Adoption request TestComplete plugin

2023-01-30 Thread Edgar E Rincon
Hi, I want to adopt the TestComplete plugin - Link to a plugin you want to adopt : https://github.com/jenkinsci/testcomplete-plugin - The status of the plugin ("for adoption" or "abandoned") : adoption/abandoned - Your GitHub username: rinconedgar -

Re: Removing inactive Core maintainers to reduce risk

2023-01-30 Thread 'Daniel Beck' via Jenkins Developers
On Mon, Jan 30, 2023 at 7:26 PM Basil Crow wrote: > A compromised account with unnecessary commit access could very well > have that level of impact if it is used to introduce malicious content > into a release. > Exactly, which is why this was done. As a reminder, you originally responded to

Re: Removing inactive Core maintainers to reduce risk

2023-01-30 Thread Basil Crow
On Mon, Jan 30, 2023 at 3:19 AM 'wfoll...@cloudbees.com' via Jenkins Developers wrote: > A PR merged in a release can be installed. A missing permission is not at > that kind of level of impact. A compromised account with unnecessary commit access could very well have that level of impact if it

Re: Removing inactive Core maintainers to reduce risk

2023-01-30 Thread 'Daniel Beck' via Jenkins Developers
On Mon, Jan 30, 2023 at 12:27 PM Daniel Beck wrote: > I also see this less as a step to remove maintainers who are not doing any > maintenance (which goes beyond what the officers' mission is) and more > limiting risk (which is in scope). IMO if one of the affected folks were to > show up

Re: Removing inactive Core maintainers to reduce risk

2023-01-30 Thread 'Daniel Beck' via Jenkins Developers
On Sun, Jan 29, 2023 at 8:53 PM Basil Crow wrote: > By the same logic, we could dispense with core PR reviews because any > commit can be reverted without problems. Such an approach would appear > to go against the consensus-driven nature of the project. > If there were votes taken for release

Re: Removing inactive Core maintainers to reduce risk

2023-01-30 Thread 'wfoll...@cloudbees.com' via Jenkins Developers
> By the same logic, we could dispense with core PR reviews because any commit can be reverted without problems You're going on the extreme there. A PR merged in a release can be installed. A missing permission is not at that kind of level of impact. > [...] witch hunt [...] To explicit my

Re: Renovatebot for cctray-xml-plugin

2023-01-30 Thread Alexander Brandes
Hey, You can request the installation on the repository you want to use renovate at, and an org admin will approve the request. If you don't see renovate doing something after 24 to 48 hours, you can file a helpdesk