I Lost track of where you did the ping to me. Sounds out I need to be clearer. if I get more scripts to run, I can run them before
On Thu, Sep 16, 2021 at 10:10 PM Gavin Mogan <[email protected]> wrote: > I'm sorry I thought you were offering them up. I didn't realize you were > asking if I wanted them. I can certainly try them out > > As for the banner. It might be worth some sort of verified publisher or > something else that indicates when the company maintains the plugin and you > should contact thier support, vs community maintained plugins with > community support avenues. > > On Thu., Sep. 16, 2021, 9:16 p.m. 'Daniel Beck' via Jenkins Developers, < > [email protected]> wrote: > >> >> >> > On 17. Sep 2021, at 04:32, 'Gavin Mogan' via Jenkins Developers < >> [email protected]> wrote: >> > >> > So sure, someone other than you can do more in-depth reviews of the >> code. I've been doing absolute basic checks with the expertise I have. I >> was very clear when I took over the hosting lead position that I wasn't >> going to be spending much time doing reviews. I'm absolutely happy for >> someone to step up and do more code reviews. >> >> Thanks for starting this conversation. >> >> My preferred option (that I mentioned in Jira) is to have a basic review >> of the plugin. My offer from August to give you access to the code scanning >> rules for plugins to quickly identify the low hanging fruit at least still >> stands. I haven't heard back from you about that. >> >> Another option could be not have reviews, instead to do something similar >> to what Mozilla does[1], and prominently display that plugins are not >> reviewed for security. At least then we let admins know what they're >> getting. This would require criteria for other badges that need maintaining >> however, and certainly will take time to set up. >> >> I'm sure there are other approaches we can take, but admitting code with >> very obvious security flaws doesn't seem like a great approach given how >> critical Jenkins is for many of its users. >> >> >> 1: https://support.mozilla.org/en-US/kb/add-on-badges >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/8E216E2D-EA35-4A21-99C8-44A026BFD592%40beckweb.net >> . >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_Dutv%3DPVuWmcRbzkGmsmkZ_C_06oNhfxDguatQZb%3DsvYUYg%40mail.gmail.com.
