Hi,
Dating back many years, Jenkins has supported two network discovery services (UDP multicast/broadcast and DNS multicast). When this was first implemented this may have been a reasonable way to provide useful lookup services. With modern Jenkins capabilities, networks, and security considerations, this is no longer a good mechanism. There are now other ways to better accomplish pretty much everything this does.
With Jenkins Security Advisory 2020-01-29 ( https://jenkins.io/security/advisory/2020-01-29/
) these services were disabled by default because of
SECURITY-1641 / CVE-2020-2100.
The tests for these services have long been problematic because of various system issues. They have never passed for me on my development machine and others have reported the same. The issues are exacerbated with Java 11.
We propose to remove these network discovery services. See https://issues.jenkins-ci.org/browse/JENKINS-60913 and https://github.com/jenkinsci/jenkins/pull/4460 .
Please respond with any agreement or if you have any important implementations that require these capabilities. Perhaps if this is still needed, the capabilities could be pulled out of core into a plugin, maintained by someone that uses it.
Jeff Thompson
I think it's time to act on it.
The key to implementing it in a plugin is to have someone who relies on it maintain it. If swarm uses it maybe someone involved with that could take it on. I'd be willing to help get things going with that, but not to maintain it. If nobody is interested enough for that, we should kill it off.
Jeff
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/e8f4603d-a953-10f8-0eb0-8cada6eaae36%40cloudbees.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPiUgVc5Rijvp9OnktyfAsG8M2SrrMO0UwUR%2BTHwBm97pYCBaA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPiUgVc5Rijvp9OnktyfAsG8M2SrrMO0UwUR%2BTHwBm97pYCBaA%40mail.gmail.com.
+1 on removing it, is there actually going to be anyone using it who is updating their Jenkins version? I.e is a plugin needed?
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3BifRQoyW2ECh1b4dV4axLtW6PzoK2WAJGOWJ%2BLE-3VcmVA%40mail.gmail.com.
Le jeu. 30 janv. 2020 à 20:10, Tim Jacomb <timja...@gmail.com> a écrit :
+1 on removing it, is there actually going to be anyone using it who is updating their Jenkins version? I.e is a plugin needed?
Would it be worth and possible writing a jep-214 Telemetry impl to catch stats about this use? (Though it'd take a big time to be used, once people upgrade to it, but at least we'd have some trend).
It's probably possible to write some Telemetry code to catch usage stats. I'm not sure how useful the data would be. It could tell us who has enabled the features. And probably servers where the service is probed. It would be harder to tell if they're providing useful value.
I question whether it's worthwhile. If we get some positive
response for the capability that would better support a need for
the Telemetry. Maybe.
Jeff
Yeah, if there's some interest I'm willing to help with that. Otherwise, I figure it's in the git history and can always be resurrected when there's someone motivated enough to keep it going.
Jeff
Please respond with any agreement or if you have any important implementations that require these capabilities. Perhaps if this is still needed, the capabilities could be pulled out of core into a plugin, maintained by someone that uses it.