zlacker

[parent] [thread] 6 comments
1. Pet_An+(OP)[view] [source] 2026-02-02 17:28:30
Checking for updates and pulling in plug-ins. Both are valid.
replies(5): >>Bender+n9 >>Mister+Sg >>Saris+pt >>thegri+YX1 >>hulitu+UM2
2. Bender+n9[view] [source] 2026-02-02 18:14:35
>>Pet_An+(OP)
A browser can download updates and plugins to be installed locally. I too do not want all my apps making internet connections. Sandboxes / namespaces can help a little.
3. Mister+Sg[view] [source] 2026-02-02 18:50:51
>>Pet_An+(OP)
It's because of issues like these that I do not agree with your statement of validity. It's also cheaper code wise to not have these contraptions.
4. Saris+pt[view] [source] 2026-02-02 19:52:09
>>Pet_An+(OP)
I think these days updates through the OS package manager is a better option, windows has had winget for 5+ years now, and obviously linux and macos both have their own established systems.
5. thegri+YX1[view] [source] 2026-02-03 03:42:47
>>Pet_An+(OP)
As for updates - my OS has a built-in package management system, which is responsible for installing and updating packages. Why should notepad++ bypass that and do its own independent update process?
replies(1): >>marona+wm3
6. hulitu+UM2[view] [source] 2026-02-03 10:57:03
>>Pet_An+(OP)
> Checking for updates

Why ? CADT ?

◧◩
7. marona+wm3[view] [source] [discussion] 2026-02-03 14:43:00
>>thegri+YX1
Because other OSs do not and the notepad++ team wants all users to have a similar experience.

If you don’t need auto updates, just disable them.

More importantly, notepad++ being able to update itself is not the exploit here. Your OS’ package manager would download the same compromised binary as notepad++’s built in updater.

[go to top]