-
Bug
-
Resolution: Fixed
-
Major
(Given the nature of this feature I'd really like to have it in LTS ASAP, therefore marking this as Bug so it shows up on the candidates list)
As announced on the developers mailing list, we will start releasing security advisories about unmaintained plugins with security vulnerabilities without a fix if necessary:
https://groups.google.com/d/msg/jenkinsci-dev/NaAqqChOVmY/BvA_TuzjAQAJ
These plugins need to be marked as 'unsafe' in Jenkins.
- backend-update-center2 needs to be extended (perhaps as separate Downloadable?)
- Core needs to be extended to
- consume the new metadata
- show warnings in appropriate places (admin monitor for installed plugins, plugin manager for updates and available/installed plugins)
- links to
I suppose you could create a separate Downloadable but I see no particular advantage to that. Would seem easier to add a new top-level section to update-center.json and thus to UpdateSite.Data. I would suggest something like:
Since I happen to know that you have access to a vendor plugin which provides customized update sites, I would encourage you to prototype delivering comparable metadata from that plugin, or work with someone who could do such a prototype.