[GitHub] [netbeans] jtulach edited a comment on pull request #2822: Offer to trust and prime the project when it is being opened.

[GitBox <gi...@apache.org>]

jtulach edited a comment on pull request #2822:
URL: https://github.com/apache/netbeans/pull/2822#issuecomment-803909768


   Originally I was also fine with the resolution of [CVE-2020-11986](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11986) however then I got feedback from users of other IDEs and they were quite surprised with the scary warning NetBeans IDE shows before opening Gradle project.
   
   > How do other IDEs handle this?
   
   Further investigation showed that all the IDEs - Eclipse, Idea, VSCode - come with a concept of workspace. A set of "opened" projects. Adding a project/folder/etc. to the workspace is treated as a good enough consent to execute the build script. To quote myself:
   
   > I believe we can do the same in NetBeans. The File/Open Project dialog/action is explicit enough consent to start trusting the project and perform the COMMAND_PRIME to download necessary libraries on disk. 
   
   NetBeans shall not trust projects randomly found by searching the disk or opening individual files. However granting full trust, once the user invokes "File/Open Project...", is more than justified in my opinion.
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists