Re: [platform-dev] Fwd: [eclipse-packaging/packages] Eclipse 2025-06 fai

[immibis <immibis@xxxxxxxxx>]

Note that (2) is a problem every time you install any plugin. It's not related to bytecode manipulation.

Note also that if users want a dark theme (or anything else), they will continue doing anything they can to get a dark theme, no matter how much you try to stop them. The correct solution to this conundrum is to provide a dark theme or a supported mechanism by which the user can have a dark theme.

On 22/05/25 08:59, Klare, Heiko via platform-dev wrote:

Hi Jonah, hi everyone,

 

Thank you for having an eye on this and for proposing multiple solution options, Jonah!

 

I have no strong opinion on how to proceed with this, so just sharing my thoughts on it.

 

I would be in favor of pushing as much responsibility as possible to the extension provider. Unfortunately, I don’t think we can easily, safely, and necessarily fast achieve something regarding resilience of Eclipse against such abuse (point 2).

So, I would be in favor of adding a negative p2 requirement if that’s feasible (point 4). If not, we should go with reverting the problematic change for now and reapply it for 4.37 (point 1). Assuming that this is the only problematic change, it should be easy to revert. I quickly tested a revert and it works fine for me. We would just need to check that just reverting this change actually fixes the issue with the extension and that there were no other changes that break it.

 

In addition to all that, I would also be in favor of doing some communication/marketing regarding the abuse of Genuitec. We may have the IDE working group reach out to them and we might think about how to make people aware that this extension is doing really bad stuff. In my opinion, this kind of bytecode manipulation is not only questionable from a technical perspective and regarding how extensions of a framework have to work (relying on official APIs), but (1) it also somehow shows how they think about open source in general and (2) it's a potential security leak as you have no clue what this bytecode manipulation actually affects. I would never install a plugin if I knew that it is doing such weird things.

Still, I see this communication part as something that probably needs to be done in a timeline that is independent from the upcoming release.

 

Best regards,

Heiko

 

From: platform-dev <platform-dev-bounces@xxxxxxxxxxx> On Behalf Of Jonah Graham via platform-dev
Sent: Thursday, May 22, 2025 4:21 AM
To: simrel-dev@xxxxxxxxxxx; Eclipse platform general developers list. <platform-dev@xxxxxxxxxxx>
Cc: Jonah Graham <jonah@xxxxxxxxxxxxxxxx>
Subject: [platform-dev] Fwd: [eclipse-packaging/packages] Eclipse 2025-06 fails to start if CodeTogether's devstyle Darkest Dark theme is installed (Issue #310)

 

Hi folks,

 

Please see below and let me know your thoughts.

 

Thanks

Jonah

~~~
Jonah Graham (he/him)
Kichwa Coders
www.kichwacoders.com

 

---------- Forwarded message ---------
From: Jonah Graham <notifications@xxxxxxxxxx>
Date: Wed, 21 May 2025 at 22:19
Subject: [eclipse-packaging/packages] Eclipse 2025-06 fails to start if CodeTogether's devstyle Darkest Dark theme is installed (Issue #310)
To: eclipse-packaging/packages <packages@xxxxxxxxxxxxxxxxxx>
Cc: Jonah Graham <jonah@xxxxxxxxxxxxxxxx>, Your activity <your_activity@xxxxxxxxxxxxxxxxxx>

 

jonahgraham created an issue (eclipse-packaging/packages#310)

This is a more suitable location to discuss the issues raised in eclipse-cdt/cdt#1164 - here is just a summary.

If you install devstyle Darkest Dark theme in Eclipse IDE 2025-06 the IDE will fail to start due to some byte-code manipulation that the plug-in does that breaks Eclipse startup.

While this problem is not a bug in Eclipse or its projects, the theme is one of the most popular plug-ins on the Eclipse marketplace, with probably 10s of thousands of installs that will be broken if they updated to latest Eclipse release in June. Therefore the damage to Eclipse's users will be large.

Therefore we will need to figure out how to mitigate this for our users. I have reached out to genuitec (see emails in eclipse-cdt/cdt#1164) but as of now they have not proposed a solution and there is very little time to resolve this.

Possible ways forward are:

1. Revert changes in Eclipse Platform that expose devstyle bug.
   This is undesirable as it is not obvious exactly how widespread these reversions may have to be, not how long Eclipse non-API would be held back.
2. Make Eclipse more resiliant to such changes.
   I don't know if this is feasible, the way that devstyle is byte manipulating and weaving seems very difficult to insulate against
3. Publicizing campaign.
   We can just try to publicize this, but the workaround for users if they end up with a broken install is non-trivial to do. Since the IDE won't start you can't simply undo the faulty install. The reality is that most people won't pay attention until they have a broken IDE
4. Add negative p2 requirements preventing the problematic versions of devstyle from being installed at the same time as Eclipse 2025-06.
   this will prevent users from installing specific version of devstyle into 2025-06, or prevent Eclipse 2025-03 with devstyle installed from upgrading to 2025-06. The p2 UI here isn't particularly clear as to why the install is being prevented

I solicit input from the community on what to do here. There is not much time to resolve this, if any change needs to be made in Eclipse Platform we have less than 1 week to come up with a solution.

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <eclipse-packaging/packages/issues/310@xxxxxxxxxx>

_______________________________________________
platform-dev mailing list
platform-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/platform-dev