Skip to main content

Sonatype and Hudson/Jenkins: An Analysis

I'm dare say I'm a seasoned Hudson user (admin) and proponent. For over five years I've been introducing different kinds of CI at whichever place I worked at. When Hudson entered my radar, this work became a lot easier. I'm also a heavy Maven user, and Nexus did for Maven repositories what Hudson did for CI.

The Plot
Over recent weeks, the community around Hudson has been shaken by a fork: The main developers (Koshuke and crew) have renamed Hudson to Jenkins, while Oracle have kept on developing Hudson in partnership with Sonatype. Here's a simple illustration of what happened:

These are my pure external speculations about what has happened recently in the forking process, with regards to Sonatype's involvement in particular.

So who is running this show?
I noticed that Sonatype (usually personified by Jason) have gotten their fingers pretty deeply into the Hudson infrastructure already:

Like this tweet noted, it appears they are controlling Hudson's Twitter account. The @hudsonci account tweeted about something Maven-related, and it appeared it it was indeed meant for a Sonatype account.

And here it appears Jason is administering some of the Hudson infrastructure. 

It's no secret that Sonatype and Oracle are tightly partnered on this. But I think the relationship is more like one of a smart trickster sitting on the shoulders of a dumb giant.

Backstabbers and Benson
A lot of people felt betrayed when Sonatype chose to side with Hudson/Oracle in the fork. Heck, even I was disgruntled that my Maven heroes were going with the big evil anti-open source Oracle..

I've been pondering on why they did this unpopular move, and here's my rough guess:

The reason is Benson:
Benson is Sonatype's Maven-focused distribution of Hudson taking into account everything that we've learned about Maven 3.0 during its development and how Maven should operate optimally within a CI environment: there will be no better way to work with Maven and Hudson. Benson is Hudson's brother from another mother. (source)
As with any fork, maintaining it is expensive. I think Sonatype found it hard to keep Benson up to date with Hudson and all its plugins. Or maybe they wanted more changes in direction Nexus/Maven than the Koshuke crew were willing to go with.

See more about Benson in Jason's presentation from JavaZone 2010 (time 39:20).

A Genius Take-over
Had Hudson stayed under Koshuke's rapid development, Sonatype would've had to keep on maintaining Benson, merging in conflicting Hudson changes as they grew ever more distant from the fork.

Now, they can achieve the same with Hudson itself, and in the process they gain a huge brand by sticking to the Hudson name, and they also stay under Oracle's wing (this has its own con's, of course), with infrastructure and paid coding contributors.

So in a way, Hudson is the new Benson.

You can actually see this manifestation taking place right now. I guess you could simplify this to mean that Sonatype are now merging back the development they made in Benson. What the community is wondering, is why they didn't offer to do so before the fork (see the discussion in the comments), but that doesn't really matter anymore. Sonatype came in at exactly the right time, and did what was best for their company and customers. Nothing wrong with that.

My two biggest questions of this are:
  • Will Oracle put up with Sonatype's strategy over time?
  • Will Sonatype put up with Oracle's inherent bureaucratic inertia?
Over time there's nothing stopping Sonatype from forking out Benson again, if it turns out Oracle's wheels are winding too slow. Another possibility is that Oracle takes a liking to Sonatype's infrastructure tools and proposes a buy-up.

This is a Good Thing

I think Sonatype is one of those rare companies that are able to work the open-source ecosystem, making a profit while at the same time donating a huge amount of great tooling back to the community. Some times they have to make unpopular compromises in order to stay profitable, and this is what happened with Hudson/Jenkins.

Nexus is an awesome product. It shares many of Hudson's qualities: It *just works*, it looks nice, it's easy to upgrade and maintain. I hope Hudson will retain these qualities. I'm sure Jenkins will.

What path will you take?
Personally, I think I'll go with Jenkins for now. I'm tempted to go with Sonatype/Hudson because we extensively use Nexus and Maven, and we're not paying Sonatype-customers. At the same time, I have only moderate needs for stability, and from experience I'm very happy with the features vs stability rating of the Koshuke crew.

I think (but might be wrong), that Jenkins will outrace Hudson in terms of features and usability.

I fear, that Hudson will get tangled down with Oracle stuff (register here to download, etc).

I hope both will continue to exist and fulfill two different needs in the market. Best of luck to both of them!

