Re: Request to review: How to fix RequireUpperBoundDeps

[Jesse Glick]

On Mon, Jun 17, 2019 at 8:51 PM Parichay Barpanda
 wrote:
> That doesn't work either.

It works for me. Do not use `exclusion` for plugins.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2V2g_iCTFegV620taiPQjvs4YGg_3sn0DdUxuuj86mpw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Network mapped path VS UNC path on windows

[Nikhil Bhoski]

Hi,

I use Hudson FilePath . in my Jenkins plugin to represent any filePath on 
specific node . However on Windows i have some issues 

1) I have mapped my nework path on windows and assigned a label to it  "U:" 
2) When i try using my network path using the label assigned to it . 
FilePath API fails to navigate to the path 
3) If i use UNC path absolute path then it works fine . 

Eg:

*Below Doe not work *

U:\Myfile\file 

*Below Works Fine*

*\\networkpath\Myfile\file*


Any Idea that How can i handle Network path with labels using FilePath 

Thanks & Regards
Nikhil 

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/5a15c345-c7a8-428e-bc9b-20c63d037290%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Request to review: How to fix RequireUpperBoundDeps

[Parichay Barpanda]

Hi Gavin,

That doesn't work either. In case you want to take a look at the pom it's 
here - https://gist.github.com/baymac/ec349eda7166e93edc2269bb61ea9e94

For me, exclusions (not recommended) way worked as seen in the pom.

On Tuesday, June 18, 2019 at 5:01:49 AM UTC+5:30, Gavin Mogan wrote:
>
> Your highest is the 3rd one, org.jenkins-ci.plugins:structs:1.18, so it 
> needs to be at least 1.18
>
> On Mon, Jun 17, 2019 at 4:30 PM Parichay Barpanda  > wrote:
>
>> Hi ikedam,
>>
>> Thanks for the wiki it was helpful. I am working on GitLab Branch Source 
>> Plugin and I faced similar errors. I used the `dependency management` 
>> method to fix it. While it worked for some of the dependencies it didn't 
>> work for some and I am still getting the following error:
>>
>> [INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (display-info) @ 
>> gitlab-branch-source ---
>> [INFO] Adding ignore: module-info
>> [WARNING] Rule 5: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps 
>> failed with message:
>> Failed while enforcing RequireUpperBoundDeps. The error(s) are [
>> Require upper bound dependencies error for 
>> org.jenkins-ci.plugins:structs:1.7 paths to dependency are:
>> +-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
>>   +-org.jenkins-ci.plugins:scm-api:2.5.0
>> +-org.jenkins-ci.plugins:structs:1.7 (managed) <-- 
>> org.jenkins-ci.plugins:structs:1.9
>> and
>> +-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
>>   +-org.jenkins-ci.plugins:credentials:2.2.0
>> +-org.jenkins-ci.plugins:structs:1.7 (managed) <-- 
>> org.jenkins-ci.plugins:structs:1.9
>> and
>> +-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
>>   +-org.jenkins-ci.plugins:git:3.10.0
>> +-org.jenkins-ci.plugins:structs:1.7 (managed) <-- 
>> org.jenkins-ci.plugins:structs:1.18
>> and
>> +-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
>>   +-org.jenkins-ci.plugins:git:3.10.0
>> +-org.jenkins-ci.plugins:git-client:2.7.7
>>   +-org.jenkins-ci.plugins:structs:1.7 (managed) <-- 
>> org.jenkins-ci.plugins:structs:1.9
>> and
>> +-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
>>   +-org.jenkins-ci.plugins:git:3.10.0
>> +-org.jenkins-ci.plugins.workflow:workflow-step-api:2.13
>>   +-org.jenkins-ci.plugins:structs:1.7 (managed) <-- 
>> org.jenkins-ci.plugins:structs:1.5
>> ]
>>
>> This is what I received even after adding `structs` version 1.7 to 
>> `dependency management`. Is there something I am missing here?
>>
>> On Sunday, June 16, 2019 at 9:27:00 AM UTC+5:30, ikedam wrote:
>>>
>>> Hello, 
>>>
>>> I'm often annoyed with RequireUpperBoundDeps errors while developing 
>>> plugins.
>>> I believe it's really complicating, but I didn't know much about maven,
>>> there looks no documentation for that, and I didn't know the best way to 
>>> handle that for long time.
>>>
>>> I believe I get understand the behavior of maven and 
>>> RequireUpperBoundDeps these days.
>>> I wrote a documentation to help developers like me to know how to handle 
>>> RequireUpperBoundDep.
>>>
>>> https://wiki.jenkins.io/display/JENKINS/How+to+fix+RequireUpperBoundDeps
>>>
>>> Would you review this page and see whether it's suitable?
>>>
>>>
>>> Regards,
>>> ikedam
>>>
>>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkin...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-dev/ea162426-f124-4074-afc5-86b5600ea31d%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/ffea3dfd-6f92-475b-91df-29fcecb66d00%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Request to review: How to fix RequireUpperBoundDeps

