Re: Adopt oic-auth-plugin

[Rick]

Hi Michael,

It's totally reasonable. I'm the maintainer of serval plugins. Sometimes, I
just don't have enough time out maintain them like you.

Best,

On Mon, Aug 26, 2019 at 10:09 PM Michael Bischoff <
michael.bisch...@controplex.nl> wrote:

> Hello Rick,
>
> Yeah it would be good to have at least another maintainer for the plugin.
> I actually take some days off a couple of times a year to run trough things
> and actually solve and close issues.
> I've been a bit skittish with regards to replying to issues being opened
> as I haven't found any time to sit down and resolve things.
>
> Perhaps we should talk direction and expectations at some point?
>
> Best regards,
>
> Michael
>
> On Sun, 25 Aug 2019 at 03:43, Rick  wrote:
>
>> Hi Gavin,
>>
>> Thanks for your suggestion. The issue
>>  was created now.
>>
>> On Sun, Aug 25, 2019 at 9:36 AM 'Gavin Mogan' via Jenkins Developers <
>> jenkinsci-dev@googlegroups.com> wrote:
>>
>>> As far as I know, you need to make a best attempt to contact the current
>>> maintainer before the timeout happens.
>>>
>>> So I'm adding m.bisch...@controplex.com as thats what is listed in the
>>> pom file.  (Which i suspect will bounce because
>>> https://github.com/mjmbischoff/nexus-blobstore-swift/issues/2#issuecomment-507164722
>>> says they just switched jobs)
>>>
>>> @Rick can you also make a github issue on oic-auth-plugin
>>>  asking for
>>> maintainership and tagging @mjmbischoff in a comment?
>>>
>>> Gavin
>>>
>>> On Sat, Aug 24, 2019 at 6:08 PM Marky Jackson 
>>> wrote:
>>>
 +1 from me

 On Aug 24, 2019, at 6:06 PM, Rick  wrote:

 Hi team,

 I'd like to adopt oic-auth-plugin
 . This plugin looks
 like lack of maintaining since Feb.

 I already started a thread here
 
 to waiting for the author's response.

 --
 Zhao Xiaojie (Rick)
 Blog: https://github.com/LinuxSuRen
 Twitter: https://twitter.com/suren69811254


 --
 You received this message because you are subscribed to the Google
 Groups "Jenkins Developers" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to jenkinsci-dev+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/jenkinsci-dev/CAMM7nTFgo1H0kOqS0JXsdaXcw%3DDzOV4Zjux8Yi6CObzW8Qpn0Q%40mail.gmail.com
 
 .


 --
 You received this message because you are subscribed to the Google
 Groups "Jenkins Developers" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to jenkinsci-dev+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/jenkinsci-dev/0FB3F3E4-B877-4923-879C-869FA2F70758%40gmail.com
 
 .

>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Jenkins Developers" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to jenkinsci-dev+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DuutWdzVyQrOne3om-wiKN%3DFjG9rxtjfTY8iA%3DVE1fQnxA%40mail.gmail.com
>>> 
>>> .
>>>
>>
>>
>> --
>> Zhao Xiaojie (Rick)
>> Blog: https://github.com/LinuxSuRen
>> Twitter: https://twitter.com/suren69811254
>>
>>

-- 
Zhao Xiaojie (Rick)
Blog: https://github.com/LinuxSuRen
Twitter: https://twitter.com/suren69811254

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAMM7nTEU0XMcyvTfAP1%2BmkmgjV_4N4_%2B6_3T_W7Pdwv47VEzCQ%40mail.gmail.com.

Re: Impact of BOM on plugin versions

[Jesse Glick]

On Mon, Aug 26, 2019 at 4:46 PM Mark Waite  wrote:
> I've generally preferred to keep the dependency at oldest version I can 
> reasonably trust.

Well, the BOM is designed to give you the newest version compatible
with your LTS line.

> I believe in this case that the credentials plugin 2.2.0 is the required 
> dependency from the BOM because it is the version which includes the most 
> recent security fix for the credentials plugin.

No, it is just the latest available version according to Dependabot.

> Am I correct [that using the BOM] means [users] will generally have newer 
> dependencies than they did in the past?

Yes.

Now as to whether you _want_ to publish new releases of one plugin
that depend only on old releases of another plugin, this is certainly
a matter of judgment. You would be offering a special benefit to the
user that spends an hour looking over the *Updates* tab, poring
through release notes, and hand-picking certain updates according to
features or fixes they think they want. But your plugin’s tests will
only be verifying compatibility with a rather old snapshot of the
Jenkins ecosystem, and you will likely even be writing new code which
calls APIs that were deprecated years ago.

