Skip to main content

Sonatype and Hudson/Jenkins: An Analysis

I'm dare say I'm a seasoned Hudson user (admin) and proponent. For over five years I've been introducing different kinds of CI at whichever place I worked at. When Hudson entered my radar, this work became a lot easier. I'm also a heavy Maven user, and Nexus did for Maven repositories what Hudson did for CI.

The Plot
Over recent weeks, the community around Hudson has been shaken by a fork: The main developers (Koshuke and crew) have renamed Hudson to Jenkins, while Oracle have kept on developing Hudson in partnership with Sonatype. Here's a simple illustration of what happened:

These are my pure external speculations about what has happened recently in the forking process, with regards to Sonatype's involvement in particular.

So who is running this show?
I noticed that Sonatype (usually personified by Jason) have gotten their fingers pretty deeply into the Hudson infrastructure already:

Like this tweet noted, it appears they are controlling Hudson's Twitter account. The @hudsonci account tweeted about something Maven-related, and it appeared it it was indeed meant for a Sonatype account.

And here it appears Jason is administering some of the Hudson infrastructure. 

It's no secret that Sonatype and Oracle are tightly partnered on this. But I think the relationship is more like one of a smart trickster sitting on the shoulders of a dumb giant.

Backstabbers and Benson
A lot of people felt betrayed when Sonatype chose to side with Hudson/Oracle in the fork. Heck, even I was disgruntled that my Maven heroes were going with the big evil anti-open source Oracle..

I've been pondering on why they did this unpopular move, and here's my rough guess:

The reason is Benson:
Benson is Sonatype's Maven-focused distribution of Hudson taking into account everything that we've learned about Maven 3.0 during its development and how Maven should operate optimally within a CI environment: there will be no better way to work with Maven and Hudson. Benson is Hudson's brother from another mother. (source)
As with any fork, maintaining it is expensive. I think Sonatype found it hard to keep Benson up to date with Hudson and all its plugins. Or maybe they wanted more changes in direction Nexus/Maven than the Koshuke crew were willing to go with.

See more about Benson in Jason's presentation from JavaZone 2010 (time 39:20).

A Genius Take-over
Had Hudson stayed under Koshuke's rapid development, Sonatype would've had to keep on maintaining Benson, merging in conflicting Hudson changes as they grew ever more distant from the fork.

Now, they can achieve the same with Hudson itself, and in the process they gain a huge brand by sticking to the Hudson name, and they also stay under Oracle's wing (this has its own con's, of course), with infrastructure and paid coding contributors.

So in a way, Hudson is the new Benson.

You can actually see this manifestation taking place right now. I guess you could simplify this to mean that Sonatype are now merging back the development they made in Benson. What the community is wondering, is why they didn't offer to do so before the fork (see the discussion in the comments), but that doesn't really matter anymore. Sonatype came in at exactly the right time, and did what was best for their company and customers. Nothing wrong with that.

My two biggest questions of this are:
  • Will Oracle put up with Sonatype's strategy over time?
  • Will Sonatype put up with Oracle's inherent bureaucratic inertia?
Over time there's nothing stopping Sonatype from forking out Benson again, if it turns out Oracle's wheels are winding too slow. Another possibility is that Oracle takes a liking to Sonatype's infrastructure tools and proposes a buy-up.

This is a Good Thing

I think Sonatype is one of those rare companies that are able to work the open-source ecosystem, making a profit while at the same time donating a huge amount of great tooling back to the community. Some times they have to make unpopular compromises in order to stay profitable, and this is what happened with Hudson/Jenkins.

Nexus is an awesome product. It shares many of Hudson's qualities: It *just works*, it looks nice, it's easy to upgrade and maintain. I hope Hudson will retain these qualities. I'm sure Jenkins will.

What path will you take?
Personally, I think I'll go with Jenkins for now. I'm tempted to go with Sonatype/Hudson because we extensively use Nexus and Maven, and we're not paying Sonatype-customers. At the same time, I have only moderate needs for stability, and from experience I'm very happy with the features vs stability rating of the Koshuke crew.

I think (but might be wrong), that Jenkins will outrace Hudson in terms of features and usability.

I fear, that Hudson will get tangled down with Oracle stuff (register here to download, etc).

I hope both will continue to exist and fulfill two different needs in the market. Best of luck to both of them!

Comments

  1. This comment has been removed by the author.

    ReplyDelete
  2. Things came out "too good to be true" for Sonatype as if the whole "fork" story was planned in advance and original Hudson developers together with Koshuke were provoked to fork and hmm .. just go away.

    ReplyDelete
  3. "Nexus is an awesome product. It didn't get where it is today based on happy chirpy volunteer work done in the evenings"

    Bit of back-handed insult to those of us happy chirpy volunteers who create awesome products in the evening.

    ReplyDelete
  4. Hi Ricardo, thanks for your comment.

    I didn't intend it as an insult. The two sentences are separated by a period, but perhaps it should've been a paragraph break.

    Happy chirpy was a poor choice of words, I'll admit. I'll edit them away.

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. Hello Thomas,

    thanks for this article with some real useful insights ;-)

    See also my blogpost about the same "issue".

