On Sun, 31 May 2020, 18:08 Geertjan Wielenga, <geert...@apache.org> wrote:
> Be aware that any project structure that you use when developing > applications can be infiltrated by malware and make sure that the files you > check into your versioning system are your own or that you know where they > come from and what they do." > > > Feedback welcome and needed. > Looks good to me, but I'd be tempted to emphasise "when developing applications, with any IDE or build system, ..." And also that you should treat building untrusted code the same way you'd treat running untrusted binaries, ie. carefully. Interesting that the GitHub article doesn't mention that this applies to projects that were originally structured with Ant in NetBeans. You wouldn't have to still be building in the IDE to be exploited here? Best wishes, Neil >
