On 11/12/2018 12.55, Oleg Nenashev wrote:
`xstream` is what we use in Jenkins nowadays.
`xstream-fork` has been created by Nicolas de Loof at some point, but
this repository has never been updated to incorporate Jenkins-specific
patches. And I am not sure whether it has passed the full test cycle.
There is a splitbrain between the repos, and their README files are
misleading. Since 2016 there were pull requests submitted against both
repos, and it made the situation worse.
Whomever wants to update XStream, we firstly need to resolve the
splitbrain issue. Switching from a custom XStream fork to the official
XStream releases is something we should do IMHO, but it needs to be
tested a LOT before we do it. Any XStream change may cause Jenkins
startup issues and, potentially, security issues if JEP-200 classfilter
hooks stop working.
Well, that surely is a noble goal but I am not sure if doable ta all. My
impressions, mostly from https://github.com/x-stream/xstream/pull/106,
are this will not happen.
--
oliver
--
You received this message because you are subscribed to the Google Groups "Jenkins
Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-dev/8b283fea-a325-ce21-4dac-f2c50d4df8ef%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
