Core / Release teams clean up
25 views
Skip to first unread message
wfoll...@cloudbees.com
Nov 13, 2025, 11:39:31 AM (yesterday) Nov 13
to Jenkins Developers
Hello everyone,
Like I did (with Damien) about three years ago [1], I would like to remove some permissions / clean up the Core [2] and Release [3] teams we have in the jenkinsci organization in GitHub.
Wadeck Follonier, Security officer
Like I did (with Damien) about three years ago [1], I would like to remove some permissions / clean up the Core [2] and Release [3] teams we have in the jenkinsci organization in GitHub.
I heard your feedback (thanks, Tim) suggesting that I open a discussion here instead of doing it directly. The only problem I have with that is that I don't want to make anyone feel blamed by putting their name on a list.
Why do this?
=> Reducing risks and cleaning up. There are frequent phishing attacks and credentials leaks that could cause a supply chain attack against the project.
Why Core/Release?
=> They both grant write permissions to jenkinsci/jenkins (Jenkins core).
Who's affected?
=> Individuals with no activity (reviews, commits, or merges) on the related repositories for the last 12 months. Currently, two people in Core and five in Release (including some who will remain part of Core). If you're worried about your permissions, that's already a good indicator that you're still active and unlikely to be on the list. But if you want to be sure, feel free to send me an email.
Can I rejoin?
=> Yes, you're more than welcome to. Damien will securely store the screenshots of the team compositions (encrypted) so the board members or officers can quickly restore access if someone wants to contribute again.
My approach:
- Open this thread, seeking opinions/suggestions
- Send email, WhatsApp, LinkedIn, or other messages to the individuals concerned (within one hour)
- If there's no response (or an acceptance) within about one week (by Wed, Nov 19), I'll remove their accounts from the Core or Release teams.
Best regards,
Wadeck Follonier, Security officer
Tim Jacomb
Nov 13, 2025, 12:20:12 PM (yesterday) Nov 13
to jenkin...@googlegroups.com
Makes sense to me, thanks for doing this.
CONFIDENTIALITY NOTICE: This email and any attachments contain confidential and proprietary information of CloudBees intended only for the named recipient(s). Unauthorized use or distribution is prohibited. If you received this in error, please notify the sender and delete this email. --
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/jenkinsci-dev/3e322521-29a7-46d4-9901-1575c9ce1af2n%40googlegroups.com.
Alexander Brandes
Nov 13, 2025, 2:13:14 PM (23 hours ago) Nov 13
to Jenkins Developers
Thanks for that, sounds good to me.
Reply all
Reply to author
Forward
0 new messages