The assumption behind the BOM is that most people just accept all
updates most of the time, and if something breaks they will just roll
everything back, or tolerate it until a fix is released; plugin
maintainers should “fixing forward”. (Jenkins core is somewhat
artificially given a special position in this view, as something that
is cumbersome and particularly risky to update.)

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2FysL-2e6PPtkdHHYXFEJkFhhcstK1BV3eu-WWLT%3Dopw%40mail.gmail.com.

Impact of BOM on plugin versions

[Mark Waite]

I think that it would be easier to maintain the workflow test dependencies
inside the git plugin by using the new BOM that Jesse has created.

As a test, I tried to use the BOM with the git client plugin.  That change
allowed me to remove the explicit version numbers from 4 dependencies.
That is a nice very nice improvement for a plugin that has relatively few
dependencies.

However, when I look at the dependencies which are assigned by the 2.138.1
version of the BOM, it assigns

   - ssh-credentials 1.17.1
   - credentials 2.2.0

I've generally preferred to keep the dependency at oldest version I can
reasonably trust.  In this case, the BOM is choosing the second most recent
release of the credentials plugin

I believe in this case that the credentials plugin 2.2.0 is the required
dependency from the BOM because it is the version which includes the most
recent security fix for the credentials plugin.

A different security advisory recommends that ssh-credentials should be
newer than 1.13.  Is there a specific reason that 1.17.1 was selected
rather than 1.14?

Am I correct to assume that it is safe, reasonable, and healthy for the git
client plugin (and the git plugin) to use the BOM and accept that means
they will generally have newer dependencies than they did in the past?

Mark Waite

-- 
Thanks!
Mark Waite

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtEw%2BN%2BeaTHaOCmmo0-QpKrBrxM3zsa2wECQ02XRD9eQLw%40mail.gmail.com.

Re: Next LTS line selection open. Due 2019-08-27

[Mark Waite]

I've started testing 2.190 late Friday.  I did not find any immediate
reasons to reject it as the LTS.  The security release scheduled for
Wednesday seems to me like a good reason to prefer choosing 2.190 as a
baseline, then update to the security release as the baseline after it is
delivered.

I haven't investigated the startup failures reported in JENKINS-58912 and
JENKINS-58938.

I'm also concerned about JENKINS-58692 from the KDE project beginning in
2.186.  Jesse Glick investigated it and was unable to duplicate it.  The
KDE project found a workaround (install the symlinks plugin) and can't
really explore other options because it is their production system.
JENKINS-58692 will affect 2.186 and later, so it seems relevant to
investigate further as a risk to any LTS version we select.

I prefer the upcoming security release as the baseline, but JENKINS-58912
and JENKINS-58938  need investigation before the LTS is released.

Mark Waite

On Mon, Aug 26, 2019 at 6:28 AM Oleg Nenashev 
wrote:

> I would vote for 2.187 as a baseline. FTR
> https://groups.google.com/forum/#!topic/jenkinsci-dev/oQ8PD1hgYBE for the
> mailing list selection process proposal.
>
> For the anticipated absence of a government meeting, we will be
>> selecting next LTS candidate here, on the mailing list. The conclusion
>> will be wrapped up no longer than Tuesday 27th COB UT
>>
>
> We have a security release on Wednesday. Assuming it is stable, we could
> use it as a baseline.
>
> If we discuss only released versions https://jenkins.io/changelog/#v2.189 has
> a pretty bad community rating. JENKINS-58912
>  / JENKINS-58938
>  looks to be a pretty
> bad regression somewhere, but nobody has investigated the issue so far. It
> is not clear when and why it happens. I am not sure we are safe to go into
> LTS with it. So 2.187 is my preference (2.188 was burned)
>
> BR, Oleg
>
>
> On Monday, August 26, 2019 at 11:00:47 AM UTC+2, ogondza wrote:
>>
>> For the anticipated absence of a government meeting, we will be
>> selecting next LTS candidate here, on the mailing list. The conclusion
>> will be wrapped up no longer than Tuesday 27th COB UTC time. Feel free
>> to share your thoughts here.
>>
>> ---
>>
>> I believe we affectively only have 2 candidates[1], 2.189 and 2.190.
>> Since 2.190 has relatively few changes in it, all minor, got 2 weeks of
>> soaking with nothing but positive community feedback, I vote to choose
>> that despite being the latest weekly published.
>>
>> [1] https://jenkins.io/changelog/
>>
>> --
>> oliver
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/2577f42d-5a15-4995-b5f8-a97de6a60fe7%40googlegroups.com
> 
> .
>


-- 
Thanks!
Mark Waite

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtGF6tysTgmQ4whw%3DEgBaj4POMoCkwipVGpLXrt3axdkyA%40mail.gmail.com.

