[Jenkins-infra] INFRA-2275: Allow CloudBees Product Hub App to access jenkinsci GitHub org?

Baptiste Mathus bmathus at cloudbees.com
Wed Oct 16 14:11:43 UTC 2019


On Fri, Oct 11, 2019 at 5:37 PM R. Tyler Croy <rtyler at brokenco.de> wrote:

> (replies inline)
>
> On Fri, 11 Oct 2019, Baptiste Mathus wrote:
>
> > I would like to formally request the Jenkins Project considers approving
> the
> > "CloudBees Product App" access to [1]https://github.com/jenkinsci/.
> > I am tracking this at [2]
> https://issues.jenkins-ci.org/browse/INFRA-2275
> >
> > This GitHub App relates to ongoing CloudBees work around [3]Software
> Delivery
> > Management, which was also demoed during [4]Devops World Jenkins World
> 2019
> > some weeks ago.
>
>
> Stuff like this I think is generally fine to enable at an organization
> level,
> but we need to be mindful of a couple things:
>
>  * Whether the application is going to write any status checks, or show
> things
>    up in the UI. For applications that are going to drop things on every
> pull
>    request, for example, we should be more conservative.
>

This is pure Readonly at this stage. So from this standpoint we're pretty
safe.
Even if that is coming from my company, I do not think I would have even
asked if this was for requesting Write-access.
So I perfectly understand *and* agree with this stance.


>
>  * Whether the application is going to read and collect, to our knowledge,
>    member information. While the `jenkinsci` organization is open,
> authorized
>    applications can spam our members in a way that is not otherwise doable
> by a
>    web crawler (for example).
>

What we do with this data is documented at
https://go.cloudbees.com/docs/cloudbees/cloudbees-administer/integrations/


>
>  * And finally, does the application provide value to the Jenkins project.
> We
>    have a lot of rich and interesting data that some folks may want access
> to
>    for whatever reasons.


>
> WIth this application, the only thing that is not answered to me is: what
> value does this provide for the Jenkins project?
>

This is still early stage for this product, but definitely the goal is to
empower developers and provide visibility on their dev pipeline.
Currently, it would provide ways to improve visibility to CloudBees
developers contributing to the Jenkins Project :-).



>
>
>
>
> Cheers
>
> --
> GitHub:  https://github.com/rtyler
>
> GPG Key ID: 0F2298A980EE31ACCA0A7825E5C92681BEF6CEA2
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jenkins-ci.org/pipermail/jenkins-infra/attachments/20191016/3a12f956/attachment.html>


More information about the Jenkins-infra mailing list