Hi, everyone. I maintain the Jenkins Xcode Integration Plugin, and in this plugin I found a bug where passwords were stored in plain text in various configuration files. So I reviewed the handling of the information related to the authentication of this plug-in, and modified these to be handled using "Credential Plugin" instead of the plug-in's own setting. And I proposed the adoption of the correction, but if the information related to authentication is handled using "Credential Plugin", that information be accessible by other plugins and scripts (by withCredentials), and above. That's why, other people have that opposite opinion. In this case, how do you think it would be better to fix it? (or How can I maintain compatibility?) And how should we resolve the concern that integrating with "Credentials Plugin" would make the information for authentication easily accessible from other plugins and scripts? For the time being, I have submitted a proposal for storing passwords encrypted in the plugin's own settings as before, but Jenkins' official documents seem to recommend using the "Credentials Plugin".
-- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/7a87d25b-a0ae-4028-936b-deeeabe031f3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
