Re: JSON license

2023-07-27 Thread 'Filipe Roque' via Jenkins Developers 


If you are obtaining the pom from the hpi, then as you have the hpi why not 
just see what version if any is in the plugin (WEB-INF/lib/)?

Did not think of that. It actually seems a better approach. I have added a 
second sheet with results from this to the spreadsheet.

Filipe Roque

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/DB8PR04MB664988DE4D9A90F74A92226BD301A%40DB8PR04MB6649.eurprd04.prod.outlook.com.

Re: JSON license

2023-07-26 Thread 'Filipe Roque' via Jenkins Developers 

What do the colors mean in the spreadsheet?

I have updated the spreadsheet, but green is depends on free version and red is 
direct dependency on non-free version.

With regards to the analysis, I'm not confident in my understanding of the 
specific details of the analysis.  Maybe you can help me understand more 
clearly.

I maintain the elastic axis plugin and it is on the list as having a transitive 
dependency on an older version of the json library.  The elastic axis plugin 
depends on the matrix project plugin.  The matrix project plugin depends on the 
junit plugin.  The junit plugin depends on the jackson2 api plugin.  The 
jackson2 api plugin bundles the jackson2 api jar file and the json-20230227.jar 
inside its hpi file.  I think that would cause jackson2 api calls to use the 
the json-20230227.jar that is bundled in the hpi file.

However, the analysis indicates that there is a dependency on json-20190722.  
Is the analysis not detecting that the jackson2 api plugin already includes a 
newer version of the json library?  Am I misunderstanding how libraries are 
resolved?

I only looked into the tree provided by Maven, with the dependency plugin, 
taking the pom.xml file embedded in the hpi file.

I know that at runtime Jenkins may use updated versions, but that would 
complicate the analysis for me.

So, for the elastic-axis:

wget --quiet 
https://updates.jenkins.io/download/plugins/elastic-axis/464.va_7ed499b_9d75/elastic-axis.hpi
unzip -q elastic-axis.hpi -d elastic-axis
/opt/maven/apache-maven-3.8.4/bin/mvn \
  -s /tmp/tmp.VLcrje6TDb/settings.xml \
  -f elastic-axis/META-INF/maven/org.jenkins-ci.plugins/elastic-axis/pom.xml \
  --quiet \
  org.apache.maven.plugins:maven-dependency-plugin:3.6.0:tree \
  -Dincludes=org.json \
  -DoutputFile=tree.txt
cat elastic-axis/META-INF/maven/org.jenkins-ci.plugins/elastic-axis/tree.txt
org.jenkins-ci.plugins:elastic-axis:hpi:464.va_7ed499b_9d75
\- org.jenkins-ci.plugins:matrix-project:jar:789.v57a_725b_63c79:compile
   \- org.jenkins-ci.plugins:junit:jar:1189.v1b_e593637fa_e:compile
  \- 
org.jenkins-ci.plugins:jackson2-api:jar:2.14.2-319.v37853346a_229:compile
 \- 
com.fasterxml.jackson.datatype:jackson-datatype-json-org:jar:2.14.2:compile
\- org.json:json:jar:20190722:compile

Filipe Roque

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/DB8PR04MB66490FC5F452F3757EEEAA30D300A%40DB8PR04MB6649.eurprd04.prod.outlook.com.

JSON license

2023-07-25 Thread 'Filipe Roque' via Jenkins Developers 
I have not found any discussion on the mailing list about this.

JSON License has not been considered an open source license by Apache [1], 
Debian [2] and FSF [3] and is not OSI approved [4].

Douglas Crockford has relicensed org.json:json java library to be Public Domain 
starting with version 20220924 [5].

Jenkins requires plugins and its dependencies to be free and open source 
software [6][7].

I did some analysis on the latest Jenkins plugins usage of org.json:json [8]. I 
have found a total of 473 plugins that depend on org.json:json (directly or 
transitively), with 104 plugins being free versions, 67 plugins directly depend 
on non free versions of org.json:json.

Is this an actual concern for the Jenkins project ? If so, how to proceed ?

Filipe Roque

[1] https://lwn.net/Articles/707510/
[2] https://wiki.debian.org/qa.debian.org/jsonevil
[3] https://www.gnu.org/licenses/license-list.html#JSON
[4] https://opensource.org/licenses/
[5] https://github.com/stleary/JSON-java/issues/686
[6] https://www.jenkins.io/doc/developer/publishing/preparation/#license
[7] 
https://www.jenkins.io/project/governance/#3rd-party-library-licenses-in-the-plugins
[8] 
https://docs.google.com/spreadsheets/d/1MWNi796iAovFa6GK7LJ0gilbQRwvb8Su3c7YgpH_fuc/edit?usp=sharing

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/DB8PR04MB6649BE556B877585022D4E7DD303A%40DB8PR04MB6649.eurprd04.prod.outlook.com.

Adoption request for disk-usage-plugin

2023-01-16 Thread 'Filipe Roque' via Jenkins Developers 
Hi,

I would like to adopt disk-usage-plugin

Link: https://github.com/jenkinsci/disk-usage-plugin
Status: Marked for adoption
Github username: froque
Jenkins Infrastruture Accound Id: froque
Repository permissions PR: 
https://github.com/jenkins-infra/repository-permissions-updater/pull/3077


Previous thread on this plugin: 
https://groups.google.com/g/jenkinsci-dev/c/JO3ONqRlP3o/m/1grfCdV4BQAJ

I would like to archive all the changes in the master branch and start again 
from the latest tag 0.28 (from 2015).

Link(s) to pull requests you want to deliver:
https://github.com/jenkinsci/disk-usage-plugin/pull/55

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/DB8PR04MB6649025781789FAD49EB5D78D3C19%40DB8PR04MB6649.eurprd04.prod.outlook.com.

Request to be made maintainer of PowerShell Plugin

2019-10-18 Thread 'Filipe Roque' via Jenkins Developers 
Hi,

The current maintener https://github.com/damienfinck doesn't seem active.

He is no longer the for the keyboard-shortcuts-plugin due to inactivity and not 
responding:
https://groups.google.com/forum/#!msg/jenkinsci-dev/OQRDRC8ZBH4/ug1OwT_CAgAJ

There is another maintener https://github.com/chrisalbrecht, but he is not able 
to develop with java and maven at the moment.

See: 
 
https://github.com/jenkinsci/powershell-plugin/pull/7#issuecomment-537015437

github.com username: froque
jenkins.io account: froque

Thanks,
Filipe Roque

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/21185a58f8f1f3a82966b5d235b64261e6ff9632.camel%40premium-minds.com.