Not sure if I'm the only one who has this concern (or even if its a valid concern), but it seems rather easy for someone to easily stick any old plugin into the update centre. Is there a potential that someone could load up nefarious plugins that trick users into installing them and having them do bad things? (Yes you could do that to any of the plugins that currently exist but at least there's some track of stuff in Github - well, mostly - for JenkinsCI org-hosted ones anyway)
Richard. On Thu, 30 Apr 2015 at 01:09 Christopher Orr <[email protected]> wrote: > Hey, > > On 29/04/15 07:37, anitha vivedhan wrote: > > I created a wiki page for Chat Room jenkins plugin.But that wiki page > > not listed in jenkins Update center .can You please suggest the solution. > > > > https://wiki.jenkins-ci.org/display/JENKINS/ChatRoom+Plugin > > The wiki page you mention here links to a repo with no code in it: > https://github.com/anithavivedhan/jenkins-ChatRoom/tree/9c867e9 > > The plugin itself seems to have been published from a different repo > with a very similar name and the same plugin ID in the pom.xml: > https://github.com/anithavivedhan/ChatRoom-plugin/tree/c91028d > > The code in that repo looks similar to the "Sample Plugin" you published > last week: > https://github.com/anithavivedhan/jenkins-sample > > At that time, I asked you to kindly stop publishing plugins, as the > plugin was nonsense, appeared to attempt to duplicate the existing > HipChat plugin, and (like the other Git repos here) is a complete mess: > > https://groups.google.com/forum/#!msg/jenkinsci-dev/BJ_t1GTPmiA/gYq18vK_CDAJ > > This "Chat Room plugin" is similarly nonsense, and contains hardcoded > references to an ASP.NET app on localhost, with parameters which look > like they've been taken from the deprecated HipChat v1 API: > > https://github.com/anithavivedhan/ChatRoom-plugin/blob/c91028d/target/checkout/src/main/java/jenkins/plugins/ChatRooms/StandardChatService.java#L70-L82 > https://www.hipchat.com/docs/api/method/rooms/message > > I also hope that isn't a live HipChat API token you've hardcoded there. > > Anyway, as I mentioned, there is an existing HipChat plugin, which also > lets you use a locally-hosted HipChat server, if that's what you're > trying to do: > https://wiki.jenkins-ci.org/display/JENKINS/HipChat+Plugin > > Otherwise, this plugin looks very specific to your use case and, as I > mentioned in the above email, you do not need to publish to the Jenkins > Update Centre in this case — you can install your own custom plugins > directly via the Jenkins Plugin Manager UI. > > This plugin is of really low quality, has an incredibly generic name, no > useful documentation, and there seems to be a poor understanding of how > Git works. > > As I mentioned before, *please* stop publishing plugins to the Jenkins > Update Centre until you can resolve all of these issues. The plugins > are of no use to anybody. > > If you can explain what your plugin is meant to do, or you have > questions about Jenkins plugin development, feel free to let us know. > > But until then, please refrain from publishing any more plugins. > > Thanks, > Chris > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/5540D7EF.70507%40orr.me.uk > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAMui946M7bUksj1TwTiRV6qWPyEh9Vg7GKGz%2Br4x-GbKkJaRAw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
