Introduction of new CI system

Luigi Toscano luigi.toscano at
Thu Jun 15 21:57:58 UTC 2017

Ben Cooksley ha scritto:
> On Fri, Jun 16, 2017 at 9:44 AM, Albert Astals Cid <aacid at> wrote:
>> El dijous, 15 de juny de 2017, a les 21:45:35 CEST, Ben Cooksley va escriure:
>>> On Tue, Jun 13, 2017 at 10:09 AM, Albert Astals Cid <aacid at> wrote:
>>>> El dissabte, 10 de juny de 2017, a les 19:20:46 CEST, Ben Cooksley va
>>>> escriure:
>>>>> On Sat, Jun 10, 2017 at 5:48 PM, Luigi Toscano <luigi.toscano at>
>>>> wrote:
>>>>>> Il 10 giugno 2017 07:05:53 CEST, Ben Cooksley <bcooksley at> ha
>>>> scritto:
>>>>>>> Next week we will be introducing the new Continuous Integration system.
>>>>>>> It can currently be found at
>>>>>>> In regards to Qt 4 support, this has been discontinued. Only KF5 / Qt
>>>>>>> 5 builds are supported from this point onward.
>>>>>> As long as KDE Applications keeps releasing kdelibs4 and some relates
>>>>>> software, as widely advertised for months with no complaints (lifecycle
>>>>>> of KDE Applications 17.08), we need the old CI.
>>>>> The old CI will be shutdown as soon as is practicable following the
>>>>> transition. At this point it represents a significant security risk
>>>>> due to multiple issues both in Jenkins itself and some of the plugins
>>>>> we run. These cannot be resolved to limitations in the available
>>>>> versions of Java for the system which currently hosts the old CI
>>>>> system.
>>>>> During earlier discussion it was agreed that for the short remaining
>>>>> time (less than 2 months at this point essentially) we could go
>>>>> without CI so I don't see much of an issue here.
>>>> Did I really agree to that? It would be one of those times i surprise
>>>> myself.
>>> I think so, at least that is what memory says. Can't find the thread
>>> where we discussed it though at all currently...
>> Is it really that bad to leave it running for a few months more? What's the
>> worst that could happen?
> The list of issues we are vulnerable to is numerous.
> As shown by the frontend these include unauthenticated arbitrary code
> execution in the context of Jenkins itself, account impersonation, man
> in the middle vulnerabilities and CSRF issues.
> A good chunk of these are shown at
> but there are others
> as well.

So after the new jenkins is in place for Qt5 jobs, updating the current
Jenkins can lead to two results:
a) it still works
b) it does not work anymore

If b), it's not different than the expected status.
If a), it means that it can still works until November, when the last release
of 16.08 is planned.


More information about the release-team mailing list