Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suspend distribution of Crowd2 plugin #755

Merged
merged 3 commits into from
Dec 11, 2023
Merged

Suspend distribution of Crowd2 plugin #755

merged 3 commits into from
Dec 11, 2023

Conversation

MarkEWaite
Copy link
Contributor

Suspend distribution of Crowd2 plugin

jenkins-infra/helpdesk#3854 explains that the Crowd2 integration plugin uses a dependency that is not open source licensed.

The Crowd2 integration library is Atlassian licensed as described in jenkins-infra/helpdesk#3842 (comment)

The Atlassian license is not an open source license. Refer to https://www.atlassian.com/legal/software-license-agreement for the details of the license.

https://www.jenkins.io/project/governance/#license says that the Jenkins project requires plugins that it distributes to be open source, including their dependencies. When a closed source dependency is detected in a plugin, we suspend distribution of that plugin. If maintainers update the plugin to remove the closed source dependency, distribution can begin for the new release that removes the closed source dependency.

Fixes jenkins-infra/helpdesk#3854

@MarkEWaite
Suspend Crowd2 plugin distribution - uses closed source dependency
f9eb151 
jenkins-infra/helpdesk#3854 explains that
the Crowd2 integration plugin uses a dependency that is not open source
licensed.

The Crowd2 integration library is Atlassian licensed as described in
jenkins-infra/helpdesk#3842 (comment)

The Atlassian license is not an open source license.  Refer to
https://www.atlassian.com/legal/software-license-agreement for the
details of the license.

https://www.jenkins.io/project/governance/#license says that the Jenkins
project requires plugins that it distributes to be open source, including
their dependencies.  When a closed source dependency is detected in a
plugin, we suspend distribution of that plugin.  If maintainers update
the plugin to remove the closed source dependency, distribution can
begin for the new release that removes the closed source dependency.

Fixes jenkins-infra/helpdesk#3854
@MarkEWaite MarkEWaite added the metadata This PR changes metadata (suspensions, labels, etc.) label Dec 9, 2023
@daniel-beck
Copy link
Contributor

Could we ping the maintainers before suspending, so it at least doesn't catch them by surprise?

@NotMyFault
Copy link
Member

The only active maintainer left is @DuMaM, FYI above.

@MarkEWaite
Copy link
Contributor Author

Could we ping the maintainers before suspending, so it at least doesn't catch them by surprise?

That's a great suggestion. I sent a message to the email address (as stored on accounts.jenknis.io) of the 5 maintainers. My guesses of the GitHub identities of those maintainers are:

@KostyaSha
Copy link

LGTM

@MarkEWaite MarkEWaite mentioned this pull request Dec 9, 2023
Merged
5 tasks
@DuMaM
Copy link

DuMaM commented Dec 10, 2023

Hi Everyone,

I will be unable to rewrite this and make it open source, but I've just bumped into this notice:
https://www.atlassian.com/licensing/crowd#crowd-data-center

Important changes to our Server and Data Center products
We’ve ended sales for new server licenses and will end support for server on February 15, 2024 PT. We’re continuing investment in Data Center with several key improvements. [Learn what this means for you.](https://www.atlassian.com/migration/assess/journey-to-cloud)

And, because of that, think it will be better to suspend this plugin.

Could you please prepare, notification info for users about this change?

Thanks

@DuMaM
Copy link

DuMaM commented Dec 10, 2023

Hi,

I archived a plugin and labeled this as deprecated.
Could you please add notice here?
https://github.com/jenkins-infra/update-center2/blob/master/resources/warnings.json

@MarkEWaite
Copy link
Contributor Author

Hi,

I archived a plugin and labeled this as deprecated. Could you please add notice here? https://github.com/jenkins-infra/update-center2/blob/master/resources/warnings.json

Thanks for adding the deprecated topic to the repository and archiving that repository. That makes it very clear that it is deprecated and not receiving further changes.

The update center instructions say:

Use this file to mark a plugin as deprecated while continuing to distribute it. If a plugin should be removed from distribution entirely, instead set a deprecation notice URL in artifact-ignores.properties.

The addition to artifact-ignores.properties is what has been done in this pull request.

@daniel-beck daniel-beck merged commit 4934bcf into jenkins-infra:master Dec 11, 2023
2 checks passed
@MarkEWaite MarkEWaite deleted the suspend-crowd2-plugin-distribution branch December 11, 2023 17:55
@MarkEWaite MarkEWaite mentioned this pull request Aug 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DuMaM DuMaM DuMaM approved these changes

Assignees
No one assigned
Labels
metadata This PR changes metadata (suspensions, labels, etc.)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Suspend Crowd2 integration plugin due to closed source dependency
5 participants
@MarkEWaite @daniel-beck @NotMyFault @KostyaSha @DuMaM