Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-1057

Archive of all hpi files in the update center

    Details

    • Similar Issues:

      Description

      I am running a data analysis experiment to achieve the following goals:

      • If plugins in the update center can be installed (all direct dependencies exist, are not corrupted)
      • Developing a new algorithm to check for update center consistency so that when a user asks for a plugin to be installed, all its transitive dependencies actually exist and the Jenkins instance is not bricked.
      • Developing a new algorithm for plugin dependency resolution
        • Direct version decedents (new, safer behaviour)
        • update to latest of installed (current behaviour)
      • Build reports for plugin developers on how valid their dependency chains are
      • Build tooling for the security team to analyse what parts of the ecosystem are depending on plugins with known vulnerabilities

      I would like a snapshot of all the HPIs available via the update center, including all back versions of each plugin and their sha1/md5 checksum files to verify the above goals.

      There is some code already written but I'd like to prove it out using real data before proposing it to the developer list.

        Attachments

          Activity

          jamesdumay James Dumay created issue -
          jamesdumay James Dumay made changes -
          Field Original Value New Value
          Rank Ranked higher
          jamesdumay James Dumay made changes -
          Description I am running a data analysis experiment to achieve the following goals:
          * If plugins in the update center can be installed (all direct dependencies exist, are not corrupted)
          * Developing a new algorithm to check for update center consistency so that when a user asks for a plugin to be installed, all its transitive dependencies actually exist.
          * Developing a new algorithm for plugin dependency resolution
          ** Direct version decedents
          ** update to latest of installed
          * Build reports for plugin developers on how valid their dependency chains are
          * Build tooling for the security team to analyse what parts of the ecosystem are depending on plugins with know vulnerabilities

          I would like a snapshot of all the HPIs available via the update center, including all back versions of each plugin and their sha1/md5 checksum files to verify the above goals.

          There is some code already written but I'd like to prove it out using real data before proposing it to the developer list.
          I am running a data analysis experiment to achieve the following goals:
          * If plugins in the update center can be installed (all direct dependencies exist, are not corrupted)
          * Developing a new algorithm to check for update center consistency so that when a user asks for a plugin to be installed, all its transitive dependencies actually exist.
          * Developing a new algorithm for plugin dependency resolution
          ** Direct version decedents (new, safer behaviour)
          ** update to latest of installed (current behaviour)
          * Build reports for plugin developers on how valid their dependency chains are
          * Build tooling for the security team to analyse what parts of the ecosystem are depending on plugins with know vulnerabilities

          I would like a snapshot of all the HPIs available via the update center, including all back versions of each plugin and their sha1/md5 checksum files to verify the above goals.

          There is some code already written but I'd like to prove it out using real data before proposing it to the developer list.
          jamesdumay James Dumay made changes -
          Description I am running a data analysis experiment to achieve the following goals:
          * If plugins in the update center can be installed (all direct dependencies exist, are not corrupted)
          * Developing a new algorithm to check for update center consistency so that when a user asks for a plugin to be installed, all its transitive dependencies actually exist.
          * Developing a new algorithm for plugin dependency resolution
          ** Direct version decedents (new, safer behaviour)
          ** update to latest of installed (current behaviour)
          * Build reports for plugin developers on how valid their dependency chains are
          * Build tooling for the security team to analyse what parts of the ecosystem are depending on plugins with know vulnerabilities

          I would like a snapshot of all the HPIs available via the update center, including all back versions of each plugin and their sha1/md5 checksum files to verify the above goals.

          There is some code already written but I'd like to prove it out using real data before proposing it to the developer list.
          I am running a data analysis experiment to achieve the following goals:
          * If plugins in the update center can be installed (all direct dependencies exist, are not corrupted)
          * Developing a new algorithm to check for update center consistency so that when a user asks for a plugin to be installed, all its transitive dependencies actually exist.
          * Developing a new algorithm for plugin dependency resolution
          ** Direct version decedents (new, safer behaviour)
          ** update to latest of installed (current behaviour)
          * Build reports for plugin developers on how valid their dependency chains are
          * Build tooling for the security team to analyse what parts of the ecosystem are depending on plugins with known vulnerabilities

          I would like a snapshot of all the HPIs available via the update center, including all back versions of each plugin and their sha1/md5 checksum files to verify the above goals.

          There is some code already written but I'd like to prove it out using real data before proposing it to the developer list.
          jamesdumay James Dumay made changes -
          Description I am running a data analysis experiment to achieve the following goals:
          * If plugins in the update center can be installed (all direct dependencies exist, are not corrupted)
          * Developing a new algorithm to check for update center consistency so that when a user asks for a plugin to be installed, all its transitive dependencies actually exist.
          * Developing a new algorithm for plugin dependency resolution
          ** Direct version decedents (new, safer behaviour)
          ** update to latest of installed (current behaviour)
          * Build reports for plugin developers on how valid their dependency chains are
          * Build tooling for the security team to analyse what parts of the ecosystem are depending on plugins with known vulnerabilities

          I would like a snapshot of all the HPIs available via the update center, including all back versions of each plugin and their sha1/md5 checksum files to verify the above goals.

          There is some code already written but I'd like to prove it out using real data before proposing it to the developer list.
          I am running a data analysis experiment to achieve the following goals:
          * If plugins in the update center can be installed (all direct dependencies exist, are not corrupted)
          * Developing a new algorithm to check for update center consistency so that when a user asks for a plugin to be installed, all its transitive dependencies actually exist and the Jenkins instance is not bricked.
          * Developing a new algorithm for plugin dependency resolution
          ** Direct version decedents (new, safer behaviour)
          ** update to latest of installed (current behaviour)
          * Build reports for plugin developers on how valid their dependency chains are
          * Build tooling for the security team to analyse what parts of the ecosystem are depending on plugins with known vulnerabilities

          I would like a snapshot of all the HPIs available via the update center, including all back versions of each plugin and their sha1/md5 checksum files to verify the above goals.

          There is some code already written but I'd like to prove it out using real data before proposing it to the developer list.
          danielbeck Daniel Beck made changes -
          Assignee Daniel Beck [ danielbeck ]
          danielbeck Daniel Beck made changes -
          Status Open [ 1 ] Closed [ 6 ]
          Resolution Won't Fix [ 2 ]

            People

            • Assignee:
              Unassigned
              Reporter:
              jamesdumay James Dumay
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: