[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[ide-dev] Security flaw in ADT is somehow presented as a flaw in Eclipse IDE

Hi all,

See https://www.theregister.co.uk/2017/12/06/android_ides_vulnerable/
This piece of news is spreading very fast on social media. As far as I understand (and I may be wrong), the security flaw mentioned here isn't in Eclipse IDE itself but in ADT or some other piece of Android SDK.
So basically, Eclipse IDE has once again its image hurt by an issue in ADT...
If this happens to be the case, it would be interesting to have the Eclipse Foundation sending a PR to explain that Eclipse IDE itself is fine, and is open for extensions, and that security flaws in extensions are only the responsibility of extension providers; and warn against this kind of message which tends to blame the wrong layer.

Cheers,
--
Mickael Istria
Eclipse IDE developer, at Red Hat Developers community
Elected Committer Representative at the Eclipse Foundation board of directors