Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-1285

Create a usage statistic service collecting script security entries

    Details

    • Type: New Feature
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Won't Fix
    • Component/s: etc
    • Labels:
      None
    • Similar Issues:

      Description

      It would be useful if we had a service that, similar to usage statistics, could receive whitelist entries from script security. (Also rejected approvals if possible.)

      A corresponding feature in script security would allow them to easily opt into this, and then their Jenkins would periodically submit the data to the Jenkins infrastructure.

      From there, it would be published as statistic (e.g. ordered by popularity of any given entry) informing further updates of the default black/whitelists, as well as help understand real world pipeline usage.

      Concerns:

      • Privacy. I think opt in with prominent button to do so on the scriptApproval page should be OK. Or perhaps tied to the usage stats option (perhaps with additional option to opt in to/out of this specifically?), taking care to exclude the stupid core versions where that was broken?
      • Private plugin entries. Perhaps we need to filter for public plugin class/package names before publication? Otherwise just consider a cutoff of N submissions needed for an entry to be published, then the private stuff should not be in there unless from larger companies who should have their usage stats disabled anyway if they care.

      WDYT R. Tyler Croy Jesse Glick Andrew Bayer ?

      We'll probably need a thread on the dev/users lists to understand what the wider community thinks before implementing this, but I started here as I expect Tyler saying "lol no" is the most likely blocker

        Attachments

          Activity

          Hide
          danielbeck Daniel Beck added a comment -

          In today's infra hangout, R. Tyler Croy was fine with the overall idea, asked me to estimate traffic and storage requirements. He also offered to write the very basic service that takes requests and dumps them into a SQL DB for further processing once I know how the data would look like.

          Possible concerns were abusive submissions, but there may be a few strategies to handle fake data, and the application can take care of DoS type repeated submissions.

          Next steps, bring this idea to the dev list.

          Show
          danielbeck Daniel Beck added a comment - In today's infra hangout, R. Tyler Croy was fine with the overall idea, asked me to estimate traffic and storage requirements. He also offered to write the very basic service that takes requests and dumps them into a SQL DB for further processing once I know how the data would look like. Possible concerns were abusive submissions, but there may be a few strategies to handle fake data, and the application can take care of DoS type repeated submissions. Next steps, bring this idea to the dev list.
          Hide
          danielbeck Daniel Beck added a comment -

          I have no interest in this any longer.

          Show
          danielbeck Daniel Beck added a comment - I have no interest in this any longer.

            People

            • Assignee:
              danielbeck Daniel Beck
              Reporter:
              danielbeck Daniel Beck
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: