On Tue, Dec 10, 2019 at 12:25 PM Oleg Nenashev <[email protected]> wrote:
> I think we should block releases from non-Jenkins organizations for newly > hosted/released plugins. > Newly hosted plugins need to be forked, else they don't get permissions (I hope -- at least that's how I did it when I reviewed new plugin permission requests). New releases of existing plugins could be blocked by taking away release permissions. > AFAICT the easiest way to do so is to add a check to Plugin POM, but we > can also do some enforcement on the update site later. As Daniel said, it > is likely to be a can of worms. > Enforcement that requires plugin maintainers to keep their parent POM up to date is doomed to fail. Or how would you in turn enforce an up to date parent POM? In a way that both does not break Gradle-built plugins, nor allow maintainers to circumvent the restriction by switching to Gradle? Not to mention that we'd want to have a toggle to support private-source plugins, so any check here would be trivial to disable. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtLhkvzJX97qNOEO9s_a89fOm5fwMm%3DiHK0NQ2%2BAX7zEhQ%40mail.gmail.com.
