Hello Daniel, The fog cleared out :-)
The paperwork part is then very simple. Just submit a PR on the https://github.com/jenkins-infra/repository-permissions-updater/blob/master/permissions/plugin-dependency-check-jenkins-plugin.yml configuration (as described in the repo's README.md) Mention in the comments of the PR, a reference to this conversation. Don't hesitate to come back here if you have any questions or encounter blockers with the mentioned security issue and releasing the plugin. I am also interested to hear about your experience while doing this. It will help us identify and solve the friction points for new plugin maintainers. /- Jmm Le mar. 18 janv. 2022 à 10:31, Daniel Warmuth <[email protected]> a écrit : > Thanks, Ullrich, I will have a look at that as soon as the "legal" > stuff is settled. > If the final result is that the plugin is redundant, a valid > maintenance action could be to document this on the plugin's page and > send it into retirement. We'll see. > > Best regards, > Daniel > > Am Di., 18. Jan. 2022 um 09:11 Uhr schrieb Ullrich Hafner > <[email protected]>: > > > > And please note: > > > > Since a couple of releases an OWASP dependency check parser is part of > the warnings plugin as well ( > https://github.com/jenkinsci/warnings-ng-plugin/blob/master/SUPPORTED-FORMATS.md > ). > > So if you are just interested in showing the results of the analysis no > additional plugin is required anymore. And you do need to duplicate > development of mostly the same feature set (and you do not need to fix > security issues that have been fixed already in the warnings plugin). > > > > Ulli > > > > > > Am 17.01.2022 um 22:33 schrieb kudos-dude <[email protected]>: > > > > > > Hello, > > > > I would like to pass off the maintainer role. Please let me know if you > require anything additional to complete the process. > > On Monday, January 17, 2022 at 3:35:08 PM UTC-5 [email protected] > wrote: > >> > >> Hi Jean-Marc, > >> > >> I understood that "kudos-dude" (who wrote here on 10 November that he > can no longer be maintainer) is the same person as "Wes" (see the last > previous mail by "kudos-dude" and also the Jira profile: > https://issues.jenkins.io/secure/ViewProfile.jspa?name=kudos_dude). > >> > >> Nonetheless, he filed an issue 4 December asking for the security > warning to be removed, because it is fixed in the newest version: > https://issues.jenkins.io/browse/JENKINS-67321 > >> > >> I do not yet know what the process is to handle this issue, but it > seems to be pretty clear that kudos-dude/Wes does not see himself in the > maintainer-role any longer. I'll write to his e-mail address listed on Jira > anyway to confirm that once more. > >> > >> Best regards, > >> Daniel > >> > >> Jean-Marc Meessen schrieb am Montag, 17. Januar 2022 um 21:02:21 UTC+1: > >>> > >>> Hello Daniel, > >>> > >>> Thank you for your interest in maintaining this plugin. > >>> > >>> The situation of that plugin is a little blurry right now: there was a > recent adoption request by Wes that has been approved. But the plugin is > still marked for adoption. Did Wes forget to remove the flag or did he give > up after a couple of weeks? > >>> > >>> Could you please reach out to him to assess the exact situation and > come back to this group? Hint: look at the git log for the email. > >>> > >>> Apparently, this plugin needs some love and attention: there is an XSS > vulnerability detected on it. > >>> > >>> /- Jmm > >>> > >>> Le lun. 17 janv. 2022 à 19:08, Daniel Warmuth <[email protected]> > a écrit : > >>>> > >>>> Hi, > >>>> > >>>> I'd like to become maintainer of this plugin ( > https://plugins.jenkins.io/dependency-check-jenkins-plugin/). I > understand that Wes (kudos-dude) can no longer be maintainer and is looking > for someone to take over. > >>>> > >>>> My GitHub username is "danile42" and my Jenkins infrastructure > account id is also "danile42". > >>>> > >>>> I do not have pull requests open, but work at a company that wants to > use this plugin - therefore, I have a special interest and time available > to do maintenance work. > >>>> > >>>> Please let me know how we can proceed. > >>>> > >>>> Best regards, > >>>> Daniel > >>>> > >>>> Jean-Marc Meessen schrieb am Samstag, 18. Dezember 2021 um 21:43:03 > UTC+1: > >>>>> > >>>>> Hello Wes, > >>>>> > >>>>> Thank you for adopting this plugin. > >>>>> > >>>>> I am working with Mark Waites and a couple of others on various > initiatives to improve the contributors and maintainers experience > (especially newcomers). > >>>>> > >>>>> It is in that context that I believe that it would be great if we > could we discuss your experience by mail of even is a short call (if time > zones are favorable). I'd like