There was no votes against the change in this thread or at the governance meeting, so I am going forward with the change: https://github.com/jenkins-infra/jenkins.io/pull/1520
Status update: - Since the announcement on April 24 there were 10 new JEP-200 issues <https://issues.jenkins-ci.org/issues/?jql=labels%20%3D%20JEP-200> created, mostly discovered by me during code inspections for PrintStream usages. These issues appear only in some edge cases. - There were also more serious defects in Whitesource (JENKINS-51025 <https://issues.jenkins-ci.org/browse/JENKINS-51025>) and in Git Changelog (JENKINS-50990 <https://issues.jenkins-ci.org/browse/JENKINS-50990>) plugins. Both regressions are fixed and released by now - Both proposed core backports have been integrated into 2.107.3-rc. They will be also available in the 2.119 weekly once it is released Best regards, Oleg On Tuesday, April 24, 2018 at 10:46:45 PM UTC+2, Oleg Nenashev wrote: > > Hi all, > > I would like to provide a status update regarding JEP-200 > <https://github.com/jenkinsci/jep/tree/master/jep/200> stories. It has > been more than 3 months since the original release in Jenkins 2.102 and one > month since the release in LTS (announcement > <https://jenkins.io/blog/2018/03/15/jep-200-lts/>). Although we still > receive some new JEP-200 issues, the community ratings of releases are > pretty good. We would like to thank everybody who helped to get the the > plugins fixed and released! > > As you probably know, the proactive maintenance period ends on May 01 > according to the post-release maintenance plan > <https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc#phase-4-post-release>. > > I would like to briefly summarize the current status: > > - Adoption: >23% of Jenkins installations (April 01 stats) > - Since January 13 we got 119 JEP-200 issues > <https://issues.jenkins-ci.org/issues/?jql=labels%20%3D%20JEP-200> in > Jenkins JIRA, there are also some in GitHub > - *82* plugins were affected by JEP-200 > > <https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+fix+for+JEP-200> > (hosted in Jenkins Update Centers) > - *66* plugins got fixes, 16 plugins still need fixes (5 pending fixes) > - The most of unfixed plugins are niche ones with less than 100 > installations > - Notable plugins: Google OAut, Kubernetes, Gitlab Merge Request > Builder, AWS Device Farm > - We have also applied several core patches, including whitelist > updates and diagnosability improvements > - We hope to get 2 whitelist patches backported to 2.107.3 ( > JENKINS-50616 <https://issues.jenkins-ci.org/browse/JENKINS-50616>, > JENKINS-50939 <https://issues.jenkins-ci.org/browse/JENKINS-50939>) > - There is a major improvement in Remoting Exception serialization, > which should be available in the next LTS baseline (part of > JENKINS-50237 <https://issues.jenkins-ci.org/browse/JENKINS-50237>) > > What is going to happen after May 01? > > - JEP-200 maintainers will deliver the rest of pending fixes > - JEP-200 maintainers will stop proactively monitoring *all* tickets > in Jenkins JIRA and GitHub issues/PRs to discover regressions caused by > the > change > - Core/Plugin maintainers will be expected to triage newly reported > defects to their components > - JEP-200 maintainers will be available to do some consulting in > mailing lists and reviews in GitHub on-demand > > We have also started a retrospective Google doc > <https://docs.google.com/document/d/1KCCIxWh-c44GJbW_AwKooOd7wD4vthWp_KC0r2OJQl0/edit>. > > This is the first Jenkins security hardening change with such level of > regressions by design, and we would appreciate your feedback in order to > make future changes smoother. We will also conduct a JEP-200 status update > session tomorrow at the governance meeting > <https://wiki.jenkins.io/display/JENKINS/Governance+Meeting+Agenda>. > Please feel free to join if you want to discuss JEP-200. Any feedback will > be appreciated. > > Thanks for your time, > Oleg Nenashev > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/d122f1e2-d676-4a67-863f-88edae33fb01%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
