That's an excellent idea. I believe there already is some verification in the plugin loading process but maybe it happens too late.
jenkins-users list, however, is mostly visited by ... users of jenkins. If you want someone to actually do something, you could find jenkins developers on the jenkins-dev list. I think the first thing they will ask you to do is open a bug or a feature request in the jenkins issue tracer. -- Sami Fredrik Orderud <forde...@gmail.com> kirjoitti 27.7.2012 kello 13.09: > In my corporate environment, we are working behind a firewall that returns > "nice" HTML webpages with detailed error instructions instead of a plain > "connection refused" error in situations of invalid PROXY settings. > > We have experienced several times that Jenkins servers with improper PROXY > settings will download jpi-files for plugin updates containing just "error > HTML webpage" content. Jenkins doesn't seem to detect this, and instead tries > to install the corrupted plugin. What then happens is that the plugin upgrade > fails, and the plugin gets _uninstalled_ altogether. Any job-configuration > related to the accidentally uninstalled plugin then also seems to be removed, > which is pretty serious. > > Would it be possible to add some sort of integrity-verification to downloaded > jpi-files prior to install them, so that we avoid accidentally uninstalling > plugins? > > > Thanks in advance, > Fredrik Orderud
