Dear committers, dear community, With a 1 month grace period, we have removed the Travis CI app(s) from all GitHub organizations that the Eclipse Foundation manages. We also denied those apps access to organizations data.
Note that we also activated "access restrictions <https://docs.github.com/en/organizations/restricting-access-to-your-organizations-data/about-oauth-app-access-restrictions>" on a few organizations that had no restriction. It only concerns old organizations as access restrictions are enabled by default for new organizations for a long time now. It may lead to misbehaviors of some apps. Feel free to request permissions for those via GitHub <https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-your-membership-in-organizations/requesting-organization-approval-for-oauth-apps> or just open tickets at https://gitlab.eclipse.org/eclipsefdn/helpdesk <https://gitlab.eclipse.org/eclipsefdn/helpdesk> to get support. Thanks. Mikaël Barbero Manager — Release Engineering and Technology | Eclipse Foundation 🐦 @mikbarbero Eclipse Foundation <http://www.eclipse.org/>: The Platform for Open Innovation and Collaboration > On 21 Sep 2021, at 15:36, Mikael Barbero > <mikael.barb...@eclipse-foundation.org> wrote: > > Dear committers, dear community, > > Since its acquisition by a private equity firm [1], Travis CI’s quality of > service has decreased drastically. > > Recently, Travis CI suffered from a flaw that exposed secrets of thousands of > open source projects [2]. The way the incident has been handled is > unacceptable and supports the idea that Travis CI is in very low maintenance > mode. We are currently scanning our organizations / repositories and we will > reach out to projects that could have been affected by this flaw. > > In addition to this security issue, Travis CI has lowered its free OSS > offering: while ceasing travis-ci.org <http://travis-ci.org/> in favor of > travis-ci.com <http://travis-ci.com/>, they changed their pricing model [3, > 4] and now only offer a fixed, one time amount of free credits for open > source. Once consumed, one needs to beg for more. This causes issues in many > OSS projects [5]. Projects hosted by the Eclipse Foundation are also > concerned, and bug 574335 [6] is one example of the issue. We expect many > more similar ones. > > When we asked for renewable credits, we got the following answer: > > > Thanks for your reply, at the current moment our OSS credit grants are a > > manual > > process. When your credits begin running low again, please reach back out > > to the > > Support team. > > That would not be too much of a bummer if the credits were allocated to all > the organizations we manage, but this is on a per organization basis. It > means we would need to follow credits evolution and send those requests for > each organization running low on credits. This does not scale. > > Due to the issues mentioned above, the Eclipse Foundation will stop > supporting Travis CI on GitHub organizations it manages. From now on, we > won't configure any new repository / organization and we plan on removing the > TravisCI GitHub app from all organizations we manage on October 20th. If you > still rely on Travis CI to build your projects, feel free to reach out to us, > we can help you migrate to our in-house Jenkins farm > https://wiki.eclipse.org/Jenkins <https://wiki.eclipse.org/Jenkins>. > > Thanks. > > [1] https://blog.travis-ci.com/2019-01-23-travis-ci-joins-idera-inc > <https://blog.travis-ci.com/2019-01-23-travis-ci-joins-idera-inc> > [2] > https://arstechnica.com/information-technology/2021/09/travis-ci-flaw-exposed-secrets-for-thousands-of-open-source-projects/ > > <https://arstechnica.com/information-technology/2021/09/travis-ci-flaw-exposed-secrets-for-thousands-of-open-source-projects/> > [3] https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing > <https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing> > [4] https://blog.travis-ci.com/oss-announcement > <https://blog.travis-ci.com/oss-announcement> > [5] > https://www.jeffgeerling.com/blog/2020/travis-cis-new-pricing-plan-threw-wrench-my-open-source-works > > <https://www.jeffgeerling.com/blog/2020/travis-cis-new-pricing-plan-threw-wrench-my-open-source-works> > [6] https://bugs.eclipse.org/bugs/show_bug.cgi?id=574335 > <https://bugs.eclipse.org/bugs/show_bug.cgi?id=574335> > > > > Mikaël Barbero > Manager — Release Engineering and Technology | Eclipse Foundation > 🐦 @mikbarbero > Eclipse Foundation <http://www.eclipse.org/>: The Platform for Open > Innovation and Collaboration >
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