to know things, among others, like: > >>>>> > >>>>> was the adoption successful? > >>>>> what were the friction points? > >>>>> Did you get (or needed) help? In what form? > >>>>> what were your motives for adoption? > >>>>> what is your previous experience as Jenkins/OSS contributor and in > java dev? > >>>>> .... > >>>>> > >>>>> If interested to share your experience, you can contact me at > [email protected]. > >>>>> > >>>>> /- Jmm > >>>>> Jean-Marc Meessen > >>>>> Brussels, Belgium > >>>>> > >>>>> Le jeudi 11 novembre 2021 à 21:36:50 UTC+1, kudos-dude a écrit : > >>>>>> > >>>>>> I want to apologize for the tone in my original post. Just feeling > a bit overwhelmed at the moment. > >>>>>> > >>>>>> The plugin on Github still contains the `adopt-this-plugin` tag and > the "Seeking a new maintainer" section. > >>>>>> > >>>>>> https://github.com/jenkinsci/dependency-check-plugin > >>>>>> > >>>>>> Please let me know if there is anything else I need to do. > >>>>>> > >>>>>> Wes > >>>>>> On Thursday, November 11, 2021 at 9:10:37 AM UTC-5 > [email protected] wrote: > >>>>>>> > >>>>>>> As a side note for this plugin: if someone is willing to refactor > the existing parser so that it rather writes the output to the object model > of the analysis-model plugin then we simply can integrate it into the > parser collections of the warnings plugin. Then the whole OWASP Dependency > Check plugin will become obsolete and the visualization will be > automatically improved while the warnings plugin is improving. > >>>>>>> > >>>>>>> Am 10.11.2021 um 22:04 schrieb Mark Waite <[email protected]>: > >>>>>>> > >>>>>>> Thanks for adopting it in April. > >>>>>>> > >>>>>>> The easiest way to list it as "Seeking a new maintainer" is to > place a topic on the GitHub repository "adopt-this-plugin". Refer to the > https://github.com/jenkinsci/run-condition-plugin and the > "adopt-this-plugin" topic that is assigned towards the upper right corner > of the list of files > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> On Wednesday, November 10, 2021 at 1:49:45 PM UTC-7 kudos-dude > wrote: > >>>>>>>> > >>>>>>>> I adopted this plugin back in April, but my circumstances have > changed. > >>>>>>>> > >>>>>>>> I need to formally place this plugin back into a "Seeking a new > maintainer" state. I believe that there was interest in the recent past > looking to adopt the plugin, which I did at that stage state I was placing > the plugin up for adoption again and was willing to transfer ownership. The > conversation did not progress and I still own it as a result. > >>>>>>>> > >>>>>>>> I have since received communication about additional work > required for the plugin, but as stated above, I simply don't have time. I'd > go into the reasons why, but this isn't my personal blog, so I'll spare the > details. > >>>>>>>> > >>>>>>>> I don't know what the official requirements are for making this > concrete, so I ask any officials within this forum to please take this > request across the finish line. > >>>>>>> > >>>>>>> > >>>>>>> -- > >>>>>>> You received this message because you are subscribed to the Google > Groups "Jenkins Developers" group. > >>>>>>> To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected]. > >>>>>>> To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/39e632a3-0462-4b12-b7b2-dd287526f965n%40googlegroups.com > . > >>>>>>> > <screencapture-github-jenkinsci-run-condition-plugin-2021-11-10-14_02_46-edit.png> > >>>>>>> > >>>>>>> > >>>> > >>>> -- > >>>> > >>>> You received this message because you are subscribed to a topic in > the Google Groups "Jenkins Developers" group. > >>>> To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-dev/QxWAgJb4oyg/unsubscribe. > >>>> To unsubscribe from this group and all its topics, send an email to > [email protected]. > >>>> To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/eb4c42fa-d12d-4f55-a76e-5090577aed0en%40googlegroups.com > . > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Jenkins Developers" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/1c913067-7de7-4e03-b72d-45ac52f43df0n%40googlegroups.com > . > > > > > > -- > > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Developers" group. > > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-dev/QxWAgJb4oyg/unsubscribe. > > To unsubscribe from this group and all its topics, send an email to > [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/F3994220-C390-4B91-B424-268B36A5F6D2%40gmail.com > . > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/CACUR2MV3weGnQnV1J3WOcRyT9y8XPfWux3%2BPtvXgosA2oSfjOA%40mail.gmail.com > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CABLvyXxbXWR3PcWH0dY34r_t17bNXjOtmoBy15nQwnfPjEQjCw%40mail.gmail.com.