[Gavin Mogan]

Your highest is the 3rd one, org.jenkins-ci.plugins:structs:1.18, so it
needs to be at least 1.18

On Mon, Jun 17, 2019 at 4:30 PM Parichay Barpanda <
parichay.barpa...@gmail.com> wrote:

> Hi ikedam,
>
> Thanks for the wiki it was helpful. I am working on GitLab Branch Source
> Plugin and I faced similar errors. I used the `dependency management`
> method to fix it. While it worked for some of the dependencies it didn't
> work for some and I am still getting the following error:
>
> [INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (display-info) @
> gitlab-branch-source ---
> [INFO] Adding ignore: module-info
> [WARNING] Rule 5: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps
> failed with message:
> Failed while enforcing RequireUpperBoundDeps. The error(s) are [
> Require upper bound dependencies error for
> org.jenkins-ci.plugins:structs:1.7 paths to dependency are:
> +-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
>   +-org.jenkins-ci.plugins:scm-api:2.5.0
> +-org.jenkins-ci.plugins:structs:1.7 (managed) <--
> org.jenkins-ci.plugins:structs:1.9
> and
> +-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
>   +-org.jenkins-ci.plugins:credentials:2.2.0
> +-org.jenkins-ci.plugins:structs:1.7 (managed) <--
> org.jenkins-ci.plugins:structs:1.9
> and
> +-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
>   +-org.jenkins-ci.plugins:git:3.10.0
> +-org.jenkins-ci.plugins:structs:1.7 (managed) <--
> org.jenkins-ci.plugins:structs:1.18
> and
> +-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
>   +-org.jenkins-ci.plugins:git:3.10.0
> +-org.jenkins-ci.plugins:git-client:2.7.7
>   +-org.jenkins-ci.plugins:structs:1.7 (managed) <--
> org.jenkins-ci.plugins:structs:1.9
> and
> +-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
>   +-org.jenkins-ci.plugins:git:3.10.0
> +-org.jenkins-ci.plugins.workflow:workflow-step-api:2.13
>   +-org.jenkins-ci.plugins:structs:1.7 (managed) <--
> org.jenkins-ci.plugins:structs:1.5
> ]
>
> This is what I received even after adding `structs` version 1.7 to
> `dependency management`. Is there something I am missing here?
>
> On Sunday, June 16, 2019 at 9:27:00 AM UTC+5:30, ikedam wrote:
>>
>> Hello,
>>
>> I'm often annoyed with RequireUpperBoundDeps errors while developing
>> plugins.
>> I believe it's really complicating, but I didn't know much about maven,
>> there looks no documentation for that, and I didn't know the best way to
>> handle that for long time.
>>
>> I believe I get understand the behavior of maven and
>> RequireUpperBoundDeps these days.
>> I wrote a documentation to help developers like me to know how to handle
>> RequireUpperBoundDep.
>>
>> https://wiki.jenkins.io/display/JENKINS/How+to+fix+RequireUpperBoundDeps
>>
>> Would you review this page and see whether it's suitable?
>>
>>
>> Regards,
>> ikedam
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/ea162426-f124-4074-afc5-86b5600ea31d%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAAgr96%2BojQnx2dKAfOTh4hoMx_tyXfrepfHrNusP3R1dLL5X6A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Request to review: How to fix RequireUpperBoundDeps