Popular posts from this blog

Encrypting and Decrypting with Spring

I was recently working with protecting some sensitive data in a typical Java application with a database underneath. We convert the data on its way out of the application using Spring Security Crypto Utilities. It "was decided" that we'd be doing AES with a key-length of 256, and this just happens to be the kind of encryption Spring crypto does out of the box. Sweet!

The big aber is that whatever JRE is running the application has to be patched with Oracle's JCE in order to do 256 bits. It's a fascinating story, the short version being that U.S. companies are restricted from exporting various encryption algorithms to certain countries, and some countries are restricted from importing them.

Once I had patched my JRE with the JCE, I found it fascinating how straight forward it was to encrypt and decrypt using the Spring Encryptors. So just for fun at the weekend, I threw together a little desktop app that will encrypt and decrypt stuff for the given password and sa…

Managing dot-files with vcsh and myrepos

Say I want to get my dot-files out on a new computer. Here's what I do:

# install vcsh & myrepos via apt/brew/etc
vcsh clone https://github.com/tfnico/config-mr.git mr
mr update

Done! All dot-files are ready to use and in place. No deploy command, no linking up symlinks to the files. No checking/out in my entire home directory as a Git repository. Yet, all my dot-files are neatly kept in fine-grained repositories, and any changes I make are immediately ready to be committed:

config-atom.git
    -> ~/.atom/*

config-mr.git
    -> ~/.mrconfig
    -> ~/.config/mr/*

config-tmuxinator.git  
    -> ~/.tmuxinator/*

config-vim.git
    -> ~/.vimrc
    -> ~/.vim/*

config-bin.git   
    -> ~/bin/*

config-git.git          
    -> ~/.gitconfig

config-tmux.git  
    -> ~/.tmux.conf    

config-zsh.git
    -> ~/.zshrc

How can this be? The key here is to use vcsh to keep track of your dot-files, and its partner myrepos/mr for operating on many repositories at the same time.

I discovere…

Always use git-svn with --prefix

TLDR: I've recently been forced back into using git-svn, and while I was at it, I noticed that git-svn generally behaves a lot better when it is initialized using the --prefix option.

Frankly, I can't see any reason why you would ever want to use git-svn without --prefix. It even added some major simplifications to my old git-svn mirror setup.

Update: Some of the advantages of this solution will disappear in newer versions of Git.

For example, make a standard-layout svn clone:

$ git svn clone -s https://svn.company.com/repos/project-foo/

You'll get this .git/config:

[svn-remote "svn"]
        url = https://svn.company.com/repos/
        fetch = project-foo/trunk:refs/remotes/trunk
        branches = project-foo/branches/*:refs/remotes/*
        tags = project-foo/tags/*:refs/remotes/tags/*

And the remote branches looks like this (git branch -a):
    remotes/trunk
    remotes/feat-bar

(Compared to regular remote branches, they look very odd because there is no remote name i…

Joining eyeo: A Year in Review

It's been well over a year since I joined eyeo. And 'tis the season for yearly reviews, so...

It's been pretty wild. So many times I thought "this stuff really deserves a bloggin", but then it was too inviting to grab onto the next thing and get that rolling.

Instead of taking a deep dive into some topic already, I want to scan through that year in review and think for myself, what were the big things, the important things, the things I achieved, and the things I learned. And then later on, if I ever get around to it, grab one of these topics and elaborate in a dedicated blog-post. Like a bucket-list of the blog posts that I should have written. Here goes:
How given no other structures, silos will grow by themselves This was my initial shock after joining the company. Only a few years after taking off as a startup, the hedges began growing, seemingly almost by themselves, and against the will of the founders. I've worked in silos, and in companies without the…

Automating Computer Setup with Boxen

I just finished setting up a new laptop at work, and in doing so I revamped my personal computer automation quite a bit. I set up Boxen for installing software, and I improved my handling of dot-files using vcsh, which I'll cover in the next blog-post after this one.

Since it's a Mac, it doesn't come with any reasonable package manager built in. A lot of people get along with a combination of homebrew or MacPorts plus manual installs, but this time I took it a step further and decided to install all the "desktop" tools like VLC and Spotify using GitHub's Boxen:

  include vlc
  include cyberduck
  include pgadmin3
  include spotify
  include jumpcut
  include googledrive
  include virtualbox

If the above excerpt looks like Puppet to you, it's because it is. The nice thing about this is that I can apply the same puppet scripts on my Ubuntu machines as well. Boxen is Mac-specific, Puppet is not.

It was a little weird to get started with Boxen, as you're offered…