Juju Charms Collection
jenkins package

Please remove jenkins from trusty

  1. Trusty Tahr (14.04)
  2. Bug #1294005
Bug #1294005 reported by James Page
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
jenkins (Juju Charms Collection)
Trusty
New
Undecided
Unassigned
jenkins (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

The jenkins we have in trusty is the previous LTS release of jenkins; it contains numerous security vulnerabilities and the maintainer of the Jenkins packages in Ubuntu and Debian (myself) no longer has the capacity to maintain Jenkins plus associated dependencies.

Also having had Jenkins in Ubuntu for the last two years, I also question its supportability in distro; upstream advances quickly and backporting critical security fixes is very hard due to refactoring in the codebase in-between LTS releases of Jenkins (every 3 months or so).

My recommendation is that users switch to using the upstream packages.

See original description
Tags: audit
James Page (james-page)
description: updated
Revision history for this message
Colin Watson (cjwatson) wrote :

There are some reverse-dependencies here that need to be resolved: looking at direct dependencies, there's jenkins-instance-identity and jenkins-ssh-cli-auth.

Changed in jenkins (Ubuntu):
status: New → Incomplete
Revision history for this message
Colin Watson (cjwatson) wrote :
Download full text (4.2 KiB)

Removing packages from trusty:
        jenkins 1.509.2+dfsg-2 in trusty
                jenkins 1.509.2+dfsg-2 in trusty amd64
                jenkins 1.509.2+dfsg-2 in trusty arm64
                jenkins 1.509.2+dfsg-2 in trusty armhf
                jenkins 1.509.2+dfsg-2 in trusty i386
                jenkins 1.509.2+dfsg-2 in trusty powerpc
                jenkins 1.509.2+dfsg-2 in trusty ppc64el
                jenkins-cli 1.509.2+dfsg-2 in trusty amd64
                jenkins-cli 1.509.2+dfsg-2 in trusty arm64
                jenkins-cli 1.509.2+dfsg-2 in trusty armhf
                jenkins-cli 1.509.2+dfsg-2 in trusty i386
                jenkins-cli 1.509.2+dfsg-2 in trusty powerpc
                jenkins-cli 1.509.2+dfsg-2 in trusty ppc64el
                jenkins-common 1.509.2+dfsg-2 in trusty amd64
                jenkins-common 1.509.2+dfsg-2 in trusty arm64
                jenkins-common 1.509.2+dfsg-2 in trusty armhf
                jenkins-common 1.509.2+dfsg-2 in trusty i386
                jenkins-common 1.509.2+dfsg-2 in trusty powerpc
                jenkins-common 1.509.2+dfsg-2 in trusty ppc64el
                jenkins-external-job-monitor 1.509.2+dfsg-2 in trusty amd64
                jenkins-external-job-monitor 1.509.2+dfsg-2 in trusty arm64
                jenkins-external-job-monitor 1.509.2+dfsg-2 in trusty armhf
                jenkins-external-job-monitor 1.509.2+dfsg-2 in trusty i386
                jenkins-external-job-monitor 1.509.2+dfsg-2 in trusty powerpc
                jenkins-external-job-monitor 1.509.2+dfsg-2 in trusty ppc64el
                jenkins-slave 1.509.2+dfsg-2 in trusty amd64
                jenkins-slave 1.509.2+dfsg-2 in trusty arm64
                jenkins-slave 1.509.2+dfsg-2 in trusty armhf
                jenkins-slave 1.509.2+dfsg-2 in trusty i386
                jenkins-slave 1.509.2+dfsg-2 in trusty powerpc
                jenkins-slave 1.509.2+dfsg-2 in trusty ppc64el
                jenkins-tomcat 1.509.2+dfsg-2 in trusty amd64
                jenkins-tomcat 1.509.2+dfsg-2 in trusty arm64
                jenkins-tomcat 1.509.2+dfsg-2 in trusty armhf
                jenkins-tomcat 1.509.2+dfsg-2 in trusty i386
                jenkins-tomcat 1.509.2+dfsg-2 in trusty powerpc
                jenkins-tomcat 1.509.2+dfsg-2 in trusty ppc64el
                libjenkins-java 1.509.2+dfsg-2 in trusty amd64
                libjenkins-java 1.509.2+dfsg-2 in trusty arm64
                libjenkins-java 1.509.2+dfsg-2 in trusty armhf
                libjenkins-java 1.509.2+dfsg-2 in trusty i386
                libjenkins-java 1.509.2+dfsg-2 in trusty powerpc
                libjenkins-java 1.509.2+dfsg-2 in trusty ppc64el
                libjenkins-plugin-parent-java 1.509.2+dfsg-2 in trusty amd64
                libjenkins-plugin-parent-java 1.509.2+dfsg-2 in trusty arm64
                libjenkins-plugin-parent-java 1.509.2+dfsg-2 in trusty armhf
                libjenkins-plugin-parent-java 1.509.2+dfsg-2 in trusty i386
                libjenkins-plugin-parent-java 1.509.2+dfsg-2 in trusty powerpc
                libjenkins-plugin-parent-jav...

Read more...

Changed in jenkins (Ubuntu):
status: Incomplete → Fix Released
Revision history for this message
James Page (james-page) wrote :

The jenkins charm for trusty needs a few updates to deal with this change

no longer affects: jenkins (Juju Charms Collection)
Revision history for this message
Jorge Castro (jorge) wrote :

To the charmer who is reviewing this, the install hook needs to grab from these sources:

http://pkg.jenkins-ci.org/debian/

We'd also need a config option for the version so that a user can specify a specific Jenkins release if they want, but should just default to current.

tags: added: audit
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.