Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42951

Local-part based user mapping results in confused changelogs

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: git-plugin
    • Labels:
      None
    • Similar Issues:

      Description

      This is a followup to SECURITY-372 (https://jenkins.io/security/advisory/2017-03-20/#emails-were-sent-to-addresses-not-associated-with-actual-users-of-jenkins-by-mailer-plugin-and-email-extension-plugin)

      A big part of the problem (emails sent to people completely unrelated to what was built) came from the fact that Git plugin tries to map Git users to Jenkins users via the local-part of email addresses.

      This may be a sensible approach in an organization with their own domain and mail server, where everyone is first.last@organization, but outside that narrow situation, it is not. noreply@whatever, github@whatever, info@whatever, the list goes on. Combine with a Jenkins instance building open source projects from various organizations, and you'll Jenkins sending emails to completely wrong people. Now with this issue fixed in the email plugins, what's left is, AFAIUI, a confused changelog inside Jenkins.

      Maybe make the option to use email addresses as ID the default, or do a more sophisticated mapping?

      CC Yoann Dubreuil who may be able to fill in some details as he analyzed the problem.

        Attachments

          Issue Links

            Activity

            danielbeck Daniel Beck created issue -
            danielbeck Daniel Beck made changes -
            Field Original Value New Value
            Link This issue is related to SECURITY-372 [ SECURITY-372 ]
            danielbeck Daniel Beck made changes -
            Description This is a followup to SECURITY-372 (https://jenkins.io/security/advisory/2017-03-20/#emails-were-sent-to-addresses-not-associated-with-actual-users-of-jenkins-by-mailer-plugin-and-email-extension-plugin)

            The problem came from the fact that Git plugin tries to map Git users to Jenkins users via the local-part of email addresses.

            This may be a sensible approach in an organization with their own domain and mail server, where everyone is first.last@organization, but outside that narrow situation, it is not. noreply@whatever, github@whatever, info@whatever, the list goes on. Combine with a Jenkins instance building open source projects from various organizations, and you'll Jenkins sending emails to completely wrong people. Now with this issue fixed in the email plugins, what's left is, AFAIUI, a confused changelog inside Jenkins.

            Maybe make the option to use email addresses as ID the default, or do a more sophisticated mapping?

            CC [~ydubreuil] who may be able to fill in some details as he analyzed the problem.
            This is a followup to SECURITY-372 (https://jenkins.io/security/advisory/2017-03-20/#emails-were-sent-to-addresses-not-associated-with-actual-users-of-jenkins-by-mailer-plugin-and-email-extension-plugin)

            A big part of the problem (emails sent to people completely unrelated to what was built) came from the fact that Git plugin tries to map Git users to Jenkins users via the local-part of email addresses.

            This may be a sensible approach in an organization with their own domain and mail server, where everyone is first.last@organization, but outside that narrow situation, it is not. noreply@whatever, github@whatever, info@whatever, the list goes on. Combine with a Jenkins instance building open source projects from various organizations, and you'll Jenkins sending emails to completely wrong people. Now with this issue fixed in the email plugins, what's left is, AFAIUI, a confused changelog inside Jenkins.

            Maybe make the option to use email addresses as ID the default, or do a more sophisticated mapping?

            CC [~ydubreuil] who may be able to fill in some details as he analyzed the problem.
            markewaite Mark Waite made changes -
            Summary Local-part based user mapping results in cofused changelogs Local-part based user mapping results in confused changelogs
            markewaite Mark Waite made changes -
            Assignee Mark Waite [ markewaite ]
            jglick Jesse Glick made changes -
            Link This issue duplicates JENKINS-9016 [ JENKINS-9016 ]

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              danielbeck Daniel Beck
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated: