Skip to main content
  • Log in
  • Manage Cookies
Eclipse Foundation
Download
  • Projects
  • Working Groups
  • Members
  • Community
    • Marketplace
    • Events
    • Planet Eclipse
    • Newsletter
    • Videos
    • Blogs
  • Participate
    • Report a Bug
    • Forums
    • Mailing Lists
    • Wiki
    • IRC
    • Research
  • Eclipse IDE
    • Download
    • Learn More
    • Documentation
    • Getting Started / Support
    • How to Contribute
    • IDE and Tools
    • Newcomer Forum
  • More
      • Community

      • Marketplace
      • Events
      • Planet Eclipse
      • Newsletter
      • Videos
      • Blogs
      • Participate

      • Report a Bug
      • Forums
      • Mailing Lists
      • Wiki
      • IRC
      • Research
      • Eclipse IDE

      • Download
      • Learn More
      • Documentation
      • Getting Started / Support
      • How to Contribute
      • IDE and Tools
      • Newcomer Forum
    • Search

  1. Home
  2. Blogs
  3. Mikaël Barbero's blog
  4. Enforcing HTTPS on the Eclipse Marketplace

Enforcing HTTPS on the Eclipse Marketplace

Tuesday, September 20, 2022 - 13:25 by Mikaël Barbero

As stewards of the Eclipse Marketplace, the Eclispe Foundation is responsible for providing a safe place for the Eclipse IDE users to download their plugins. While the Eclipse Marketplace does not host or transmit the plugins bits, it provides links to (p2) repositories containing them. Until today, there was no restriction on those links.

Beginning December 15, 2022, the Eclipse Marketplace will no longer support links to repositories over plain HTTP. The goal is to protect users of the Eclipse Marketplace from the main risk of plain HTTP links: man-in-the-middle (MITM) attacks.

We will roll out this new requirement in 4 steps:

  • Starting today, September 20, 2022, a banner will be displayed on the Eclipse Marketplace website homepage with the goal to spread awareness of the upcoming changes.
  • On October 14, 2022, the banner will start to be displayed on all Eclipse Marketplace pages and new validation rules will be added to the Eclipse Marketplace backend. New solutions will not be allowed to use links to repositories over plain HTTP and existing solutions will not be able to edited if they still link content over plain HTTP.
  • On December 15, 2022, all non-compliant solutions will be deactivated and won’t be displayed anymore on the Marketplace website. Owners will still be able to fix those for a limited period and get them re-instated.
  • On January 30, 2023, all deactivated solutions that have not been fixed will be permenently deleted.

Of course, we will regularly remind every owners of non-compliant solutions about the upcoming changes and the risks associated with not fixing their solutions.

If you want to follow on this work, you can subscribe for notifications on the corresponding issue.

Eclipse Marketplace Logo

Source: 
https://mikael.barbero.tech/blog/post/enforce-https-eclipse-marketplace/
  • Mikaël Barbero's blog

Eclipse Foundation Blogs

  • Wayne Beaton (820 posts)
  • Mike Milinkovich (319 posts)
  • Ivar Grimstad (244 posts)
  • Benjamin Cabé (131 posts)
  • Tanja Obradovic (60 posts)
  • Thabang Mashologu (37 posts)
  • John Kellerman (27 posts)
  • Paul Buck (22 posts)
  • Frédéric Desbiens (19 posts)
  • Brian King (19 posts)
  • Christopher Guindon (15 posts)
  • Mikaël Barbero (14 posts)
  • Gael Blondelle (14 posts)
  • Hailley Seed (10 posts)
  • Denis Roy (9 posts)
  • Hudson Kelly (8 posts)
  • Michael Plagge (4 posts)
  • Serina El Salibi (3 posts)
  • Shabnam Mayel (3 posts)
  • Shanda Giacomoni (3 posts)
  • Clark Roundy (2 posts)
  • Jacob Harris (2 posts)
  • Stephanie Swart (1 posts)
  • Karla Ferrer (1 posts)
  • Sharon Corbett (1 posts)
  • Paul White (1 posts)

Recent blog posts

  • Hashtag Jakarta EE #162
  • DEVIES Award to Jakarta EE 10
  • Jakarta EE track at Devnexus 2023!!!!
  • Hashtag Jakarta EE #161
  • Jakarta EE Community Update - 2022 in Review
  • jChampionsConf 2023
  • Eclipse Cloud DevTools Contributor Award: Theia Developers for Detachable Views
  • Hashtag Jakarta EE #160
  • THAT Conference 2023
  • European Cyber Resiliency Act: Potential Impact on the Eclipse Foundation
More

Eclipse Foundation

  • About Us
  • Contact Us
  • Sponsor
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors
  • Careers

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace

Other

  • IDE and Tools
  • Projects
  • Working Groups
  • Research@Eclipse
  • Report a Vulnerability
  • Service Status

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top