It would be useful if we had a service that, similar to usage statistics, could receive whitelist entries from script security. (Also rejected approvals if possible.)
A corresponding feature in script security would allow them to easily opt into this, and then their Jenkins would periodically submit the data to the Jenkins infrastructure.
From there, it would be published as statistic (e.g. ordered by popularity of any given entry) informing further updates of the default black/whitelists, as well as help understand real world pipeline usage.
- Privacy. I think opt in with prominent button to do so on the scriptApproval page should be OK. Or perhaps tied to the usage stats option (perhaps with additional option to opt in to/out of this specifically?), taking care to exclude the stupid core versions where that was broken?
- Private plugin entries. Perhaps we need to filter for public plugin class/package names before publication? Otherwise just consider a cutoff of N submissions needed for an entry to be published, then the private stuff should not be in there unless from larger companies who should have their usage stats disabled anyway if they care.
We'll probably need a thread on the dev/users lists to understand what the wider community thinks before implementing this, but I started here as I expect Tyler saying "lol no" is the most likely blocker