I would rather suggest deprecating Digester2 and maybe detaching it to a split plugin, unless we can kill all plugin references.
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/ea8584a7-12ce-42a4-b89c-6b95b91461f6n%40googlegroups.com.
- cvs still being reported as installed 40k times...
--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/m2fEX5ALvbg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjp9q5sdO%2BuYUH2voGYqufHs%2BE3gULdvdnwCHwgWGByLEg%40mail.gmail.com.
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLDz5m2Z8W441jCPQAxsj%3DvfG2uK5TdRJZpLXSH8uanKfA%40mail.gmail.com.
This is not to say we don’t ever remove anything, but we do it very carefully.
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/B214EACA-57A8-4EB4-9FFA-C59B2F0D9D89%40beckweb.net.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAA0qCNwD%3DMMh5i%2BjeEte6CxRqQ%3DcCVEZqmNMxtPcgC8JUJ_0vA%40mail.gmail.com.
What about a quick JEP?
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/f8066f0c-9dfe-4209-8fe8-e19bcf30b8e7n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAA0qCNyOnh-O1o%2Bo2srtHd38G%3DQbpYA6mDS2Wt6T8M0f4ahJqw%40mail.gmail.com.
+1 from me
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrQBdo645Zs5cboXStgo_7zJEEsnQ3iCxQ6qC4iw4M%3D4g%40mail.gmail.com.
Hi all,I have commented about the plugins removal in another thread. I have a question about creating a detached plugin for commons-digester: " The current plan causes plugins which depend on Jenkins to provide Digester to fail unless they are updated. This could be mitigated by moving this dependency to a detached plugin. We decided against creating a detached pluging because there were a small number of affected plugins and only a few of them have significant install base. The creating and maintaining of a detached plugin would still be a significant amount of work and would cause the security vulnerabilities we are trying to address to remain open"I agree with the reasoning and the decision. At the same time time it does not explain why the commons-digester3 library is being injected as a direct dependency in pull requests, e.g. https://github.com/jenkinsci/vs-code-metrics-plugin/pull/5/ . Would it make sense to create a new API plugin instead? Otherwise we risk running into compatibility concerns at some point. Creating an API plugin is not discussed in the JEP at all.
Best regards,Oleg NenashevP.S: Sorry for being a bit late to comment--On Saturday, May 29, 2021 at 2:41:26 AM UTC+2 boa...@gmail.com wrote:+1 thanks for doing your due diligence!On Fri, May 28, 2021 at 19:14 Basil Crow <m...@basilcrow.com> wrote:+1 from me
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrQBdo645Zs5cboXStgo_7zJEEsnQ3iCxQ6qC4iw4M%3D4g%40mail.gmail.com.
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/4b2291aa-2a87-4d62-992b-c944b1c19aa4n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/6d186d75-1d7d-4f05-b874-ef74941828cdn%40googlegroups.com.
> Just to make sure I get your point/stance:> * you would agree we mark the current PR as ready-for-merge> * [provided we enrich the JEP-231 with the following [?]]> * to make things better for the future, you recommend we create a digester3-api plugin so these plugins can all be updated in one go.Taking two votes here and many approvals in https://github.com/jenkinsci/jenkins/pull/5320, I am not against that. I would prefer us to rather follow the new JEP-1 process draft in https://github.com/jenkinsci/jep/pull/359 so that we could verify and dry run the changes, but I do not want to do modifications for them.I am not ready to support the PR on my own though,
because we should firstly release the API plugin
and do the better effort in reaching out to plugin maintainers and getting releases or explicit up-for-adoption where possible.
If other core maintainers do not want to wait, I am ready to accept this decision. And I definitely do not want the PR to miss the LTS merge window.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/6d186d75-1d7d-4f05-b874-ef74941828cdn%40googlegroups.com.
> I am not sure exactly sure what you mean by this, but I am certainly not requesting nor expecting you to support any fallout of this PR. Our team will obviously step up if something bad arisesSorry for confusion, I have no doubt that your team will provide good support for this change. What I meant is that I am not ready to put my +1 for merging, but I do not block others from proceeding with the merge.> What I'm trying to avoid here is stalling this work. We created this PR on the 1st of March.I do not want to stall it either. This is a good technical debt reduction work, and " I definitely do not want the PR to miss the LTS merge window" like stated above. I'd love to see it in the September LTS release. We are also interested to get it in weekly rather sooner than later so that we can address any regressions if reported.>> and do the better effort in reaching out to plugin maintainers and getting releases or explicit up-for-adoption where possible.> Care to elaborate please? IIUC you mean sending an email to the last known maintainers for plugins that are going to be broken when we merge the Core PR.Yes, I mean sending emails offering to either merge/release the fix or to put the plugin for adoption. It would be great to finalize Basil's plugin EOL JEP so that we have this process more or less automated. But now yes, emails. They can be retrieved from the plugin metadata, Jira or Git commit history. I can help with these emails as a board member.
> TBH after this, I fear a bit the Guava upgrade that we want to help on next...Topic for a contributor summit? I also expect difficulties with Guava upgrade and then Groovy update needed for Java 17 and housekeeping.Contributor summit could be a good venue to develop strategy for such massively used components.
> What, specifically, is the threshold of usage that would cause you to express concern?I do not have a specific threshold at the moment. And I do not think the installation numbers represent the community importance well. Big Jenkins setups at enterprises tend to use "exotic" plugins with low installation numbers, just because they have specific requirements to their environment and scalability. Admins of these instances also tend to disable sending usage stats when they discover this option. So I just use personal expertise which might be biased due to my Hardware/Embedded background. Ask Daniel or Jesse how often they do a facepalm after hearing about my use-cases and hacks :)Speaking seriously, we could definitely think about defining our criteria about what we care during such upgrades. Stale plugins and plugins waiting for adoption for years should not be a blocker for changes we need as the community.
On Monday, May 31, 2021 at 11:57:12 PM UTC+2 m...@basilcrow.com wrote:Dear Oleg,
On Sun, May 30, 2021 at 11:55 AM Oleg Nenashev <o.v.ne...@gmail.com> wrote:
> I have commented about the plugins removal in another thread.
In particular, you wrote: "From the list, I am particularly concerned
about Code Coverage plugins which seemed to be actively used."
You expressed concern about Emma, a code coverage plugin with 3,148
installations. You did not express concern about BlameSubversion, a
plugin not related to code coverage with 825 installations.
What, specifically, is the threshold of usage that would cause you to
express concern?
Thanks,
Basil
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/7486685b-b93e-4151-b952-8b927bf7f7d0n%40googlegroups.com.
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/m2fEX5ALvbg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS6uUVLXR2us3FuouA_8URPNNme8RtfRoROuLzaTXRXR6A%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLDqV3%3DUf6O_oVYskGjGu8bWw263ZZOcO%2B%3DZNg%2BDb%2BMLAA%40mail.gmail.com.