Skip to main content

Sonatype and Hudson/Jenkins: An Analysis

I'm dare say I'm a seasoned Hudson user (admin) and proponent. For over five years I've been introducing different kinds of CI at whichever place I worked at. When Hudson entered my radar, this work became a lot easier. I'm also a heavy Maven user, and Nexus did for Maven repositories what Hudson did for CI.

The Plot
Over recent weeks, the community around Hudson has been shaken by a fork: The main developers (Koshuke and crew) have renamed Hudson to Jenkins, while Oracle have kept on developing Hudson in partnership with Sonatype. Here's a simple illustration of what happened:

These are my pure external speculations about what has happened recently in the forking process, with regards to Sonatype's involvement in particular.

So who is running this show?
I noticed that Sonatype (usually personified by Jason) have gotten their fingers pretty deeply into the Hudson infrastructure already:

Like this tweet noted, it appears they are controlling Hudson's Twitter account. The @hudsonci account tweeted about something Maven-related, and it appeared it it was indeed meant for a Sonatype account.

And here it appears Jason is administering some of the Hudson infrastructure. 

It's no secret that Sonatype and Oracle are tightly partnered on this. But I think the relationship is more like one of a smart trickster sitting on the shoulders of a dumb giant.

Backstabbers and Benson
A lot of people felt betrayed when Sonatype chose to side with Hudson/Oracle in the fork. Heck, even I was disgruntled that my Maven heroes were going with the big evil anti-open source Oracle..

I've been pondering on why they did this unpopular move, and here's my rough guess:

The reason is Benson:
Benson is Sonatype's Maven-focused distribution of Hudson taking into account everything that we've learned about Maven 3.0 during its development and how Maven should operate optimally within a CI environment: there will be no better way to work with Maven and Hudson. Benson is Hudson's brother from another mother. (source)
As with any fork, maintaining it is expensive. I think Sonatype found it hard to keep Benson up to date with Hudson and all its plugins. Or maybe they wanted more changes in direction Nexus/Maven than the Koshuke crew were willing to go with.

See more about Benson in Jason's presentation from JavaZone 2010 (time 39:20).

A Genius Take-over
Had Hudson stayed under Koshuke's rapid development, Sonatype would've had to keep on maintaining Benson, merging in conflicting Hudson changes as they grew ever more distant from the fork.

Now, they can achieve the same with Hudson itself, and in the process they gain a huge brand by sticking to the Hudson name, and they also stay under Oracle's wing (this has its own con's, of course), with infrastructure and paid coding contributors.

So in a way, Hudson is the new Benson.

You can actually see this manifestation taking place right now. I guess you could simplify this to mean that Sonatype are now merging back the development they made in Benson. What the community is wondering, is why they didn't offer to do so before the fork (see the discussion in the comments), but that doesn't really matter anymore. Sonatype came in at exactly the right time, and did what was best for their company and customers. Nothing wrong with that.

My two biggest questions of this are:
  • Will Oracle put up with Sonatype's strategy over time?
  • Will Sonatype put up with Oracle's inherent bureaucratic inertia?
Over time there's nothing stopping Sonatype from forking out Benson again, if it turns out Oracle's wheels are winding too slow. Another possibility is that Oracle takes a liking to Sonatype's infrastructure tools and proposes a buy-up.

This is a Good Thing

I think Sonatype is one of those rare companies that are able to work the open-source ecosystem, making a profit while at the same time donating a huge amount of great tooling back to the community. Some times they have to make unpopular compromises in order to stay profitable, and this is what happened with Hudson/Jenkins.

Nexus is an awesome product. It shares many of Hudson's qualities: It *just works*, it looks nice, it's easy to upgrade and maintain. I hope Hudson will retain these qualities. I'm sure Jenkins will.

What path will you take?
Personally, I think I'll go with Jenkins for now. I'm tempted to go with Sonatype/Hudson because we extensively use Nexus and Maven, and we're not paying Sonatype-customers. At the same time, I have only moderate needs for stability, and from experience I'm very happy with the features vs stability rating of the Koshuke crew.

I think (but might be wrong), that Jenkins will outrace Hudson in terms of features and usability.

