In my corporate environment, we are working behind a firewall that returns 
"nice" HTML webpages with detailed error instructions instead of a plain 
"connection refused" error in situations of invalid PROXY settings.

We have experienced several times that Jenkins servers with improper PROXY 
settings will download jpi-files for plugin updates containing just "error 
HTML webpage" content. Jenkins doesn't seem to detect this, and instead 
tries to install the corrupted plugin. What then happens is that the plugin 
upgrade fails, and the plugin gets _uninstalled_ altogether. Any 
job-configuration related to the accidentally uninstalled plugin then also 
seems to be removed, which is pretty serious.

Would it be possible to add some sort of integrity-verification to 
downloaded jpi-files prior to install them, so that we avoid accidentally 
uninstalling plugins?


Thanks in advance,
Fredrik Orderud

Reply via email to