This exists, just isn't exposed on the UI. Install e.g. https://plugins.jenkins.io/update-sites-manager/ and you have everything you want (other than removing the file upload, but between admins specifying a URL and being allowed to bypass other restrictions, there's no difference in security).
On Wed, Jun 23, 2021 at 8:52 PM [email protected] <[email protected]> wrote: > I would like to suggest - not sure if this was already considered and > dismissed - a change in how plugins are managed. The use case begins with a > company that either gets their plugins from one or more third parties or > builds their own plugins (considered for this use case a third party). > Authorized product URLs are periodically scanned for updates and made > available on the standard Jenkins Plugins page, highlighted as from one of > the alternate sources. The set of URLs to consult should always include the > standard Jenkins root, by default, and could have additional URLs added to > the System Configuration by authorized users (a.k.a. Administrators or > higher - this may add a new class of user). Also, by default, the URLs must > have valid certificates in order to be processed, although in the case of > the company's own plugins, that might be something that could be bypassed - > again by an authorized user only. As part of this use case, the ability to > install a plugin through the individual HPI upload mechanism may be > restricted. Also part of this use case would be the ability to exclude > specific plugins from being installed, either for security or policy > reasons. > > I realize that philosophically that plugins all should be at jenkins.io, > but in many situations - my own, in particular, the plugins are not of > general interest and may be of interest to under 500 users. The objective > is for administrators to more tightly control what Jenkins plugins are used > but to retain the ability to support third party plugins. > > If this is desired (and practical), I would be willing to take this on - > or at least to try. Maybe this is a discussion to be tabled until a future > in face meeting. > > Sincerely, > Randall Becker > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/3831be17-fe8d-497d-a52e-34ee0b317cb5n%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-dev/3831be17-fe8d-497d-a52e-34ee0b317cb5n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtJCgGNs%2BZkXFGWy9ta787UuEk7S4MajCAr%2B8g0X8qnYLw%40mail.gmail.com.
