• GeSHi library error: sites/default/modules/geshifilter/geshi is not a directory.
  • GeSHi library error: sites/default/modules/geshifilter/geshi is not a directory.

Who's driving this thing?

There's been a lot of discussion on the new mailing lists as of late regarding some of the infrastructure and ownership of the Hudson project. In case you haven't been following along at home, I'll try to catch you up as impartially as possible.

The Facts

  • 2009.06.02: After substantial problems with infrastructure, the dev community discusses new infrastructure options, including SourceForge, Google Code, Kenai, Berlios, GitHub, etc. Instead of moving the entire project, some key components such as the are moved off of Discussions about moving source code off of and onto other hosts like GitHub come up almost every four months on the mailing lists, typically coinciding with serious downtime or reliability issues..
  • 2010.11.01: A discussion occurs on the developers mailing list about adding Winston Prakash, the Oracle engineer re-assigned to replace Kohsuke Kawaguchi (Hudson founder/lead developer), as a co-owner to the project. Winston mentions that his question was driven by Oracle management who felt he should "co-own the project." After a round of discussion, it's decided by the devs list that it's acceptable and grants Winston co-ownership of the project as a sign of good faith from the community towards Oracle.
  • 2010.11.17: Andrew Bayer, core contributor and maintainer of numerous plugins emails the users and devs list with a proposal to move the mailing lists off of which has had notorious reliability issues within the Java ecosystem and was scheduled for a series of downtimes and migrations over the coming weeks. Google Groups is selected as the most reasonable by the community.
  • 2010.11.19: Hudson project is lumped into the same migration bucket as Glassfish. Emails are sent to project owners, the users and the developers list. The mail to users and developers never arrives due to the sender not being subscribed. Both project owners (Kohsuke, Winston) miss the message, leaving the Hudson community in the dark regarding the pending migration.
  • 2010.11.22: Shortly after midnight, Jacob Robertson reports that his SVN credentials no longer work, Kohsuke informs the developers list that the project is locked due to the migration, SVN is inaccessible and mailing lists fail shortly after that. The Hudson project begins its migration from the legacy infrastructure to the newer infrastructure (formerly known as "Kenai"). A group of core Hudson community members accelerate the move to Google Groups, pushing out announcements via this blog and twitter hoping to keep as many members in the loop as possible.
  • 2010.11.23: Frustrated by the locking down of Hudson's source code, which sees between 3-8 commits to "core" a day, not counting the 300+ plugins, Kohsuke proposes moving to GitHub on the new developers mailing list. The general consensus amongst the plugin and core developers was to go forward with moving to GitHub, no major objections were raised by the developer community.
  • 2010.11.27: After Thanksgiving, Andrew Bayer submits the "formal proposal" for migrating over to GitHub, Sets a deadline of the following tuesday (2010.11.30) for raising any major objections before "flipping the switch."

The Monday morning prior to the planned switchover to GitHub, Oracle Senior VP of Tools and Middleware Ted Farrell sent a message to the users list expressing concerns he had regarding the migration of the Hudson codebase from to GitHub:

New Hudson Mailing Lists!

Duke is not amused :(As Kohsuke mentioned in this post, the migration has caught just about everybody off-guard in the Hudson community.

The tools we use hosted by are essentially locked from us until further notice (no ETA on the migration) which is, as you might imagine frustrating both for the core developers but hundreds of plugin developers that make Hudson the best damned CI server on the planet.

For source code we're working on getting something in place for contributions on GitHub thanks to some assistance from the GitHub team.

For mailing lists we've gone ahead and dumped mailing lists in favor of a collection of Google Groups:

Contrary to popular belief, you do not need a Google account to subscribe to these lists, else we wouldn't have chosen Google Groups. All you need to do is send an email to "" and you'll receive a confirmation email from the mailing list server shortly.

Since our isn't actually hosted on, but rather on a machine provided by Oracle, they should continue to function as per usual. The login for the systems is somewhat tied to so I am honestly not sure how stable they will be this week.

I apologize sincerely for the confusion and frustration, you can trust that we're likely ten-times more frustrated with this situation right now.

Hudson Anonymous Usage Data

In late 2008, the Hudson team released version 1.264 which added an anonymous reporting feature (you can opt-out in the "Manage Hudson" screen). The reporting feature has been sending information back to the Hudson team to help us understand how Hudson is used in aggregate; the info being reported includes the number of jobs configured, slave configurations, what plugins (and what versions of those plugins) are installed, and more. This data has not been available publicly until now! The raw data needed to be decrypted and scrubbed of any potentially identifying information, such as non-public plugin names or usernames in snapshot versions. We've finally scrubbed the data and are making it available!

The data is currently in monthly JSON bundles, organized by unique install key. We've filtered out reports of installations without any jobs configured, as well as any installations with only one report in a given month.

Big Security Fix! Hudson 1.371 Released

Hot on the heels of Hudson 1.370, which was released last Friday, the Hudson team released 1.371 which addresses a critical vulnerability in all Hudson versions prior to 1.371. The vulnerability was disclosed by InfraDNA in the following security advisory, which details the issue:

This critical vulnerability allows an attacker to use CLI commands that they are otherwise unauthorized for. CLI commands can perform various administrative operations.

It is advised that all Hudson instances be upgraded immediately to avoid data loss or other ill effects from this issue. If you're upgrading from a version earlier than 1.370, you can consult the changelog for details on the other bug fixes and enhancements covered by the upgrade of your version to 1.371.

If you run a Hudson instance, it is recommended that Hudson system admins subscribe to either the security advisories RSS feed or the advisories@ mailing list

Dogfooding Hudson - We're Looking for Slaves!

As you may have noticed, thanks to the link on this and the other pages here at, the Hudson development community has recently introduced, the official Hudson-on-Hudson instance. We're currently building Hudson proper, the Hudson core RC branch, individual builds for the various Hudson plugins and Gerrit, as well as various libraries and infrastructure jobs Hudson depends on.