I've moved stapler to Jenkinsci as part of https://issues.jenkins.io/browse/INFRA-2908 Core team has access
Jesse has taken care of most of the rest of the proposals already On Wed, 26 May 2021 at 17:03, Oleg Nenashev <[email protected]> wrote: > Thanks to Kohsuke for your approval! And thanks to Kohsuke and Jesse for > feedback! > > I do feel, however, that "not encourag[ing] external use" is an >> unnecessarily negative way of framing the mission of the new sub-project. >> Stapler is an unique web framework that enables the extensibility of >> Jenkins, and for that and all the other practical reasons it just makes >> more sense for the project to be adopted to Jenkins. The focus will be on >> serving Jenkins well. I think that's all that need to be said. >> > > >> I think there is a reason for specifically *discouraging* use outside >> Jenkins: that we have found the need to fix security vulnerabilities by >> defining interfaces in Stapler which are then implemented in Jenkins core. >> An external project is unlikely to keep up with these developments, and >> thus potentially remain vulnerable. It would be irresponsible to advertise >> a library which is unsafe to use on its own. >> > > I agree with both statements. Let me think about how to frame it properly. > I will submit a pull request to jenkins.io with the proposal based on the > feedback here and on the private conversation with Kohsuke. Then we can > review it together and approve the wording. Kohsuke is the founder of the > Stapler project, and indeed we should respect and address the feedback. > > Best regards, > Oleg > > > > > On Wed, May 26, 2021 at 5:27 PM Jesse Glick <[email protected]> wrote: > >> On Wed, May 26, 2021 at 11:16 AM Kohsuke Kawaguchi <[email protected]> >> wrote: >> >>> "not encourag[ing] external use" is an unnecessarily negative way of >>> framing the mission >>> >> >> I think there is a reason for specifically *discouraging* use outside >> Jenkins: that we have found the need to fix security vulnerabilities by >> defining interfaces in Stapler which are then implemented in Jenkins core. >> An external project is unlikely to keep up with these developments, and >> thus potentially remain vulnerable. It would be irresponsible to advertise >> a library which is unsafe to use on its own. >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Jenkins Developers" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/jenkinsci-dev/1T3yDHl1nEQ/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2-T0_Yxc1RG34oV66JJhY6yegH_oMOrAN%2BY1-fPCL2VA%40mail.gmail.com >> <https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2-T0_Yxc1RG34oV66JJhY6yegH_oMOrAN%2BY1-fPCL2VA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLDcv93AbnGKdHQCtMaOSDctWiTREpSuqETt58jR--qpFQ%40mail.gmail.com > <https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLDcv93AbnGKdHQCtMaOSDctWiTREpSuqETt58jR--qpFQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3Bieot1SLEZFR84ddwr-1Qh7TH3omaXTCY2Q2cubOJN_3gw%40mail.gmail.com.
