> On 28. Aug 2018, at 11:00, Robert Sandell <[email protected]> wrote: > > And from what I've seen so far usernames seems to only be appended to the > permissions, so it's not a good source of finding the actual current > maintainer in there.
Perhaps this is something that needs to be clarified -- removing previous maintainers is indeed rare. As far as I'm concerned, this just means there are multiple maintainers. I have plenty of experience doing this, to be able to assign security issues to maintainers, and consider the upload permissions the most reliable indicator of maintainership. If there are multiple users in there, I need to check further sources (For example Git repo activity, or who created most recent releases, etc.) to find the most likely one candidate. Ironically this process really only seems to fail when people adopt a plugin, are being told "congratulations, you're the maintainer now", but never bother to file a permissions PR (i.e. cannot actually release it). There's probably potential here to enrich the metadata (for example security contact, primary maintainer), but that's well beyond the scope of this issue. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/DC62E35E-7A69-4CDE-96FA-A827A318C9CE%40beckweb.net. For more options, visit https://groups.google.com/d/optout.