    ReplyDelete
  7. I agree for the most part but I really can't understand how one can describe any product using ExtJS as awesome. Not only does ExtJS suck hairy donkey balls from a technical POV, it's also fugly from an asthetic POV, not to mention the licensing debacle which is reason enough for me not to use *any* product based on ExtJS. The same goes for Sonatype and van Zyl. I really like maven (probably for lack of better alternative...) but Nexus and everything else sucks and van Zyl especially sucks.

    ReplyDelete
  8. Hi Anon. I happen to like the Nexus UI a lot actually. I also trust Sonatype have their licenses in order, as I suspect JvZ is one of the most knowledgeable persons on software licensing out there.

    ReplyDelete

Post a Comment

Popular posts from this blog

Managing dot-files with vcsh and myrepos

Say I want to get my dot-files out on a new computer. Here's what I do:

# install vcsh & myrepos via apt/brew/etc
vcsh clone https://github.com/tfnico/config-mr.git mr
mr update

Done! All dot-files are ready to use and in place. No deploy command, no linking up symlinks to the files. No checking/out in my entire home directory as a Git repository. Yet, all my dot-files are neatly kept in fine-grained repositories, and any changes I make are immediately ready to be committed:

config-atom.git
    -> ~/.atom/*

config-mr.git
    -> ~/.mrconfig
    -> ~/.config/mr/*

config-tmuxinator.git  
    -> ~/.tmuxinator/*

config-vim.git
    -> ~/.vimrc
    -> ~/.vim/*

config-bin.git   
    -> ~/bin/*

config-git.git          
    -> ~/.gitconfig

config-tmux.git  
    -> ~/.tmux.conf    

config-zsh.git
    -> ~/.zshrc

How can this be? The key here is to use vcsh to keep track of your dot-files, and its partner myrepos/mr for operating on many repositories at the same time.

I discovere…

Working in Teams over Working as Individuals

I recentlypostedthis sketch on Twitter:

Thanks to a few mighty retweets, it gathered a lot of views (9000 impressions, whatever that means). While that's fun and all, I still felt a bit sad that such an awfully simple insight can garner much more popularity than a thorough blog post that I put some hours into.

So, rather than let Twitter get away with this, I'll steal my own content back into the blog :)

The thread went like this:

Pondering how to battle individualism in companies. For some, it is counter-intuitive that teams can be more responsive, faster and even more accountable than single individuals.

Having "teams" in place is no guarantee that team work is happening. Be wary of too large teams, "I/me/mine", personal contact details instead of team point of contact. Good team is sailing crew, not galley slaves.

Beware heroes, go-to persons, calling in favors and other shadow handling of work. Real teams make the work explicit, both requests/needs and re…

Encrypting and Decrypting with Spring

I was recently working with protecting some sensitive data in a typical Java application with a database underneath. We convert the data on its way out of the application using Spring Security Crypto Utilities. It "was decided" that we'd be doing AES with a key-length of 256, and this just happens to be the kind of encryption Spring crypto does out of the box. Sweet!

The big aber is that whatever JRE is running the application has to be patched with Oracle's JCE in order to do 256 bits. It's a fascinating story, the short version being that U.S. companies are restricted from exporting various encryption algorithms to certain countries, and some countries are restricted from importing them.

Once I had patched my JRE with the JCE, I found it fascinating how straight forward it was to encrypt and decrypt using the Spring Encryptors. So just for fun at the weekend, I threw together a little desktop app that will encrypt and decrypt stuff for the given password and sa…

The End of GitMinutes (my podcast)

I'm just about ship GitMinutes episode 46, which is going to be the final episode. I'll just paste the outro script here, as it sums up the sentimental thoughts pretty well:

I’m happy to have finally finished [publishing the last episodes from Git-Merge 2017], just in time before Git-Merge 2018 takes place in March. I won’t be going there myself, so I’m counting on someone else to pick up the mic there.

It’s sad to be shipping this one as it is probably the last GitMinutes episode ever. To go a bit down memory lane, 6 years ago, my daughter was born, and as I used a little of that paternity leave to set up my podcasting infrastructure and produce the first few episodes. Initially it was just going to be 10 episodes and call the experiment finished. Instead, I got to 46 episodes, the last dozen or so lazily tailing the last few Git-Merge conferences.

To every one of my guests, thank you so much again for coming on to share your passion in this little niche of computer science a…

Joining eyeo: A Year in Review

It's been well over a year since I joined eyeo. And 'tis the season for yearly reviews, so...

It's been pretty wild. So many times I thought "this stuff really deserves a bloggin", but then it was too inviting to grab onto the next thing and get that rolling.

Instead of taking a deep dive into some topic already, I want to scan through that year in review and think for myself, what were the big things, the important things, the things I achieved, and the things I learned. And then later on, if I ever get around to it, grab one of these topics and elaborate in a dedicated blog-post. Like a bucket-list of the blog posts that I should have written. Here goes:
How given no other structures, silos will grow by themselves This was my initial shock after joining the company. Only a few years after taking off as a startup, the hedges began growing, seemingly almost by themselves, and against the will of the founders. I've worked in silos, and in companies without the…