Re: Jenkins Summer Project Demos on Aug 23 and Aug 26

[Oleg Nenashev]

Recording of the first part: https://www.youtube.com/watch?v=g19o24uzy6c
Online meetup for the second part will happen today at 3PM UTC

On Thursday, August 22, 2019 at 10:52:48 PM UTC+2, Oleg Nenashev wrote:
>
> Hi all,
>
> This summer Jenkins projects participated in Google Summer of Code, 
> Outreachy and Community Bridge. We will have Jenkins Online Meetup sessions 
> on Aug 23 (2:00PM-3:30PM UTC) and Aug 26 (3:00PM-4:30PM UTC), and our 
> students will present the results they achieved in their projects. All 
> meetings are publicly open (broadcast in Zoom), please feel free to join if 
> you are interested. See the meetup links for more information and links.
>
> Part 1: https://www.meetup.com/Jenkins-online-meetup/events/264171002/
>
>- Natasha Stopa - Plugins Installation Manager CLI Tool/Library
>- Abhyudaya Sharma - Role Strategy Plugin Performance Improvements and 
>a new Folder Auth Plugin
>- Jack Shen - Working Hours Plugin - UI Improvements
>- Nguyen Le Vu Long - Remoting over Apache Kafka with Kubernetes 
>features  
>
> Part 2: https://www.meetup.com/Jenkins-online-meetup/events/264171091/
>
>- Parichay Barpanda - Multi-branch Pipeline support for Gitlab
>- Nancy Chauhan - Jenkins Pipelines for OpenRISC projects (LibreCores 
>CI)
>- Aarthi Rajaraman, Gayathri Rajendar - Audit Log plugin
>- Sladyn Nunes - Jenkins Configuration-as-Code Plugin Developer tools
>
> Thanks again to all students, mentors and all other contributors who 
> participated in Jenkins outreach programs this year.
>
> Best regards,
> Oleg Nenashev
> Jenkins Advocacy & Outreach SIG
> https://jenkins.io/sigs/advocacy-and-outreach/ 
>  
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/3e67b271-c969-4060-a498-0fa9bbd72505%40googlegroups.com.

Re: Next LTS line selection open. Due 2019-08-27

[Oleg Nenashev]

I would vote for 2.187 as a baseline. FTR 
https://groups.google.com/forum/#!topic/jenkinsci-dev/oQ8PD1hgYBE for the 
mailing list selection process proposal.

For the anticipated absence of a government meeting, we will be 
> selecting next LTS candidate here, on the mailing list. The conclusion 
> will be wrapped up no longer than Tuesday 27th COB UT
>

We have a security release on Wednesday. Assuming it is stable, we could 
use it as a baseline. 

If we discuss only released versions https://jenkins.io/changelog/#v2.189 has 
a pretty bad community rating. JENKINS-58912 
 / JENKINS-58938 
 looks to be a pretty 
bad regression somewhere, but nobody has investigated the issue so far. It 
is not clear when and why it happens. I am not sure we are safe to go into 
LTS with it. So 2.187 is my preference (2.188 was burned) 

BR, Oleg


On Monday, August 26, 2019 at 11:00:47 AM UTC+2, ogondza wrote:
>
> For the anticipated absence of a government meeting, we will be 
> selecting next LTS candidate here, on the mailing list. The conclusion 
> will be wrapped up no longer than Tuesday 27th COB UTC time. Feel free 
> to share your thoughts here. 
>
> --- 
>
> I believe we affectively only have 2 candidates[1], 2.189 and 2.190. 
> Since 2.190 has relatively few changes in it, all minor, got 2 weeks of 
> soaking with nothing but positive community feedback, I vote to choose 
> that despite being the latest weekly published. 
>
> [1] https://jenkins.io/changelog/ 
>
> -- 
> oliver 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/2577f42d-5a15-4995-b5f8-a97de6a60fe7%40googlegroups.com.

Next LTS line selection open. Due 2019-08-27

[Oliver Gondža]

For the anticipated absence of a government meeting, we will be 
selecting next LTS candidate here, on the mailing list. The conclusion 
will be wrapped up no longer than Tuesday 27th COB UTC time. Feel free 
to share your thoughts here.


---

I believe we affectively only have 2 candidates[1], 2.189 and 2.190. 
Since 2.190 has relatively few changes in it, all minor, got 2 weeks of 
soaking with nothing but positive community feedback, I vote to choose 
that despite being the latest weekly published.


[1] https://jenkins.io/changelog/

--
oliver

--
You received this message because you are subscribed to the Google Groups "Jenkins 
Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/2694c06c-0108-6276-8adf-f8797a392655%40gmail.com.