Update Jsch dependency #28
Conversation
|
(sorry for the multiple accounts, but I have one personal and one for work) I managed to test this and it seems to work. I had to disable signing and then published a version to mavenLocal. It can now clone my Git repository with the usual SSH settings that I have. |
|
Actually, there's one more change that needs to be done because JGit does something that will end up with a NPE, as seen here: mwiede/jsch#43 (comment) I'll push a commit with the change later today. |
|
Any news ? Should I better fork it ? |
|
I'm having hard times following if this PR fixes the pb or not :) |
|
From my limited (only on our repo) amount of tests, it did indeed fix the issue. |
|
Hey! Is there any way we can move forward with this? Something I should do? |
|
Yes, the only thing which is blocking me now is that I didn't have time to check that the fork of jsch which is used is legit (not some cryptomining stuff for ex). Would be nice to have some kind of evidence. |
|
Totally fair. Since I'm also I third party here, I believe that is something you would only trust yourself to do. But if there's anything I can help with, please let me know. Thank you! |
Hi 👋, I'm the author of the Gradle PR that swaps out the abandoned jsch lib with the maintained mweide jsch. The discussion about legitimacy of the fork can be side stepped, because jsch isn't needed in newer versions of jgit (v6+), so if you updated jgit from v5 then this would improve support for newer ssh key types (which was the point of the upgrade). There's more info in the Gradle PR: |
|
ahhh, sounds interesting, thanks for the hint! |
To fix #27.
I'm not really sure how to test this (or even how to build the plugin), so I would need some help on that. But the changes seemed straightforward to do them blind.
Let me know what do I need to do. Thanks!