+1

cniweb avatar Feb 16 '17 19:02 cniweb