I'm sorry I thought you were offering them up. I didn't realize you were asking if I wanted them. I can certainly try them out
As for the banner. It might be worth some sort of verified publisher or something else that indicates when the company maintains the plugin and you should contact thier support, vs community maintained plugins with community support avenues. On Thu., Sep. 16, 2021, 9:16 p.m. 'Daniel Beck' via Jenkins Developers, < [email protected]> wrote: > > > > On 17. Sep 2021, at 04:32, 'Gavin Mogan' via Jenkins Developers < > [email protected]> wrote: > > > > So sure, someone other than you can do more in-depth reviews of the > code. I've been doing absolute basic checks with the expertise I have. I > was very clear when I took over the hosting lead position that I wasn't > going to be spending much time doing reviews. I'm absolutely happy for > someone to step up and do more code reviews. > > Thanks for starting this conversation. > > My preferred option (that I mentioned in Jira) is to have a basic review > of the plugin. My offer from August to give you access to the code scanning > rules for plugins to quickly identify the low hanging fruit at least still > stands. I haven't heard back from you about that. > > Another option could be not have reviews, instead to do something similar > to what Mozilla does[1], and prominently display that plugins are not > reviewed for security. At least then we let admins know what they're > getting. This would require criteria for other badges that need maintaining > however, and certainly will take time to set up. > > I'm sure there are other approaches we can take, but admitting code with > very obvious security flaws doesn't seem like a great approach given how > critical Jenkins is for many of its users. > > > 1: https://support.mozilla.org/en-US/kb/add-on-badges > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/8E216E2D-EA35-4A21-99C8-44A026BFD592%40beckweb.net > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_Dut%2BcFXG6TkWVdWeA6%2BfXa3Htn3-_0%2B%3D5zdEnwcAywtSQw%40mail.gmail.com.
