Re: JSON license

[Mark Waite]

On Tuesday, July 25, 2023 at 4:24:04 PM UTC-6  Filipe Roque wrote:

I have not found any discussion on the mailing list about this. 

JSON License has not been considered an open source license by Apache [1], 
Debian [2] and FSF [3] and is not OSI approved [4]. 

Douglas Crockford has relicensed org.json:json java library to be Public 
Domain starting with version 20220924 [5]. 

Jenkins requires plugins and its dependencies to be free and open source 
software [6][7].

I did some analysis on the latest Jenkins plugins usage of org.json:json 
[8]. I have found a total of 473 plugins that depend on org.json:json 
(directly or transitively), with 104 plugins being free versions, 67 
plugins directly depend on non free versions of org.json:json. 

Is this an actual concern for the Jenkins project ? If so, how to proceed ?


I think it is a concern for the Jenkins project.  Thanks for noting the 
issue.  I don't think the risk is high, but it is a concern that is worth 
some effort to assure that Jenkins remains free and open source.

I believe one concern is related to software that is in the public domain 
not using an OSI approved license.  We could extend the definition of 
licenses accepted by the Jenkins project to include OSI approved licenses 
and public domain software.  That would address the concerns of those who 
worry that "public domain" is not a license.

The other concern is how do we reduce the number of versions and encourage 
use of the public domain version instead of the not quite OSI approved 
license of the earlier versions.  I think that Basil's observation that 
the org.json:json should be made into a library plugin is the way to reduce 
the number of versions and encourage use of the public domain version.

With regards to the list of plugins, only 7 of the 67 plugins that directly 
depend on versions prior to 20220924 have more than 1000 installations.  
Those seem like the first candidates to consider for either an upgrade of 
the library version or replacement of the library dependency with a plugin 
dependency.

With regards to the analysis, I'm not confident in my understanding of the 
specific details of the analysis.  Maybe you can help me understand more 
clearly.

I maintain the elastic axis plugin and it is on the list as having a 
transitive dependency on an older version of the json library.  The elastic 
axis plugin depends on the matrix project plugin.  The matrix project 
plugin depends on the junit plugin.  The junit plugin depends on the 
jackson2 api plugin.  The jackson2 api plugin bundles the jackson2 api jar 
file and the json-20230227.jar inside its hpi file.  I think that would 
cause jackson2 api calls to use the the json-20230227.jar that is bundled 
in the hpi file.

However, the analysis indicates that there is a dependency on 
json-20190722.  Is the analysis not detecting that the jackson2 api plugin 
already includes a newer version of the json library?  Am I 
misunderstanding how libraries are resolved?

I'll put the topic on the next agenda for the Jenkins governing board.

Thanks,
Mark Waite
 


Filipe Roque

[1] https://lwn.net/Articles/707510/
[2] https://wiki.debian.org/qa.debian.org/jsonevil
[3] https://www.gnu.org/licenses/license-list.html#JSON
[4] https://opensource.org/licenses/
[5] https://github.com/stleary/JSON-java/issues/686
[6] https://www.jenkins.io/doc/developer/publishing/preparation/#license
[7] 
https://www.jenkins.io/project/governance/#3rd-party-library-licenses-in-the-plugins
[8] 
https://docs.google.com/spreadsheets/d/1MWNi796iAovFa6GK7LJ0gilbQRwvb8Su3c7YgpH_fuc/edit?usp=sharing

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/d84bbf01-6d3c-495c-81fb-a715377c89e4n%40googlegroups.com.

Re: JSON license

[Basil Crow]

Ought to be made into a library plugin I think.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrGMWc1S7GN8PNQR5qVaWe%2BmhU8V3%2Be208vbQxc4go%2Brg%40mail.gmail.com.

JSON license

['Filipe Roque' via Jenkins Developers]

I have not found any discussion on the mailing list about this.

JSON License has not been considered an open source license by Apache [1], 
Debian [2] and FSF [3] and is not OSI approved [4].

Douglas Crockford has relicensed org.json:json java library to be Public Domain 
starting with version 20220924 [5].

Jenkins requires plugins and its dependencies to be free and open source 
software [6][7].

I did some analysis on the latest Jenkins plugins usage of org.json:json [8]. I 
have found a total of 473 plugins that depend on org.json:json (directly or 
transitively), with 104 plugins being free versions, 67 plugins directly depend 
on non free versions of org.json:json.

Is this an actual concern for the Jenkins project ? If so, how to proceed ?

Filipe Roque

[1] https://lwn.net/Articles/707510/
[2] https://wiki.debian.org/qa.debian.org/jsonevil
[3] https://www.gnu.org/licenses/license-list.html#JSON
[4] https://opensource.org/licenses/
[5] https://github.com/stleary/JSON-java/issues/686
[6] https://www.jenkins.io/doc/developer/publishing/preparation/#license
[7] 
https://www.jenkins.io/project/governance/#3rd-party-library-licenses-in-the-plugins
[8] 
https://docs.google.com/spreadsheets/d/1MWNi796iAovFa6GK7LJ0gilbQRwvb8Su3c7YgpH_fuc/edit?usp=sharing

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/DB8PR04MB6649BE556B877585022D4E7DD303A%40DB8PR04MB6649.eurprd04.prod.outlook.com.

Re: bitbucket plugin - JENKINS-65697 - How to inject environment variable into WorkflowMultiBranchProject (buildEnvironment isn't called...)

['Jesse Glick' via Jenkins Developers]

On Tue, Jul 25, 2023 at 2:24 AM tzach solomon 
wrote:

> get build from the Queue Item
>

I am not sure what that means. You are going to need to be more specific,
preferably with code references, ideally a JenkinsRule-based test failing
in the “right” way.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr1%2B6wVKuRED8CmKXwp6aoj-UZnwiyohoSUce%3Dcr0ymJMg%40mail.gmail.com.

Re: Can't see plugin name in build steps plugin list.

['Jesse Glick' via Jenkins Developers]

Maybe you are trying to run the plugin in a nonstandard way that is
skipping the required annotation processor. From a shell:

mvn clean hpi:run

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2bFc4-itfnQoMqPE-5_GxH5bA71sdzXSCR3zpGgQk1PA%40mail.gmail.com.

Re: bitbucket plugin - JENKINS-65697 - How to inject environment variable into WorkflowMultiBranchProject (buildEnvironment isn't called...)

[tzach solomon]

Thanks Jesse for the quick response.

Is there a guide to understand how I can get build from the Queue Item I
have?

On Mon, Jul 24, 2023 at 4:25 PM 'Jesse Glick' via Jenkins Developers <
jenkinsci-dev@googlegroups.com> wrote:

> On Mon, Jul 24, 2023 at 1:58 AM tzach solomon 
> wrote:
>
>> I've checked the code and it looks like the triggered job is of class
>> *WorkflowMultiBranchProject*. The future job I'm getting once scheduled
>> OK is *jenkins.branch.MultiBranchProject$BranchIndexing*.
>>
>> I've tried to inject environment variables into it by using the already
>> existing class *BitBucketPayload* which looks like this *BitBucketPayload
>> extends InvisibleAction implements EnvironmentContributingAction*
>>
>> My problem is that the *buildEnvironment* method isn't called.
>>
>
> Nor should it be. That is an extension point for builds. You are
> discussing branch indexing. Maybe you are looking in the wrong place.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr1d4PqcO4LGmFrOhw%2B73DypfCvJE65QeMt9OMr4rKQ2ow%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAC19wgL1OA0wVymHR8SahGrr0iNkjBxqnx1JKd3hQPSsJLsajw%40mail.gmail.com.