Tweaks to spec section

jglick · Aug 20, 2020 · eb15591 · eb15591
1 parent 3f1a3fd
commit eb15591
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/jep/0000/README.adoc b/jep/0000/README.adoc
@@ -59,22 +59,25 @@ This work consists of several aspects, both in Jenkins core and plugins.
 ** All of Spring is also updated to the current release (5.x).
 ** LDAP-specific classes are not readded.
 * All of Jenkins core is switched to use Spring Security as its primary model.
+* `BeanBuilder` and associated classes, used to configure a security realm from a Groovy resource,
+  are deleted, replaced by type-safe Java.
 * Plugin-facing APIs referring to Acegi Security are kept binary compatible wherever feasible.
 ** Many `org.acegisecurity.*` types are reintroduced, but using clean reimplementations.
 ** Most existing Jenkins API methods referring to `org.acegisecurity.*` types are retained,
    but deprecated and bridged to new Spring Security equivalents.
-** `toSpring` and `fromSpring` method are provided to interconvert Acegi Security and Spring Security types where applicable.
+** `toSpring` and `fromSpring` methods are provided to interconvert Acegi Security and Spring Security types where applicable.
 ** Subtyping is not used: the Acegi Security and Spring Security types are incomparable.
 ** `org.springframework.dao.DataAccessException` and similar types are deprecated without replacement.
 ** A few APIs which were already deprecated, such as `CliAuthenticator`, are simply removed.
 ** `Sid` and subtypes are for now simply reimplemented, rather than delegating to the `spring-security-acl` module.
-* Inessential uses of Acegi Security in plugins for which compatibility in Jenkins core would be awkward are removed.
+* Inessential uses of Acegi Security in plugins for which compatibility in Jenkins core would be awkward are replaced.
   (For example, exotic types in functional tests are replaced with simpler and more common APIs.)
 * Certain plugins with sophisticated implementations of `SecurityRealm` are patched.
-** All plugins using `BeanBuilder` to configure a security realm from a Groovy resource are switched to using type-safe Java.
+** All plugins using `BeanBuilder` are switched to using type-safe Java.
 ** The `ldap` plugin has two patched versions:
-   one which bundles Acegi Security (including LDAP types) and does not use `BeanBuilder`, so that it can be run against either old or new cores;
-   and a second derived from the first but which builds against new cores and Spring Security.
+*** One which bundles Acegi Security (including LDAP types) and does not use `BeanBuilder`,
+    so that it can be run against either old or new cores.
+*** A second derived from the first but which builds against new cores and Spring Security.
 
 === Rollout plan
 
@@ -87,16 +90,17 @@ In mostly chronological order, though of course many tasks can be parallelized:
   Classify all matches in a document associated with this JEP.
 * Perform textual searches for certain deleted/missing APIs or problematic code idioms in the `@jenkinsci` organization, classifying all matches.
 * Prepare cleanup patches to plugins that would be acceptable even without this migration, and get them merged and released.
-** `ldap` needs extensive work. `active-directory` may as well.
 * Prepare patches to plugins defining security realms, or any others which may require significant changes to be compatible.
+** `ldap` needs extensive work. `active-directory` may as well.
 * Run acceptance tests (ATH) and plugin compatibility tests (PCT) against core plus a representative subset of plugins.
 * Interactively verify that core plus all plugins mentioned in the setup wizard (even if not `suggested`) seem to work.
+* Solicit code reviews on all open associated pull requests to core and plugins.
 * Create a compatibility chart associated with this JEP listing all known plugins that might be affected by this change, with their current status.
 * Define a Jira label for regressions suspected to be related to this migration,
   for ease of tracking from the compatibility chart and the JEP.
-* Solicit code reviews on all open associated pull requests to core and plugins.
 * Warn users of the upcoming changes, for example on the users’ mailing list, via blog post, social media, etc.
 * Release the version of `ldap` bundling Acegi Security.
+  (This may be done well in advance of the core release, so that most users will have already upgraded.)
 * Release versions of other security realm plugins without `BeanBuilder`, such as `active-directory`.
 * Release core, including a warning in the release notes about the risk.
 * Release the version of `ldap` based on the new core release and using Spring Security.