GitHub user priyanahata added a comment to the discussion: Can a plugin verification be lost. I mean once a version is verified can it become unverified?
Thanks @neilcsmith-net here to serve I'll take a look The main pain i see in the plugin portal, is that if i do "refresh" it automatically brings in every single version from maven central. The other thing that i thought yesterday would be to a have like a plugin or an update center kind of thing that just says: install from central "at your own risk". so the guy just does a maven search in some gui inside of netbeans and off you go. Sorry for breaking your balls too much. I was trying to be careful to only do "request for verification" like every two weeks or so. but yeah, its a pain and makes a mess in the plugin portal I was following this pattern basically: A user reports an issue, a roll out an patch update "as fast as i can" and i point him to the experimental update center, but yeah, i get your point. I am sure that guys have better things to do than verifying the anahata plugin every week or every two weeks specially considering that it takes two people. The other thing i am super interested in (something we used to do for commercial desktop app deployments (not netbeans based, that was webstart + javafx) is to autoupdate like, to have something in the plugin that "checks for updates" and prints a link on the plugins ui itself saying: An update is available, update now. We dont have many strange maven deps today but if a CVE gets reported on a maven dep. I'd like the users to do one click updates. I havent looked into the netbeans apis for installing / updating modules. Just an idea. LLMs need to be treated with care, its risky by nature allowing an LLM to do any shell (even without root) and full unrestricted LLM genearated java code execution with whatever classpath it wants on the very netbeans JVM Not everybody would be happy to give an LLM that type of control but the type of people that do want to give that kind of power to an LLM would want quick updates if there is CVE in a maven dep (like commons-lang) for example. The other day, i saw one on commons-lang for example. You know like, if someone is using the plugin and vulnerability in any of the dependencies gets reported. You would just want to fix it as quick as possible. What does netbeans do like if a CVE appears in a nb-library lets say like the flexmark-all or the jsoup java-source-ui uses to parse the javadoc Super interested in the security topic also because now in v2 I am even adding selenium and stuff like that for the agent to do your web browsing, fill in forms, stuff like that. Thanks for the feebdack guys, i have a discord an google messages if you are up for a chat GitHub link: https://github.com/apache/netbeans/discussions/9189#discussioncomment-15726692 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
