Multiple Plugin Update Sites

[the.n...@gmail.com]

I would like to suggest - not sure if this was already considered and dismissed - a change in how plugins are managed. The use case begins with a company that either gets their plugins from one or more third parties or builds their own plugins (considered for this use case a third party). Authorized product URLs are periodically scanned for updates and made available on the standard Jenkins Plugins page, highlighted as from one of the alternate sources. The set of URLs to consult should always include the standard Jenkins root, by default, and could have additional URLs added to the System Configuration by authorized users (a.k.a. Administrators or higher - this may add a new class of user). Also, by default, the URLs must have valid certificates in order to be processed, although in the case of the company's own plugins, that might be something that could be bypassed - again by an authorized user only. As part of this use case, the ability to install a plugin through the individual HPI upload mechanism may be restricted. Also part of this use case would be the ability to exclude specific plugins from being installed, either for security or policy reasons.

I realize that philosophically that plugins all should be at jenkins.io, but in many situations - my own, in particular, the plugins are not of general interest and may be of interest to under 500 users. The objective is for administrators to more tightly control what Jenkins plugins are used but to retain the ability to support third party plugins.

If this is desired (and practical), I would be willing to take this on - or at least to try. Maybe this is a discussion to be tabled until a future in face meeting.

Sincerely,
Randall Becker

[Daniel Beck]

This exists, just isn't exposed on the UI.

Install e.g. https://plugins.jenkins.io/update-sites-manager/ and you have everything you want (other than removing the file upload, but between admins specifying a URL and being allowed to bypass other restrictions, there's no difference in security).

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/3831be17-fe8d-497d-a52e-34ee0b317cb5n%40googlegroups.com.

[the.n...@gmail.com]

Thank you. That's terrific.