[Parichay Barpanda]

Hi ikedam,

Thanks for the wiki it was helpful. I am working on GitLab Branch Source 
Plugin and I faced similar errors. I used the `dependency management` 
method to fix it. While it worked for some of the dependencies it didn't 
work for some and I am still getting the following error:

[INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (display-info) @ 
gitlab-branch-source ---
[INFO] Adding ignore: module-info
[WARNING] Rule 5: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps 
failed with message:
Failed while enforcing RequireUpperBoundDeps. The error(s) are [
Require upper bound dependencies error for 
org.jenkins-ci.plugins:structs:1.7 paths to dependency are:
+-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
  +-org.jenkins-ci.plugins:scm-api:2.5.0
+-org.jenkins-ci.plugins:structs:1.7 (managed) <-- 
org.jenkins-ci.plugins:structs:1.9
and
+-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
  +-org.jenkins-ci.plugins:credentials:2.2.0
+-org.jenkins-ci.plugins:structs:1.7 (managed) <-- 
org.jenkins-ci.plugins:structs:1.9
and
+-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
  +-org.jenkins-ci.plugins:git:3.10.0
+-org.jenkins-ci.plugins:structs:1.7 (managed) <-- 
org.jenkins-ci.plugins:structs:1.18
and
+-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
  +-org.jenkins-ci.plugins:git:3.10.0
+-org.jenkins-ci.plugins:git-client:2.7.7
  +-org.jenkins-ci.plugins:structs:1.7 (managed) <-- 
org.jenkins-ci.plugins:structs:1.9
and
+-io.jenkins.plugins:gitlab-branch-source:0.0.3.-SNAPSHOT
  +-org.jenkins-ci.plugins:git:3.10.0
+-org.jenkins-ci.plugins.workflow:workflow-step-api:2.13
  +-org.jenkins-ci.plugins:structs:1.7 (managed) <-- 
org.jenkins-ci.plugins:structs:1.5
]

This is what I received even after adding `structs` version 1.7 to 
`dependency management`. Is there something I am missing here?

On Sunday, June 16, 2019 at 9:27:00 AM UTC+5:30, ikedam wrote:
>
> Hello, 
>
> I'm often annoyed with RequireUpperBoundDeps errors while developing 
> plugins.
> I believe it's really complicating, but I didn't know much about maven,
> there looks no documentation for that, and I didn't know the best way to 
> handle that for long time.
>
> I believe I get understand the behavior of maven and RequireUpperBoundDeps 
> these days.
> I wrote a documentation to help developers like me to know how to handle 
> RequireUpperBoundDep.
>
> https://wiki.jenkins.io/display/JENKINS/How+to+fix+RequireUpperBoundDeps
>
> Would you review this page and see whether it's suitable?
>
>
> Regards,
> ikedam
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/ea162426-f124-4074-afc5-86b5600ea31d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [DISCUSS] Switching to CentOS for Jenkins Docker base image

[Fred Blaise]

Hi Scott,

What do you think of the export restrictions in the EULA? (some ref: 
https://www.law.cornell.edu/cfr/text/15/740.17)

Any chance you could confirm internally with Redhat that UBI is 100% fit 
for Jenkins open-source?

