ruby-runtime is a plugin that allows Jenkins plugins to be implemented in Ruby. It has quite a number of problems:
* The source code situation is a mess, with two separate repositories. https://github.com/jenkinsci/ruby-runtime-plugin/pull/6#issuecomment-383842017 https://github.com/jenkinsci/ruby-runtime-plugin/ https://github.com/jenkinsci/jenkins.rb/tree/master/java-runtime * It is unmaintained, with the latest release (0.12) in 2013. While the changelog claims that 0.13 was released in 2016, it's not actually available on update sites. The last real activity seems to have happened around 2014. http://plugins.jenkins.io/ruby-runtime * It caused problem after a core update a few months back due to a faulty assumption. As the plugin is unmaintained, and parts get packaged in dependent plugins (i.e. fixing ruby-runtime isn't enough), we had to revert part of the core change, or accept that ruby-runtime based plugins remain broken until they all _individually_ get updated. https://jenkins.io/changelog/#v2.92 https://issues.jenkins-ci.org/browse/JENKINS-48116 https://github.com/jenkinsci/jenkins/pull/3154 https://issues.jenkins-ci.org/browse/JENKINS-48116?focusedCommentId=320469&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-320469 * It required extensive whitelisting in core to achieve JEP-200 compatibility due to the JRuby glue. https://github.com/jenkinsci/jenkins/blob/91e1cf2d3e0fa1c4766c62f2db54cd3a28cd9d32/core/src/main/resources/jenkins/security/whitelisted-classes.txt#L171...L197 ruby-runtime is used by 22 other plugins as a dependency. Most of them appear to not be actively maintained, not having received a new release in several years. Only three were released in the past two years and/or have more than 1000 installs. https://plugins.jenkins.io/buddycloud was last released Jun 05, 2014 (1 install) https://plugins.jenkins.io/capitomcat was last released Feb 17, 2015 (980 installs) https://plugins.jenkins.io/chef was last released Aug 29, 2015 (451 installs) https://plugins.jenkins.io/ci-skip was last released Dec 23, 2013 (406 installs) https://plugins.jenkins.io/commit-message-trigger-plugin was last released Sep 30, 2014 (272 installs) https://plugins.jenkins.io/cucumber was last released Mar 13, 2013 (493 installs) https://plugins.jenkins.io/devstack was last released Sep 17, 2012 (18 installs) https://plugins.jenkins.io/git-notes was last released Apr 23, 2012 (692 installs) https://plugins.jenkins.io/gitlab-hook was last released Apr 17, 2016 (9667 installs) https://plugins.jenkins.io/ikachan was last released Jun 04, 2012 (12 installs) https://plugins.jenkins.io/jenkinspider was last released Jun 19, 2015 (12 installs) https://plugins.jenkins.io/mysql-job-databases was last released Sep 20, 2014 (233 installs) https://plugins.jenkins.io/pathignore was last released Nov 18, 2011 (331 installs) https://plugins.jenkins.io/perl was last released Mar 07, 2013 (178 installs) https://plugins.jenkins.io/perl-smoke-test was last released Sep 26, 2014 (30 installs) https://plugins.jenkins.io/pry was last released May 31, 2012 (80 installs) https://plugins.jenkins.io/pyenv was last released Aug 06, 2014 (903 installs) https://plugins.jenkins.io/rbenv was last released Apr 18, 2016 (983 installs) https://plugins.jenkins.io/rvm was last released Aug 10, 2016 (2261 installs) https://plugins.jenkins.io/singleuseslave was last released May 07, 2015 (131 installs) https://plugins.jenkins.io/travis-yml was last released Nov 13, 2016 (434 installs) https://plugins.jenkins.io/yammer was last released Jul 19, 2013 (129 installs) The by far most popular plugin based on ruby-runtime is gitlab-hook at just under 10k installs. It is part of last week's security advisory, as its maintainer published a fix for a (fairly minor, but still) security vulnerability two years ago, but never actually released it, or informed the security team that he worked on it in public, so can be considered not actively maintained. https://jenkins.io/security/advisory/2018-05-09/#SECURITY-263 https://github.com/jenkinsci/gitlab-hook-plugin/commit/8e127c3ee8fb164acbf9f73530215f788b531033 I don't think any of the above problems are inherently unrecoverable, but unless somebody is ready to take ownership of ruby-runtime, and fixes its problems, my proposal is to remove ruby-runtime from distribution, and announce its deprecation. Distribution of dependent plugins would necessarily be suspended as well, until reimplemented in Java, similar to other plugins with unsatisfiable dependencies. Generally there's no reason for something to be removed from distribution just because it doesn't work well. But ruby-runtime has caused quite some work for core maintainers, as the above references show, and wasted time better spent elsewhere. I think it's only a matter of time until things break in ways not easily recoverable, and the longer we wait, the more painful it will be. WDYT? Daniel -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/6797DF59-E37F-4361-B007-9F60A856E1FB%40beckweb.net. For more options, visit https://groups.google.com/d/optout.