From f9eb151f19ca012efda57619e72d78fa4d712902 Mon Sep 17 00:00:00 2001 From: Mark Waite Date: Sat, 9 Dec 2023 06:15:11 -0700 Subject: [PATCH] Suspend Crowd2 plugin distribution - uses closed source dependency https://github.com/jenkins-infra/helpdesk/issues/3854 explains that the Crowd2 integration plugin uses a dependency that is not open source licensed. The Crowd2 integration library is Atlassian licensed as described in https://github.com/jenkins-infra/helpdesk/issues/3842#issuecomment-1847559631 The Atlassian license is not an open source license. Refer to https://www.atlassian.com/legal/software-license-agreement for the details of the license. https://www.jenkins.io/project/governance/#license says that the Jenkins project requires plugins that it distributes to be open source, including their dependencies. When a closed source dependency is detected in a plugin, we suspend distribution of that plugin. If maintainers update the plugin to remove the closed source dependency, distribution can begin for the new release that removes the closed source dependency. Fixes https://github.com/jenkins-infra/helpdesk/issues/3854 --- resources/artifact-ignores.properties | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/resources/artifact-ignores.properties b/resources/artifact-ignores.properties index cbfb9d8eb..152cfa21b 100644 --- a/resources/artifact-ignores.properties +++ b/resources/artifact-ignores.properties @@ -402,7 +402,6 @@ uno-choice@1.5.3 # While we serve pre-2.7 update sites; depends on # depends on scripttrigger xtrigger = https://www.jenkins.io/security/plugins/#suspensions - # These plugins implement Groovy scripting in an unsafe way, but are currently unreleased -- so suspend preemptively groovy-choice-parameter groovy-script-scheduler @@ -887,3 +886,11 @@ batch-task@1.16 # SECURITY-1025 batch-task@1.17 # SECURITY-1025 batch-task@1.18 # SECURITY-1025 batch-task@1.19 # SECURITY-1025 + +# Non-open dependency, refer to: +# https://github.com/jenkins-infra/helpdesk/issues/3854 +# https://github.com/jenkins-infra/helpdesk/issues/3842#issuecomment-1839385370 +# https://github.com/jenkins-infra/helpdesk/issues/3842#issuecomment-1841569022 +# https://github.com/jenkins-infra/helpdesk/issues/3842#issuecomment-1847399101 +# https://github.com/jenkins-infra/helpdesk/issues/3842#issuecomment-1847559631 +crowd2 = https://github.com/jenkins-infra/helpdesk/issues/3854