GitHub user priyanahata edited a comment on the discussion: Can a plugin verification be lost. I mean once a version is verified can it become unverified?
Thanks @neilcsmith-net and @matthiasblaesing here to serve I'll take another look at that plugin center option, my first preference is to work with you guys The main pain i see in the plugin portal, is that if i do "refresh" it automatically brings in every single version from maven central and I can't delete versions. For example, I did two typos in two bad pushes, and i can't get them out of there. All i can do is "not tick " nb28 compatible checkbox. <img width="444" height="841" alt="image" src="https://github.com/user-attachments/assets/1899e373-da6c-4fe3-8a03-065f3ba7e462"; /> The other thing that i thought yesterday would be to a have like a plugin or an update center kind of thing that just says: install from central "at your own risk". so the guy just does a maven search in some gui inside of netbeans and off you go. Sorry for breaking your balls too much. I was trying to be careful to only do "request for verification" like every two weeks or so. but yeah, its a pain and makes a mess in the plugin portal I was following this pattern basically: A user reports an issue, a roll out an patch update "as fast as i can" and i point him to the experimental update center, but yeah, i get your point. I am sure that guys have better things to do than verifying the anahata plugin every week or every two weeks specially considering that it takes two people. The other thing i am super interested in (something we used to do for commercial desktop app deployments (not netbeans based, that was webstart + javafx) is to autoupdate like, to have something in the plugin that "checks for updates" and prints a link on the plugins ui itself saying: An update is available, update now. We dont have many strange maven deps today but if a CVE gets reported on a maven dep. I'd like the users to do one click updates. I havent looked into the netbeans apis for installing / updating modules. Just an idea. LLMs need to be treated with care, its risky by nature allowing an LLM to do any shell (even without root) and full unrestricted LLM genearated java code execution with whatever classpath it wants on the very netbeans JVM Not everybody would be happy to give an LLM that type of control but the type of people that do want to give that kind of power to an LLM would want quick updates if there is CVE in a maven dep (like commons-lang) for example. The other day, i saw one on commons-lang for example. You know like, if someone is using the plugin and a vulnerability gets reported in any of the dependencies . You would just want to get a patch update as quick as possible. What does netbeans do like if a CVE appears in a nb-library lets say like the flexmark-all or the jsoup java-source-ui uses to parse the javadoc Super interested in the security topic also because now in v2 I am even adding selenium and stuff like that for the agent to do your web browsing, fill in forms, stuff like that. Thanks for the feebdack guys, i have a discord an google messages if you are up for a chat GitHub link: https://github.com/apache/netbeans/discussions/9189#discussioncomment-15726692 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