I fear, that Hudson will get tangled down with Oracle stuff (register here to download, etc).

I hope both will continue to exist and fulfill two different needs in the market. Best of luck to both of them!

Popular posts from this blog

Encrypting and Decrypting with Spring

I was recently working with protecting some sensitive data in a typical Java application with a database underneath. We convert the data on its way out of the application using Spring Security Crypto Utilities. It "was decided" that we'd be doing AES with a key-length of 256, and this just happens to be the kind of encryption Spring crypto does out of the box. Sweet!

The big aber is that whatever JRE is running the application has to be patched with Oracle's JCE in order to do 256 bits. It's a fascinating story, the short version being that U.S. companies are restricted from exporting various encryption algorithms to certain countries, and some countries are restricted from importing them.

Once I had patched my JRE with the JCE, I found it fascinating how straight forward it was to encrypt and decrypt using the Spring Encryptors. So just for fun at the weekend, I threw together a little desktop app that will encrypt and decrypt stuff for the given password and sa…

Managing dot-files with vcsh and myrepos

Say I want to get my dot-files out on a new computer. Here's what I do:

# install vcsh & myrepos via apt/brew/etc
vcsh clone https://github.com/tfnico/config-mr.git mr
mr update

Done! All dot-files are ready to use and in place. No deploy command, no linking up symlinks to the files. No checking/out in my entire home directory as a Git repository. Yet, all my dot-files are neatly kept in fine-grained repositories, and any changes I make are immediately ready to be committed:

config-atom.git
    -> ~/.atom/*

config-mr.git
    -> ~/.mrconfig
    -> ~/.config/mr/*

config-tmuxinator.git  
    -> ~/.tmuxinator/*

config-vim.git
    -> ~/.vimrc
    -> ~/.vim/*

config-bin.git   
    -> ~/bin/*

config-git.git          
    -> ~/.gitconfig

config-tmux.git  
    -> ~/.tmux.conf    

config-zsh.git
    -> ~/.zshrc

How can this be? The key here is to use vcsh to keep track of your dot-files, and its partner myrepos/mr for operating on many repositories at the same time.

I discovere…

Always use git-svn with --prefix

TLDR: I've recently been forced back into using git-svn, and while I was at it, I noticed that git-svn generally behaves a lot better when it is initialized using the --prefix option.

Frankly, I can't see any reason why you would ever want to use git-svn without --prefix. It even added some major simplifications to my old git-svn mirror setup.

Update: Some of the advantages of this solution will disappear in newer versions of Git.

For example, make a standard-layout svn clone:

$ git svn clone -s https://svn.company.com/repos/project-foo/

You'll get this .git/config:

[svn-remote "svn"]
        url = https://svn.company.com/repos/
        fetch = project-foo/trunk:refs/remotes/trunk
        branches = project-foo/branches/*:refs/remotes/*
        tags = project-foo/tags/*:refs/remotes/tags/*

And the remote branches looks like this (git branch -a):
    remotes/trunk
    remotes/feat-bar

(Compared to regular remote branches, they look very odd because there is no remote name i…

The Best Log Viewer Ever

This is what it looks like when I want to have a look through the logfile, to see what a user did on one of our machines one day:


Read the whole story about how it works on the Viaboxx Systems blog (and upvote on DZone!).

Microsoft ups their Git efforts another notch

This week Microsoft announced first class Git support embedded in the coming version of Visual Studio.

Now, it's not completely shocking. We could have seen it coming since Microsoft started offering Git repos on CodePlex, and more recently offering a Git client for TFS. In any case, these are some big news. Scott Hanselman weighs on some features and some more background here.

For those who are a bit unaware of what the Git situation on Windows looks like these days, I've dotted down these notes:
Some explanation on these:

msysGit has long been The Way to use Git on Windows. It's basically a port of Git itself, so it's a command-line tool.GitExtensions (includes Visual Studio integration), TortoiseGit, Git Shell, posh-git and most other tools are powered by msysGit.libgit2 is a native library for doing Git stuff. It is developed completely separate from Git itself. The above tools could (and should) probably use libgit2 instead of hooking onto and around msysGit.Github…