Hello, I am making a pass at the xcode-plugin these days. I am going through the pull requests and issues and trying to put a bit of order in the plugin.
One particular issue is the management of keychains, which can be done in different ways. Right now we have: 1. global keychains 2. job keychains 3. developerProfile loading (into custom keychains) I really like the developerProfile one. They fit well in the jenkins credentials mechanism. One issue with keychains are that they need to be unlocked / relocked. Right now there are several pull requests (https://github.com/jenkinsci/xcode-plugin/pull/47, https://github.com/jenkinsci/xcode-plugin/pull/49) that want to provide a way for the user to specify a lock timeout (or remove it altogether). Which can be problematic if the user specifies a too short timeout. A better way IMHO would be to relock automatically the keychain once not needed (at least for those we know aren't shared simultaneously by multiple jobs). That really sounds like a BuildWrapper to me. Koshuke, is this what you had in mind when adding the: * TODO: destroy identity in the end. https://github.com/jenkinsci/xcode-plugin/blob/master/src/main/java/au/com/rayh/DeveloperProfileLoader.java#L33 Has anyone tip on how could this be implemented in a nice way ? (I looked a bit at the Lock and Latches plugin). Another issue is that the global and job keychain mechanisms have several issues: * they store passwords in plaintext. So that's not good. * also their they require configuration to be done before hand on all machines. Not practical for slaves setup * finally I suspect that the granularity of only having global or job keychains make them not very useful in the case of having servers with compartmented teams And there are probably other problems I don't know of. I am almost in favor of deprecating this mechanism and not supporting them anymore and let people use custom scripts to extend this functionality instead. Any feedback on this idea ? Thanks, Jerome -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/1b707e7b-5ec9-4a96-9f05-d2dc5985aa11%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
