On Mon, Dec 13, 2021 at 11:22 AM 'rsomas...@netflix.com' via Jenkins Developers <jenkinsci-dev@googlegroups.com> wrote: > > While sometimes […] it is about security […] > Other times, it's mostly about reducing redundant libraries […]
Indeed. > Other common libraries are > com.google.code.gson gson 2.8.5 45 Ought to be made into an API plugin I think. > org.apache.commons commons-lang3 3.4 33 Ditto. On Mon, Dec 13, 2021 at 10:35 AM 'rsomas...@netflix.com' via Jenkins Developers <jenkinsci-dev@googlegroups.com> wrote: > > The maven-hpi-plugin could do some linting of the plugins Would certainly be nice to issue warnings to plugin developers directing them to use API plugins when possible. Another common mistake I have seen is mistakenly bundling test libraries in production, which in some cases results in memory leaks that can take down a controller (cf. JENKINS-65650 and JENKINS-65771). > only get it as a transitive from the provided dependency on jenkins-core Might be interesting to look into avoiding the bundling of dependencies that are provided by Jenkins core. These are unused at runtime: https://github.com/jenkinsci/jenkins/blob/165d559469c7a58af581931bd1b89e5b9ed4a9af/core/src/main/java/hudson/ClassicPluginStrategy.java#L247 -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoGO%3DrHhqttnUJ_--eLq_BE2qq%3DXNnvi8FK_fkJfXgFEg%40mail.gmail.com.