Thank you.
Best,
fred

On Tuesday, February 26, 2019 at 10:23:24 PM UTC+1, Baptiste Mathus wrote:
>
> Hey everyone,
>
> We had a discussion at the regular Platform SIG meeting, and we thought we 
> would socialize this idea/subject with a larger group of people.
>
> Many events or issues have recently collided that led many us to question 
> the Docker image variants that the Jenkins Project provides, especially the 
> base images that these are based on. 
> Currently, we provide 3 variants, all are based on openjdk's provided 
> images
> * Debian based
> * Debian Slim based (https://hub.docker.com/_/debian/#debiansuite-slim)
> * Alpine based
>
> Given a few recent events around Debian or Ubuntu JDK [1], we started 
> thinking it might be good to switch to a different base image. 
> (The situation around the JDK support is BTW even worse for Alpine. Which 
> led to switching Evergreen already [2]).
>
> So we have started thinking CentOS would seem like a good alternative 
> choice, given how central Java is to this platform in general.
> In this regard, going to Fedora could probably be a possibility too.
>
> We are really interested in hearing your opinions around this. Please 
> voice your concerns, if any. 
> If you think this sounds like a sensible move, please don't hesitate to 
> let us know either :).
>
> Thanks!
>
> -- Baptiste
>
> [1] Summary of the recent JDK issues in Debian and Ubuntu 
> 
> [2] The ticket for switching Evergreen to CentOS, already done 
> https://issues.jenkins-ci.org/browse/JENKINS-55547
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/f2afa3a3-1a4e-4d69-89e3-04605e7ba874%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Dependabot + Peer Plugin Dependencies

[Jesse Glick]

On Mon, Jun 17, 2019 at 6:38 PM Mark Waite  wrote:
> Since they are test dependencies, they won't be included in the packaging and 
> the plugin upgrade is not forced on end users.

Unfortunately, this often “bleeds” into non-test deps when you factor
in `RequireUpperBoundsDeps` fixes.

There is not any particularly satisfactory answer, and this was the
main issue I identified when use of Dependabot on plugin repositories
was first being proposed.

I think JENKINS-47498 would make use of Dependabot much simpler, since
normally there would just be a single version number you would
increment in your POM (not counting the `parent`) to stay up to date
with everything; but it _would_ mean upgrading test and non-test
dependencies alike. Whether this really matters much to users, I am
not sure. Certainly it would reduce surprise failures from
`plugin-compat-tester`.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr3fJys5-6OrPQCAd-ggSa_2EJ9dbRLgV1nCEUgPt%3D%2BNag%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Dependabot + Peer Plugin Dependencies

[Mark Waite]

For plugins which are test dependencies and only test dependencies, I
prefer to keep them at the latest version.  Since they are test
dependencies, they won't be included in the packaging and the plugin
upgrade is not forced on end users.

For plugins that are run time dependencies, I keep them as old as I
possibly can so that I have the least potential of forcing a user to
upgrade that plugin.

"As old as I possibly can" means that I upgrade them when I need an API
that is only provided in that version of the dependency or when there is
another dependency which is forcing an upgrade.

On Mon, Jun 17, 2019 at 3:59 PM 'Gavin Mogan' via Jenkins Developers <
jenkinsci-dev@googlegroups.com> wrote:

> Hey Yall
>
> I'm loving all the little helpfulness that dependabot provides, keeps
> things up to date and etc.
>
> But how do you all handle the peer dependancies, like depending on
> git-plugin? Do you always upgrade? or just as needed?
>
> I know generally you don't want to update your core dep so people arn't
> forced to upgrade, but is that applied to plugins too?
>
> Trying to figure out what to do about the PR noise on blueocean, if i
> should merge or @ignore.
>
> Gavin
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_Duv2v09hz_vZBQfM%2BVZaw1__s0pJdBBL2rR_dnjsXMEfbw%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
Thanks!
Mark Waite

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtGa%3DY4FwSAfYZSiThkLJWEZtDvKTKNHGg8J7hiTmOwmvw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Dependabot + Peer Plugin Dependencies

['Gavin Mogan' via Jenkins Developers]

Hey Yall

I'm loving all the little helpfulness that dependabot provides, keeps
things up to date and etc.

But how do you all handle the peer dependancies, like depending on
git-plugin? Do you always upgrade? or just as needed?

I know generally you don't want to update your core dep so people arn't
forced to upgrade, but is that applied to plugins too?

Trying to figure out what to do about the PR noise on blueocean, if i
should merge or @ignore.

Gavin

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_Duv2v09hz_vZBQfM%2BVZaw1__s0pJdBBL2rR_dnjsXMEfbw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Increasing the bus factor on the security team

[Matt Sicker]

I like to call this the Lottery Factor as a more positive phrase. DB should
know that one quite well. :)

And +1 to seeing another release manager.

