[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ide-dev] Security flaw in ADT is somehow presented as a flaw in Eclipse IDE

I would be happy to help with the communications. Has someone validated that XML Parser is is not in the Eclipse packages?

btw, should this be sent to the Eclipse security team?

On 12/6/2017 2:37 AM, Mickael Istria wrote:
This piece of news is spreading very fast on social media. As far as I understand (and I may be wrong), the security flaw mentioned here isn't in Eclipse IDE itself but in ADT or some other piece of Android SDK.
So basically, Eclipse IDE has once again its image hurt by an issue in ADT...
If this happens to be the case, it would be interesting to have the Eclipse Foundation sending a PR to explain that Eclipse IDE itself is fine, and is open for extensions, and that security flaws in extensions are only the responsibility of extension providers; and warn against this kind of message which tends to blame the wrong layer.

Cheers,
--
Mickael Istria
Eclipse IDE developer, at Red Hat Developers community
Elected Committer Representative at the Eclipse Foundation board of directors


_______________________________________________
ide-dev mailing list
ide-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/ide-dev