Skip to main content

Sonatype and Hudson/Jenkins: An Analysis

I'm dare say I'm a seasoned Hudson user (admin) and proponent. For over five years I've been introducing different kinds of CI at whichever place I worked at. When Hudson entered my radar, this work became a lot easier. I'm also a heavy Maven user, and Nexus did for Maven repositories what Hudson did for CI.

The Plot
Over recent weeks, the community around Hudson has been shaken by a fork: The main developers (Koshuke and crew) have renamed Hudson to Jenkins, while Oracle have kept on developing Hudson in partnership with Sonatype. Here's a simple illustration of what happened:

These are my pure external speculations about what has happened recently in the forking process, with regards to Sonatype's involvement in particular.

So who is running this show?
I noticed that Sonatype (usually personified by Jason) have gotten their fingers pretty deeply into the Hudson infrastructure already:

Like this tweet noted, it appears they are controlling Hudson's Twitter account. The @hudsonci account tweeted about something Maven-related, and it appeared it it was indeed meant for a Sonatype account.

And here it appears Jason is administering some of the Hudson infrastructure. 

It's no secret that Sonatype and Oracle are tightly partnered on this. But I think the relationship is more like one of a smart trickster sitting on the shoulders of a dumb giant.

Backstabbers and Benson
A lot of people felt betrayed when Sonatype chose to side with Hudson/Oracle in the fork. Heck, even I was disgruntled that my Maven heroes were going with the big evil anti-open source Oracle..

I've been pondering on why they did this unpopular move, and here's my rough guess:

The reason is Benson:
Benson is Sonatype's Maven-focused distribution of Hudson taking into account everything that we've learned about Maven 3.0 during its development and how Maven should operate optimally within a CI environment: there will be no better way to work with Maven and Hudson. Benson is Hudson's brother from another mother. (source)
As with any fork, maintaining it is expensive. I think Sonatype found it hard to keep Benson up to date with Hudson and all its plugins. Or maybe they wanted more changes in direction Nexus/Maven than the Koshuke crew were willing to go with.

See more about Benson in Jason's presentation from JavaZone 2010 (time 39:20).

A Genius Take-over
Had Hudson stayed under Koshuke's rapid development, Sonatype would've had to keep on maintaining Benson, merging in conflicting Hudson changes as they grew ever more distant from the fork.

Now, they can achieve the same with Hudson itself, and in the process they gain a huge brand by sticking to the Hudson name, and they also stay under Oracle's wing (this has its own con's, of course), with infrastructure and paid coding contributors.

So in a way, Hudson is the new Benson.

You can actually see this manifestation taking place right now. I guess you could simplify this to mean that Sonatype are now merging back the development they made in Benson. What the community is wondering, is why they didn't offer to do so before the fork (see the discussion in the comments), but that doesn't really matter anymore. Sonatype came in at exactly the right time, and did what was best for their company and customers. Nothing wrong with that.

My two biggest questions of this are:
  • Will Oracle put up with Sonatype's strategy over time?
  • Will Sonatype put up with Oracle's inherent bureaucratic inertia?
Over time there's nothing stopping Sonatype from forking out Benson again, if it turns out Oracle's wheels are winding too slow. Another possibility is that Oracle takes a liking to Sonatype's infrastructure tools and proposes a buy-up.

This is a Good Thing

I think Sonatype is one of those rare companies that are able to work the open-source ecosystem, making a profit while at the same time donating a huge amount of great tooling back to the community. Some times they have to make unpopular compromises in order to stay profitable, and this is what happened with Hudson/Jenkins.

Nexus is an awesome product. It shares many of Hudson's qualities: It *just works*, it looks nice, it's easy to upgrade and maintain. I hope Hudson will retain these qualities. I'm sure Jenkins will.

What path will you take?
Personally, I think I'll go with Jenkins for now. I'm tempted to go with Sonatype/Hudson because we extensively use Nexus and Maven, and we're not paying Sonatype-customers. At the same time, I have only moderate needs for stability, and from experience I'm very happy with the features vs stability rating of the Koshuke crew.

I think (but might be wrong), that Jenkins will outrace Hudson in terms of features and usability.

I fear, that Hudson will get tangled down with Oracle stuff (register here to download, etc).

I hope both will continue to exist and fulfill two different needs in the market. Best of luck to both of them!

Comments

  1. This comment has been removed by the author.

    ReplyDelete
  2. Things came out "too good to be true" for Sonatype as if the whole "fork" story was planned in advance and original Hudson developers together with Koshuke were provoked to fork and hmm .. just go away.

    ReplyDelete
  3. "Nexus is an awesome product. It didn't get where it is today based on happy chirpy volunteer work done in the evenings"

    Bit of back-handed insult to those of us happy chirpy volunteers who create awesome products in the evening.

    ReplyDelete
  4. Hi Ricardo, thanks for your comment.

    I didn't intend it as an insult. The two sentences are separated by a period, but perhaps it should've been a paragraph break.

    Happy chirpy was a poor choice of words, I'll admit. I'll edit them away.

