Thanks to Kohsuke for your approval! And thanks to Kohsuke and Jesse for feedback!
I do feel, however, that "not encourag[ing] external use" is an > unnecessarily negative way of framing the mission of the new sub-project. > Stapler is an unique web framework that enables the extensibility of > Jenkins, and for that and all the other practical reasons it just makes > more sense for the project to be adopted to Jenkins. The focus will be on > serving Jenkins well. I think that's all that need to be said. > > I think there is a reason for specifically *discouraging* use outside > Jenkins: that we have found the need to fix security vulnerabilities by > defining interfaces in Stapler which are then implemented in Jenkins core. > An external project is unlikely to keep up with these developments, and > thus potentially remain vulnerable. It would be irresponsible to advertise > a library which is unsafe to use on its own. > I agree with both statements. Let me think about how to frame it properly. I will submit a pull request to jenkins.io with the proposal based on the feedback here and on the private conversation with Kohsuke. Then we can review it together and approve the wording. Kohsuke is the founder of the Stapler project, and indeed we should respect and address the feedback. Best regards, Oleg On Wed, May 26, 2021 at 5:27 PM Jesse Glick <jgl...@cloudbees.com> wrote: > On Wed, May 26, 2021 at 11:16 AM Kohsuke Kawaguchi <k...@kohsuke.org> wrote: > >> "not encourag[ing] external use" is an unnecessarily negative way of >> framing the mission >> > > I think there is a reason for specifically *discouraging* use outside > Jenkins: that we have found the need to fix security vulnerabilities by > defining interfaces in Stapler which are then implemented in Jenkins core. > An external project is unlikely to keep up with these developments, and > thus potentially remain vulnerable. It would be irresponsible to advertise > a library which is unsafe to use on its own. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Developers" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-dev/1T3yDHl1nEQ/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > jenkinsci-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2-T0_Yxc1RG34oV66JJhY6yegH_oMOrAN%2BY1-fPCL2VA%40mail.gmail.com > <https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2-T0_Yxc1RG34oV66JJhY6yegH_oMOrAN%2BY1-fPCL2VA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLDcv93AbnGKdHQCtMaOSDctWiTREpSuqETt58jR--qpFQ%40mail.gmail.com.