On Mon, Jun 17, 2019 at 1:11 PM Parker Ennis  wrote:

> That's a big +1 from me!
>
> On Fri, Jun 14, 2019 at 9:38 AM Daniel Beck  wrote:
>
>> Hi everyone,
>>
>> "Security advisory day" as (acting) security officer is… interesting. I
>> touch many parts of the Jenkins project infrastructure to ensure that
>> releases and the advisory go out in a timely manner. It's basically an hour
>> of exercising admin permissions nonstop on multiple systems.
>>
>> This also means that there are no security advisories when I'm sick or on
>> vacation (or, worse, there's no vacation for me when there are security
>> advisories).
>>
>> For that reason, as discussed with Olivier and Tyler in the previous
>> infra meeting, I'm going to grant all the permissions needed to fill in for
>> me to Wadeck Follonier. Wadeck's been a great collaborator on the security
>> team, and knows our processes as well as I do. I trust him to not abuse the
>> permissions and look forward to doubling our bus factor for this critical
>> part of our security process.
>>
>> Daniel
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-dev/85852A44-FA24-4F27-9281-31DB3E33A74A%40beckweb.net
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> --
>
> *Parker Ennis*
>
> *Product Marketing Manager*
>
> [image: CloudBees-Logo.png]
>
>
> M: (803) 386-7562
> E: ren...@cloudbees.com
> Skype: parker.cb
> Twitter: @Parker_CB 
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAJ2%2BM_DLG6KVHa-w-%2B7n0gRBSTFW-aK-MZJ71h%3D_nx_gm_-yJA%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
Matt Sicker
Senior Software Engineer, CloudBees

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAEot4oxKN4mi3zPtk7GPNdzj_kd0T_CAEpVmn%3DicJtuR1S6wSw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Increasing the bus factor on the security team

[Parker Ennis]

That's a big +1 from me!

On Fri, Jun 14, 2019 at 9:38 AM Daniel Beck  wrote:

> Hi everyone,
>
> "Security advisory day" as (acting) security officer is… interesting. I
> touch many parts of the Jenkins project infrastructure to ensure that
> releases and the advisory go out in a timely manner. It's basically an hour
> of exercising admin permissions nonstop on multiple systems.
>
> This also means that there are no security advisories when I'm sick or on
> vacation (or, worse, there's no vacation for me when there are security
> advisories).
>
> For that reason, as discussed with Olivier and Tyler in the previous infra
> meeting, I'm going to grant all the permissions needed to fill in for me to
> Wadeck Follonier. Wadeck's been a great collaborator on the security team,
> and knows our processes as well as I do. I trust him to not abuse the
> permissions and look forward to doubling our bus factor for this critical
> part of our security process.
>
> Daniel
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/85852A44-FA24-4F27-9281-31DB3E33A74A%40beckweb.net
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 

*Parker Ennis*

*Product Marketing Manager*

[image: CloudBees-Logo.png]


M: (803) 386-7562
E: ren...@cloudbees.com
Skype: parker.cb
Twitter: @Parker_CB 

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAJ2%2BM_DLG6KVHa-w-%2B7n0gRBSTFW-aK-MZJ71h%3D_nx_gm_-yJA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [DISCUSS] Switching to CentOS for Jenkins Docker base image

[Fred Blaise]

Hi Scott,

What do you think of the export restrictions in the EULA? (some ref: 
https://www.law.cornell.edu/cfr/text/15/740.17)

Any chance you could confirm internally with Redhat that UBI is 100% fit 
for Jenkins open-source?

