Am 13.12.2021 um 18:03 schrieb Christoph Läubrich:
yep that's what I have had in mind, I think it would be cool to have one global feature "CVE Mitigation" or something and this requires/includes individual CVE features that ship with appropriate p2.inf items. Thus way, once added to an IDE this will enable us to make CVE fixes available tor a broad audience and make people more aware of them through the update capabilities of eclipse itself.
Sounds great. However, I would vote for one feature per CVE, given 2 reasons: Some companies are rather reluctant to change previously certified tool chains, and might want to include fix A, but not fix B (because they can explain why it does not affect them). I would expect that there is a chance of such a feature not being installable on some installations due to conflicting requirements. The more CVEs (and requirements) included, the higher that chance. It would be good if such conflict would not prohibit installing the other fixes. I might be wrong about this item. _______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
