Would appreciate any feedback in this thread from the community On Wednesday, May 5, 2021 at 9:58:50 AM UTC+2 Oleg Nenashev wrote:
> Dear all, > > We’ve recently had a few discussions with the board and Daniel Beck about > the “Friend of Jenkins” plugin. This is a plugin referenced from > https://www.jenkins.io/donate: *“In showing our appreciation, we’ll send > out a special "friend of Jenkins" plugin to those who have donated at least > 25 USD / 25 EUR. This plugin adds a little icon in the footer section, > telling that you are a friend of Jenkins. You can install this to your > Jenkins to show off that you’ve helped us”*. De facto, we have not been > doing so in the recent years. There are a few problems associated with the > plugin. > > *First of all*, you can become a “Friend of Jenkins” only by donating > money. IMO it goes against open source values, we should equally appreciate > all kinds of contributions and avoid promoting money donations > specifically. *Secondly*, the plugin is private source at the moment. It > is weird to send a private source plugin to anyone, especially as > appreciation. *Thirdly*, the plugin is dated. It has not been updated for > a while, and it does not use modern build/test pipelines. For example the > code still targets Jenkins 1.396 as the build target. Even if the code is > tiny, it is not good to send such a questionable build to Jenkins users and > suggest its installation. *Last but not least*, sending private builds in > email is flawed on its own due to the risk of various social engineering > attacks. > > I suggest that we completely tear down the “Friend of Jenkins” program: > > - We remove sections about “Friend of Jenkins” from the Donations page > - Instead of sending the plugin, the Jenkins Governance Board will > focus on sending appreciation letters and recognizing donations through > Jenkins social media. It should help us to build relationships with donors > and hopefully get them involved in the community. > > > Later actions (no specific timeline): > > - We (as community) open source the plugin as the standard Jenkins > plugin on https://github.com/jenkinsci, update it to the modern > development pipelines. > - We update the plugin to reference https://www.jenkins.io/participate/ > instead of donations. We might add “Donate” as a type of participation to > the list > - We release the plugin as 2.0, without changing the artifact ID. Any > user of the older private source version, if any, will be able to update > via the update center. Any Jenkins user will be also able to install it > via > the plugin manager, no preconditions. > - We reference the plugin from the install wizard suggestions (not > installed by default), and other places. > > There were also some discussions about building signed versions of the > plugin and somehow allowing to verify the “Friend of Jenkins” status. > Although I proposed it, now I do not think it is really needed. We can > discuss it for future iterations. > > Would appreciate any feedback, and I suggest discussing that at the next > Governance meeting. > > Best regards, > Oleg Nenashev > Jenkins Governance Board > > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/790a8d83-e939-4e96-adbe-98ca24f266dfn%40googlegroups.com.
