creating an Oracle account to get JDKs
jdk-tool should anyway be amended to use anonymous OpenJDK downloads by default. CC Devin Nusbaum
the certificate store is locked down
In the Jenkins JVM? I thought this was only used in the evergreen-client (client.js acc. to code search)? FWIW this seems like it is guaranteed to cause all kinds of mayhem, not just for tool downloads. Surely you can find some better mechanism, such as restricting certificate customizations to the actual code contacting this server.
encourage the heavy use of Pipeline and Docker in Evergreen rather than support half-baked features like Tool Installers
Well, tools and tool installers are supported by Pipeline, and (writing as a principal author of it!) the Pipeline Docker plugin is one of the least baked features in Jenkins and IMO should not be included in Essentials^H^H^H^H^H^H^H^H^H^HEvergreen at all.
At any rate, to the subject of the issue, I certainly agree with the notion that we should discourage use of tools.