Thank you.
Best,
fred

On Wednesday, May 15, 2019 at 11:14:40 PM UTC+2, Scott McCarty wrote:
>
> All,
> I saw this thread a while back, but couldn't respond until after we 
> launched UBI publicly. UBI follows the RHEL lifecycle, but has the added 
> bonus that 1. new versions come out before CentOS and 2. receives RHEL 
> updates (exact same RPMS). You can build on think of it as CentOS+ when ran 
> anywhere, with the added bonus that it can be run on RHEL/OpenShift and be 
> fully supported by Red Hat. It's distributed under a different EULA than 
> other Red Hat which does allow redistribution of Red Hat trademarks in the 
> content set (YUM/RPMS, images, etc). Also, we will likely add packages in 
> the future, but will never remove them. Feel free to ping me if you have 
> any questions (smcc...@redhat.com ) or this email...
>
>- 
>
>https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image
>- 
>
>https://access.redhat.com/containers/#/product/5c180b28bed8bd75a2c29a63
>
> Scott M (@fatherlinux)
>
> On Friday, May 10, 2019 at 4:09:56 AM UTC-4, Oleg Nenashev wrote:
>>
>> FYI there is a pull request for CentOS image in Jenkins Docker packages
>> https://github.com/jenkinsci/docker/pull/826
>>
>> On Wednesday, February 27, 2019 at 5:29:20 PM UTC+1, R Tyler Croy wrote:
>>>
>>> (replies inline) 
>>>
>>> On Wed, 27 Feb 2019, Olblak wrote: 
>>>
>>> > But I am wondering, instead of going with Centos why not using this 
>>> PPA  with ubuntu? 
>>> > This would imply a smaller breaking change 
>>>
>>> I do not believe that Jenkins should rely on any PPA (Personal Package 
>>> Archive), they have a tendency of growing stale unlike mainstream 
>>> official 
>>> packages. 
>>>
>>>
>>>
>>> -- 
>>> GitHub:  https://github.com/rtyler 
>>>
>>> GPG Key ID: 0F2298A980EE31ACCA0A7825E5C92681BEF6CEA2 
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/a137ad45-4ecf-4feb-b6e7-7dcf12da3d05%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Request to review: How to fix RequireUpperBoundDeps

[Jesse Glick]

On Sun, Jun 16, 2019 at 8:17 AM Daniel Beck  wrote:
> the subsection titles in the otherwise empty section … may help complete the 
> wiki page.
>
> (Ideally the docs would also be moved there once reviewed.)

Reviewing wiki pages is not really comfortable. I would suggest
deleting the wiki page and filing a (draft) PR for jenkins.io fleshing
out content in the page Daniel mentioned. Someone with write
permission to the repository may add me as a suggested reviewer.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2KnMPu%3DoVvmFQcVSHgP74k%2BGf0EnsM8gonVe4R9P1HbQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins Core Release Automation Status

[Olblak]

Hi Everybody,


I am organizing a feedback session on Jenkins core release automation this 
Friday at 3PM (UTC+2).
meet.google.com/kqn-kioe-uns 

This session will focus on how Jenkins is configured on top of k8s and used to 
trigger a new release and where that release artifacts are published.

If you want to experiment by yourself before the session, they are two 
endpoints deployed at the moment:

* https://release.ci.jenkins.io
* https://release.repo.jenkins.io

Those two services are running on an AKS cluster, fully automated and reachable 
from the jenkins infrastructure vpn so feel free to request your access on 
jenkins-infra/openvpn , you'll also 
need to be in the right ldap group, so feel free to ping me mentionning your 
jenkins account. 

Remark: Currently, releases done via release.ci.jenkins.io are not 'official' 
and use a fork repository called 'olblak/jenkins' instead of jenkinsci/jenkins.

Next steps are:
* Clarify who can/should request a new signing certificate.
* Clarify who can/should create a new gpg key.
* Ensure that the process is well protected.
* Define a clear process for the community to contribute Jenkins core packaging 
(Debian,Redhat,etc.)
* Identify artifacts promotion process from staging to production.

Ps: I created a gitter  channel (yet 
another channel) if you have any questions on this topics, feel free to ask 
them there.

Best,

Olblak

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/28497d3c-86f6-445f-9a3c-5d89b6b480a2%40www.fastmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Maintainer for Log Parser Plugin

[Martin Reinhardt]

Any progress on that?