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. Hello Thomas,

    thanks for this article with some real useful insights ;-)

    See also my blogpost about the same "issue".

    ReplyDelete
  7. I agree for the most part but I really can't understand how one can describe any product using ExtJS as awesome. Not only does ExtJS suck hairy donkey balls from a technical POV, it's also fugly from an asthetic POV, not to mention the licensing debacle which is reason enough for me not to use *any* product based on ExtJS. The same goes for Sonatype and van Zyl. I really like maven (probably for lack of better alternative...) but Nexus and everything else sucks and van Zyl especially sucks.

    ReplyDelete
  8. Hi Anon. I happen to like the Nexus UI a lot actually. I also trust Sonatype have their licenses in order, as I suspect JvZ is one of the most knowledgeable persons on software licensing out there.

    ReplyDelete

Post a Comment

Popular posts from this blog

Open source CMS evaluations

I have now seen three more or less serious open source CMS reviews. First guy to hit the field was Matt Raible ( 1 2 3 4 ), ending up with Drupal , Joomla , Magnolia , OpenCms and MeshCMS being runner-ups. Then there is OpenAdvantage that tries out a handful ( Drupal , Exponent CMS , Lenya , Mambo , and Silva ), including Plone which they use for their own site (funny/annoying that the entire site has no RSS-feeds, nor is it possible to comment on the articles), following Matt's approach by exluding many CMS that seem not to fit the criteria. It is somewhat strange that OpenAdvantage cuts away Magnolia because it "Requires J2EE server; difficult to install and configure; more of a framework than CMS", and proceed to include Apache Lenya in the full evaluation. Magnolia does not require a J2EE server. It runs on Tomcat just like Lenya does (maybe it's an idea to bundle Magnolia with Jetty to make it seem more lightweight). I'm still sure that OpenAdvant

Encrypting and Decrypting with Spring

I was recently working with protecting some sensitive data in a typical Java application with a database underneath. We convert the data on its way out of the application using Spring Security Crypto Utilities . It "was decided" that we'd be doing AES with a key-length of 256 , and this just happens to be the kind of encryption Spring crypto does out of the box. Sweet! The big aber is that whatever JRE is running the application has to be patched with Oracle's JCE  in order to do 256 bits. It's a fascinating story , the short version being that U.S. companies are restricted from exporting various encryption algorithms to certain countries, and some countries are restricted from importing them. Once I had patched my JRE with the JCE, I found it fascinating how straight forward it was to encrypt and decrypt using the Spring Encryptors. So just for fun at the weekend, I threw together a little desktop app that will encrypt and decrypt stuff for the given password

What I've Learned After a Month of Podcasting

So, it's been about a month since I launched   GitMinutes , and wow, it's been a fun ride. I have gotten a lot of feedback, and a lot more downloads/listeners than I had expected! Judging the numbers is hard, but a generous estimate is that somewhere around 2000-3000 have listened to the podcast, and about 500-1000 regularly download. Considering that only a percentage of my target audience actively listen to podcasts, these are some pretty good numbers. I've heard that 10% of the general population in the western world regularly listen to podcasts (probably a bit higher percentage among Git users), so I like to think I've reached a big chunk of the Git pros out there. GitMinutes has gathered 110 followers on Twitter, and 63, erm.. circlers on Google+, and it has received 117 +'es! And it's been flattr'ed twice :) Here are some of the things I learned during this last month: Conceptually.. Starting my own sandbox podcast for trying out everythin

The academical approach

Oops, seems I to published this post prematurely by hitting some Blogger keyboard shortcut. I've been sitting for some minutes trying to figure out how to approach the JavaZone talk mentioned in my previous blog-post. Note that I have already submitted an abstract to the comittee, and that I won't publish the abstract here in the blog. Now of course the abstract is pretty detailed on what the talk is going to be about, but I've still got some elbow room on how to "implement" the talk. I will use this blog as a tool to get my aim right on how to present the talk, what examples to include, what the slides should look like, and how to make it most straightforward and understandable for the audience. Now in lack of having done any presentations at a larger conference before, I'm gonna dig into what I learned at the University, which wasn't very much, but they did teach me how to write a research paper, a skill which I will adapt into creating my talk: The one

Git Stash Blooper (Could not restore untracked files from stash)

The other day I accidentally did a git stash -a , which means it stashes *everything*, including ignored output files (target, build, classes, etc). Ooooops.. What I meant to do was git stash -u , meaning stash modifications plus untracked new files. Anyhows, I ended up with a big fat stash I couldn't get back out. Each time I tried, I got something like this: .../target/temp/dozer.jar already exists, no checkout .../target/temp/core.jar already exists, no checkout .../target/temp/joda-time.jar already exists, no checkout .../target/foo.war already exists, no checkout Could not restore untracked files from stash No matter how I tried checking out different revisions (like the one where I actually made the stash), or using --force, I got the same error. Now these were one of those "keep cool for a second, there's a git way to fix this"situation. I figured: A stash is basically a commit. If we look at my recent commits using   git log --graph --