Adoption request for "sonar-gerrit" plugin

[Réda Housni Alaoui]

Hi everyone,

I'd like to adopt https://plugins.jenkins.io/sonar-gerrit/ for the following reasons:

• the plugin hasn't seen any release for 2 years
• since the last Sonarqube LTS version, the plugin needs https://github.com/jenkinsci/sonar-gerrit-plugin/pull/38. The PR has been opened for 1 year without any reaction from the maintainer https://github.com/aquarellian
• the maintainer does not reply to pinging (https://github.com/jenkinsci/sonar-gerrit-plugin/pull/38#issuecomment-953003777) 

I want to deliver https://github.com/jenkinsci/sonar-gerrit-plugin/pull/39 (which is a rework of https://github.com/jenkinsci/sonar-gerrit-plugin/pull/38).

My github username is https://github.com/reda-alaoui .
My Jenkins infrastructure account id is reda_alaoui .

Best regards

[Mark Waite]

Thanks for your interest in adopting the plugin.  That plugin has a known security vulnerability as described at https://www.jenkins.io/security/advisory/2019-10-23/#SECURITY-1003 .  That vulnerability would need to be fixed in addition to the merge of the pull request that you're proposing.

Would you also be willing to fix that vulnerability by modifying the plugin to use Jenkins credentials?

Mark Waite

[Réda Housni Alaoui]

Hello Mark,

Yes I am.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/0e766256-2f08-4b3c-85b3-4c950669fd49n%40googlegroups.com.

[Mark Waite]

+1 from me for the adoption.  Since the referenced request was not a specific request to adopt the plugin, I think we should start the two week timer for the adoption request and complete the adoption in two weeks.

[Réda Housni Alaoui]

Hello,

So 2 weeks have passed. What's the next step? :)

[Mark Waite]

Please submit a pull request to the repository permissions updater repository that proposes to make you a maintainer of that plugin.  

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/cdcca73f-c5f1-45dd-85b9-f3451990bd59n%40googlegroups.com.

[Réda Housni Alaoui]

Hi Mark,

I just tried to push to the adopted repository and it fails with:

ERROR: Permission to jenkinsci/sonar-gerrit-plugin.git denied to reda-alaoui. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.

I first thought it was because I provided my jenkinsci username instead of my github username in the PR.

But given https://github.com/jenkins-infra/repository-permissions-updater/pull/2243/checks?check_run_id=4497955598, I came to the conclusion that is was not culprit.

Can you help me with this please?

Best regards

[Gavin Mogan]

Weird, why did i merge https://github.com/jenkins-infra/repository-permissions-updater/pull/2210 when the template wasn't filled out.

We never gave you github access, the template has a field to indicate if you need github access as well.

I'll run it now.

Gavin

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/b4e8605a-a265-491a-b70b-5e166965c871n%40googlegroups.com.

[Réda Housni Alaoui]

Whatever you did worked !

Thank you

 --
 You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
 To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/t0Q0UcSAJK4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DuvjDm9%2BJ%2B0EOivwrbXBFKmEZaR2C5APkDqx8PJ4rg9s3A%40mail.gmail.com.

[Réda Housni Alaoui]

Me again :)

I can't authenticate to https://repo.jenkins-ci.org/ui/login/ with my Jenkins credentials.
Did I do something wrong?

Best regards

[Gavin Mogan]

Passwords got reset a couple months ago

account service is down so you can't reset your credentials till it comes back up, they are confirming log4j free

Gavin

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/a0124fa8b269f83e46a058c97db302bead1ac7df%40hey.com.

[Jean-Marc Meessen]

Hello Reda,

Thank you for adopting this plugin.

I am working with Mark Waites and a couple of others on various initiatives to improve the contributors and maintainers experience (especially newcomers).

It is in that context that I believe that it would be great if we could we discuss your experience by mail of even is a short call (if time zones are favorable). I'd like to know things, among others, like:

• was the adoption successful?
• what were the friction points? 
• Did you get (or needed) help? In what form? 
• what were your motives for adoption?
• what is your previous experience as Jenkins/OSS contributor and in java dev?
• ....

If interested to share your experience, you can contact me at jean...@meessen-web.org.

/- Jmm

Jean-Marc Meessen

Brussels, Belgium

[Réda Housni Alaoui]

Hello,

I am still unable to acces the repo :/

Is there something I can watch to know when I will be able to reset the password?

Best regards

[Mark Waite]

On Sunday, December 19, 2021 at 12:28:22 PM UTC-7 reda wrote:

Hello,

I am still unable to acces the repo :/

Is there something I can watch to know when I will be able to reset the password?

https://accounts.jenkins.io is available again.  Try resetting your password there. 

You need to reset the password for your jenkins.io account, "reda_alaoui".  The previous pull request is correctly using your jenkins.io account.  That is the account you should use to login to https://repo.jenkins-ci.org .  If you are unable to login as user reda_alaoui to https://repo.jenkins-ci.org, then you need to reset the password for the account reda_alaoui using https://accounts.jenkins.io and try login to https://repo.jenkins-ci.org with the new password.

[Réda Housni Alaoui]

Thank you, it worked :)

--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/t0Q0UcSAJK4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-de...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/6161a9a7-dfbd-4ed5-8162-533d2c34ca29n%40googlegroups.com.

[Réda Housni Alaoui]

Hello Mark,

I just released a fix for https://www.jenkins.io/security/advisory/2019-10-23/#SECURITY-1003 in version 2.4.5 of the plugin.

How to update the CVE data to mention the fixed version?

Best regards

[Tim Jacomb]

See https://www.jenkins.io/security/plugins/#followup

You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.

To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/ac5bcc78-b58d-433b-9ed8-5864a6f32b7an%40googlegroups.com.