[jbosstools-issues] [JBoss JIRA] (JBDS-1913) extras updatesite exposes external updatesites making updates outofband possible without user actually explicitly asked for it

Nick Boldt (Closed) (JIRA) jira-events at lists.jboss.org
Thu Nov 3 12:20:46 EDT 2011 

     [ https://issues.jboss.org/browse/JBDS-1913?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nick Boldt closed JBDS-1913.
----------------------------



To verify:

1. start JBDS
2. Help > Install 
3. Click "Available Software Sites"
4. observe which sites are shown. None of the 3rd party URLs should be seen -- only devstudio.jboss.com URLs should be seen.
5. Select all listed sites, hit Remove, then OK
6. Add > paste in some URL > OK
7. Repeat step 4 to verify which site(s) are now listed.

                
> extras updatesite exposes external updatesites making updates outofband possible without user actually explicitly asked for it
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JBDS-1913
>                 URL: https://issues.jboss.org/browse/JBDS-1913
>             Project: Developer Studio (JBoss Developer Studio)
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: updatesite
>    Affects Versions: 4.1.1.M2, 5.0.0.M4
>            Reporter: Max Rydahl Andersen
>            Assignee: Nick Boldt
>            Priority: Blocker
>             Fix For: 4.1.1.GA, 5.0.0.M4, 5.0.0.Beta1
>
>
> extras site references:
> http://subclipse.tigris.org/update_1.6.x
> http://download.eclipse.org/egit/updates
> http://update.rockstarapps.com
> http://download.jboss.org/jbosstools/updates/m2eclipse-wtp
> http://eclipse-cs.sf.net/update
> http://eclipse.svnkit.com/1.3.x
> meaning if those receive updates users of JBDS will automatically get updated even though we haven't yet certified.
> If they actually explicitly added these then that is their choice, but we shouldn't expose that directly/upfront.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbosstools-issues mailing list