More than two weeks were passed :D 

Am Mittwoch, 12. Juni 2019 11:46:57 UTC+2 schrieb Martin Reinhardt:
>
> looking forward to friday ;)
>
> Am Mittwoch, 12. Juni 2019 09:28:57 UTC+2 schrieb Jon Brohauge:
>>
>> Hi Martin
>>
>> Thank you for stepping up to be a maintainer of this plugin. Can't wait 
>> for the PR's to roll onto master ;-)
>>
>> regards
>> Jon
>>
>> On Sunday, June 2, 2019 at 7:33:45 PM UTC+2, Martin Reinhardt wrote:
>>>
>>> Hi Mike,
>>>
>>> thanks for assisting here.
>>>
>>> My GitHub username is hypery2k
>>>
>>> And me Jenkins Account ID is mreinhardt
>>>
>>> -- 
>>> Martin Reinhardt
>>> Sent with Airmail
>>>
>>> Am 2. Juni 2019 um 03:43:43, Mark Waite (mark.e...@gmail.com) schrieb:
>>>
>>> Thanks in advance for adopting the plugin!  I've copied the most recent 
>>> committers to the plugin on this e-mail to assure that they are OK with 
>>> your adopting the plugin. 
>>>
>>> If no response is received from them in 2 weeks, or if they respond that 
>>> they are willing to add you as a maintainer, then the adoption process 
>>> described on the wiki page can start.
>>>
>>> What's your GitHub user name?
>>> What's your Jenkins infrastructure account ID?
>>>
>>> Mark Waite
>>>
>>>
>>>
>>> On Sat, Jun 1, 2019 at 7:37 PM Mark Waite  wrote:
>>>
 The Adopt a Plugin page 
  suggests: 

 Email the Jenkins Developers mailing list 
  and request to be made a 
 maintainer (which usually means commit access to the plugin repository and 
 being made default assignee for newly reported issues in JIRA). 
 To that purpose, it's expected to try and reach out to existing 
 maintainer(s) using a best effort. So, the typical way to do that is to 
 put 
 her/his/their email addresses in CC (hint: Git commits should have this 
 information).

 We typically wait for about 2 weeks in normal work periods before 
 proceeding, so please be patient. Hence, if you can prove the existing 
 maintainer already agrees and you explicitly asked about taking over (e.g. 
 in a PR discussion), the process can be fast-looped.

 *IMPORTANT: To speed up and ease the process, please provide the two 
 following things:*

- Your GitHub username/id (e.g. oleg-nenashev for 
https://github.com/oleg-nenashev/) 
- Your Jenkins infrastructure account id. Create your account if 
you don't have one . 

 Once granted access, you can file a PR (with your Jenkins 
 infrastructure account id) against 
 https://github.com/jenkins-infra/repository-permissions-updater to be 
 able to deploy snapshots and releases for your plugin. You're generally 
 expected to start slowly, by filing PRs, and not commit directly. Even 
 more 
 for plugins with a big number of installations for obvious reasons.

 On Sat, Jun 1, 2019 at 4:26 AM Martin Reinhardt  
 wrote:

> Hi there,
>
> i want to step in for the Log Parser Plugin: 
> https://github.com/jenkinsci/lo=
> g-parser-plugin 
>
> A already maintain the RocketChat Plugin.
>
> Looking forward
>
> Regards
>
> Martin
>
> --
> You received this message because you are subscribed to the Google 
> Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to jenkin...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-dev/61316fa1-7838-411a-ac3a-ce8e18d6dede%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>


 --
 Thanks! 
 Mark Waite

>>>
>>>
>>> --
>>> Thanks! 
>>> Mark Waite
>>> --
>>> You received this message because you are subscribed to a topic in the 
>>> Google Groups "Jenkins Developers" group.
>>> To unsubscribe from this topic, visit 
>>> https://groups.google.com/d/topic/jenkinsci-dev/e76TyU_MBVU/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to 
>>> jenkin...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtFb2avQOyN3_zoqsO2NukN3PBwqwU2vypyK3PLjyejpfQ%40mail.gmail.com
>>>  
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion