Hi Steve, Duly noted. Note that we offered an alternate way for maintainers to get their password delivered if they are not fine with the current delivery method. In my message from Jub 12:* If anyone has concerns about such a method and wants to use alternate channels for encrypted password transfer, please send us a message through the Jenkins Infrastructure mailing list from your email registered in Jenkins. In this email please provide your public GPG key so that we can reset a password again in a secure way. *You did not contact us, and hence you got your password reset with the standard process. If you want to get your password reset in a secure way, please feel free to use this process.
Again, we operate with resources and tools we have. The Jenkins project and its infrastructure are driven by volunteers, and we have limited capacity when it comes to fixing urgent things due to uncoordinated disclosures. You may call it insane, but it was the solution we delivered with given circumstances. Contributors have families and other commitments, and please know that the situation has taken a high toll on them. Everybody is welcome to contribute and to contribute to the infrastructure. I am cordially grateful to those several contributors who stepped up and helped to get the issue fixed, or offered to help, or sent kind words over different channels. This is an example to follow. Everyone is welcome to join the team and to work together on a better solution for user management so that we can prevent a similar situation in the future. Best regards, Oleg On Mon, Jun 15, 2020 at 5:02 PM Steve Springett <[email protected]> wrote: > "Technical debt" is not an excuse to reset plugin maintainers accounts and > include a clear-text email containing their username AND password. That's > insane. As a security professional I will not stand for that. I will no > longer be maintaining Jenkins plugins and will attempt to find new > maintainers for the ones I do. No guarantees. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Developers" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-dev/3UvrCTflXGk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/4547a00e-e223-4075-a2a1-9162b4634b5bo%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-dev/4547a00e-e223-4075-a2a1-9162b4634b5bo%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLCz%2BPMk9E3C6nq7%3D4fn5DbK6nBy%3DJUWG1w2bwNvoqmGkA%40mail.gmail.com.
