Hi all, I have commented about the plugins removal in another thread. I have a question about creating a detached plugin for commons-digester: *" The current plan causes plugins which depend on Jenkins to provide Digester to fail unless they are updated. This could be mitigated by moving this dependency to a detached plugin. We decided against creating a detached pluging because there were a small number of affected plugins and only a few of them have significant install base. The creating and maintaining of a detached plugin would still be a significant amount of work and would cause the security vulnerabilities we are trying to address to remain open"*
I agree with the reasoning and the decision. At the same time time it does not explain why the commons-digester3 library is being injected as a direct dependency in pull requests, e.g. https://github.com/jenkinsci/vs-code-metrics-plugin/pull/5/ . Would it make sense to create a new API plugin instead? Otherwise we risk running into compatibility concerns at some point. Creating an API plugin is not discussed in the JEP at all. Best regards, Oleg Nenashev P.S: Sorry for being a bit late to comment On Saturday, May 29, 2021 at 2:41:26 AM UTC+2 boa...@gmail.com wrote: > +1 thanks for doing your due diligence! > > On Fri, May 28, 2021 at 19:14 Basil Crow <m...@basilcrow.com> wrote: > >> +1 from me > > >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to jenkinsci-de...@googlegroups.com. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrQBdo645Zs5cboXStgo_7zJEEsnQ3iCxQ6qC4iw4M%3D4g%40mail.gmail.com >> . >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/4b2291aa-2a87-4d62-992b-c944b1c19aa4n%40googlegroups.com.
