GitHub issues option in HOSTING

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
84 messages Options
12345
Reply | Threaded
Open this post in threaded view
|

Re: GitHub issues option in HOSTING

Radosław Antoniuk
Resurrecting via PR: https://github.com/jenkinsci/.github/pull/42/files - let's discuss this there.

Regarding Security issues - maybe GH new Security Advisories hub could be used for that?
https://help.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories
https://github.blog/2020-05-26-giving-credit-for-security-advisories/

Cheers,
Radek

Sent with Shift

On Wed, Jun 24, 2020 at 5:59 PM Tim Jacomb <[hidden email]> wrote:


On Wed, 24 Jun 2020 at 16:17, Radosław Antoniuk <[hidden email]> wrote:

Since now we know we have the GH issues templates... what do you think about creating a central (i.e. pre-defined and shared across all plugins), how about:
- creating a unified GH issue template for the whole jenkinsci organisation (i.e. pre-defined template)
- push this template via PR to all the plugin repositories (regardless of whether they use Jira or GH)
- automatically create new plugin repositories with this template
- (?) create a bot that would pull all "security" labelled issues into Jira security project or wherever it may be

I agree it would be good to create the GitHub issue templates in the .github repository

Not sure why we would need to create a PR to all plugin repositories as GitHub will automatically use the central one if there isn't one in the repository

There's a PR to archetypes which adds all of our standard files that make plugin maintenance easier:

Thanks
Tim

 

Radek

On Tue, Jun 23, 2020 at 1:20 PM 'Olblak' via Jenkins Developers <[hidden email]> wrote:
Hi,

I think this mail discussion is a proof that we won't easily find a consensus any time soon.
I just want to add that we started discussing with Linux foundation  infra team to see if they could maintained a managed version of Jira for us, more information in this email.

So please keep discussing about Jira and/or Github Issues here and things specific to how we maintain issues.jenkins-ci.org on the other thread.

Cheers 

On Fri, Jun 19, 2020, at 12:58 PM, Radosław Antoniuk wrote:
On Fri, Jun 19, 2020 at 12:30 PM Tim Jacomb <[hidden email]> wrote:
On Fri, 19 Jun 2020 at 10:36, Daniel Beck <[hidden email]> wrote:
Having a screen like https://github.com/jenkinsci/configuration-as-code-plugin/issues/new/choose could help here, but that's far from universal right now. Is this something that could be defined via .github? Having a screen similar to this would be the bare minimum for GH issue tracking already today.

Yes that is possible, I've just tested it out:

(I don't have the security file in my org but it would show up if it was configured)
 
Nice, exactly that.
So, security report via a template, that auto-adds "security" label, that can be pulled into (or referenced) a central security project.


--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].

--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/haFTYlhp7h8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/016c48f3-1c26-4d43-9abb-897560659eab%40www.fastmail.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWi%2BTORuHK%2BUS7mVeBSWsgLf%3DzzyK9B_N5K7oxT%2BgFDkAw%40mail.gmail.com.

--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/haFTYlhp7h8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3BieRTUowW6w_m3COParXVKFPkdkU9Qqz8x_neskxDfECfg%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWgn6nJ%3DBdZokq26ZLWjxrAQgVOQpB3rSn6U6zA4MLLb5Q%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: GitHub issues option in HOSTING

Daniel Beck


> On 15. Feb 2021, at 20:32, Radek Antoniuk <[hidden email]> wrote:
>
> Regarding Security issues - maybe GH new Security Advisories hub could be used for that?
> https://help.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories
> https://github.blog/2020-05-26-giving-credit-for-security-advisories/

Our usual workflow is documented in some detail in https://www.jenkins.io/security/for-maintainers/ and I don't see how this helps with that at all. Could you elaborate?

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/40E92982-43AF-403C-AC71-519BBE449CA2%40beckweb.net.
Reply | Threaded
Open this post in threaded view
|

Re: GitHub issues option in HOSTING

Radosław Antoniuk
>> Regarding Security issues - maybe GH new Security Advisories hub could be used for that?

> Our usual workflow is documented in some detail in https://www.jenkins.io/security/for-maintainers/ and I don't see how this helps with that at all. Could you elaborate?

Thanks for the link. I'm imagining it in exactly the same way because GH follows the same principle for security vulnerabilities reporting:

Let me know if I missed something but for me this process looks exactly the same when we replace Jira with GH Security Advisories system described above.
The only thing I see missing here is probably the possibility for non-write members to be able to create the private security advisory but I can imagine this could be solved via a workflow or a common mailbox.

Other than that, do you have any review comments on https://github.com/jenkinsci/.github/pull/42 ?



-- 
Sent with Shift

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWifJ%2BuexSS%2B2EieE-HOoASHqBjmcQam7Fohp7_nTZ7Y7g%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: GitHub issues option in HOSTING

Daniel Beck
In reply to this post by Tim Jacomb


> On 21. Feb 2021, at 16:50, Radek Antoniuk <[hidden email]> wrote:
>
>
> Let me know if I missed something but for me this process looks exactly the
> same when we replace Jira with GH Security Advisories system described
> above.
> The only thing I see missing here is probably the possibility for non-write
> members to be able to create the private security advisory but I can
> imagine this could be solved via a workflow or a common mailbox.

The "only thing missing" is a major reason we use Jira. And we've been pretty terrible at mailboxes for years. The HOSTING Jira only exists because of that. If people started reporting via email in large numbers, we'd simply fold.

At first I had a giant wall of text here, explaining in detail why it's unnecessary, but really it boils down to GitHub Security Advisories not offering a single thing we want or need, and don't already do (often better). I'm really curious what you think we'd get in return for a _lot_ of additional work, both migration and ongoing, here.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/2CF983FD-4DC7-425D-BF22-4E6B9270FAE4%40beckweb.net.
12345