Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42951

Local-part based user mapping results in confused changelogs

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Minor
    • git-plugin
    • None

    Description

      This is a followup to SECURITY-372 (https://jenkins.io/security/advisory/2017-03-20/#emails-were-sent-to-addresses-not-associated-with-actual-users-of-jenkins-by-mailer-plugin-and-email-extension-plugin)

      A big part of the problem (emails sent to people completely unrelated to what was built) came from the fact that Git plugin tries to map Git users to Jenkins users via the local-part of email addresses.

      This may be a sensible approach in an organization with their own domain and mail server, where everyone is first.last@organization, but outside that narrow situation, it is not. noreply@whatever, github@whatever, info@whatever, the list goes on. Combine with a Jenkins instance building open source projects from various organizations, and you'll Jenkins sending emails to completely wrong people. Now with this issue fixed in the email plugins, what's left is, AFAIUI, a confused changelog inside Jenkins.

      Maybe make the option to use email addresses as ID the default, or do a more sophisticated mapping?

      CC ydubreuil who may be able to fill in some details as he analyzed the problem.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              danielbeck Daniel Beck
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: