Hi all, I was considering just posting a link in the plugins EOL thread, but thought I'd fork to keep the other thread focused. (and not end up stealing it).
We are currently working on *removing* commons-digester:2.1 <https://search.maven.org/artifact/commons-digester/commons-digester/2.1/jar> from Jenkins Core. *https://github.com/jenkinsci/jenkins/pull/5320 <https://github.com/jenkinsci/jenkins/pull/5320>* After considering an upgrade, we chose the removal path. In particular because the very reason why it is outdated (2010...) and hard to update is that it leaked since many years in the whole Jenkins ecosystem. So we are doing what is deemed right by many, rather than just upgrading so we're in the same situation in 5+ years from now. As Jesse put it <https://github.com/jenkinsci/jenkins/pull/5320#issuecomment-790114286>: *I would rather suggest deprecating Digester2 and maybe detaching it to a split plugin, unless we can kill all plugin references.* After analyzing the impact, we are now pursuing the "unless" part :-). We're fixing the ecosystem instead. 20 plugin PRs, counting. So this email has a few purposes: 1. Raise awareness on these 20+ PRs we opened to fix the ecosystem. If you are a Jenkins plugin maintainer, please look at the list in the table in the description of the Core PR above <https://github.com/jenkinsci/jenkins/pull/5320>. 2. Add an interesting data point to the plugin EOL policy discussion: you'll see that in these PRs, a lot are on *very* old plugins, which many look unmaintained. If the policy was in place already, this may have simplified our work subtantially. And I do think this is vital for us that we can spend our scarce time rather on making Jenkins shine, than on making sure plugins released last 5 to 9 years ago, with less than 200 installs worldwide, still work... 3. *Custom plugins: if you have developed a custom in-house plugin in your company, please make sure to NOT use commons-digester anymore from Jenkins Core.* Given Guava update/removal is another (_much_ bigger) subject in the radar, I thought raising this would be a good thing for a global awareness. Again, I think being able to tackle such cleanup tasks is vital to our continued success. Being stuck to use some 10+ years old dependencies in our beloved tool cannot be a good thing. While we have always valued compatibility deeply <https://www.jenkins.io/project/governance/#compatibility-matters>, we also accepted that potentially breaking some things <https://www.jenkins.io/blog/2018/08/31/shifting-gears/> is critical for us to be able to focus more of our time on the right things. -- Baptiste -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS5YdwNL_CExjed%2B4R-jcDyai-BPPRhR-PkNvZRm%3Dk4u%3Dw%40mail.gmail.com.
