+1 I support this proposal. We’ve seen another case recently of a problem with this antiquated mode. We have had to adjust tests to continue supporting it.
I don’t think there is enough value in continuing to support it, particularly with the costs to keep coaxing it along. Jeff Thompson > On Jan 4, 2019, at 2:42 PM, Jesse Glick <[email protected]> wrote: > > As of JENKINS-41745, merged in Jenkins 2.54 more than a year and a > half ago, the Remoting transport for the Jenkins CLI has been > deprecated as inherently hard to secure and just plain unwise. As far > as I know, all important CLI commands have long since removed any > dependency on this mode, or offered an alternative mode. The UI warns > you if you enable it. Is it time to finally remove this code? > > I bring this up now because of Java 11 work: > > https://github.com/jenkinsci/jenkins/pull/3759 > > made the physical layout of Jenkins core more complex, just in order > to maintain some exploit tests which were really only interesting in > CLI over Remoting, and not even that interesting anyway after JEP-200. > (Deserialization attacks via agents could still be launched, but > again, that would be much harder after JEP-200.) > > I propose this `jenkins-test-jdk8` module and its three test suites > and ysoserial library be deleted, whether or not CLI over Remoting is > also removed, so that we can remove `jenkins-test-parent` and go back > to having only `jenkins-test`. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr3RN-dRrPFXW%2Bn1S9V8VXDPRqxQL02t0NHcVyqwEq1n3g%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/78DB206D-FBA7-4F95-8AE8-AFC5280800CF%40cloudbees.com. For more options, visit https://groups.google.com/d/optout.
