Forum Discussion
Thanks for sharing your opinion! I cannot change anything in this situation :(
However, I've passed this information to the SoapUI Product Owner so that he would be aware about this.
Hi Tanya,
i would very apreciate and welcome to read a post by MFagerlind, OLensmar or LBrandon about this topic and the roadmap of SoapUI OS.
Regards,
Holger
- MFagerlind9 years agoStaff
Hi Holger,
Sorry for our late response. There will be an official announcement from the Product owner on our strategy for plugins, which I hope will come later for day.
As you know, we have a process for reviewing plugins. In Ready! API, what we do with the plugins after they have been approved is to add them to our repository. In SoapUI OS, where we don't have a repository or a GUI for installing plugins, what we do is to allow only signed plugins to work.
We've always reviewed community code contributions to the SoapUI project (Pull requests) and want to do something similar for plugins. One of the reasons is that we don't want people to accidentally load Ready! API plugins, which may fail in subtle ways.
In other words we will sign your plugin and other plugins like it. It's a great contribution, and we're grateful that you want to make it available to all SoapUI users.
I'll contact you privately to get the JAR file signed.
Regards,
Manne
- hschott9 years agoOccasional Contributor
Hi Manne,
well, i understand the intention to sign plug-ins. But the solution is not very well crafted.
At first there must be a way for developers to test their code. I see three ways to solve this:
1. without signing
2. by signing with a self-signed certificate like Android development does it (opt-in by the user thru UI dialog)
3. by signing with a developer certificate signed by Smartbear like Apple development does it
At second there should be a documented and working process how to get a plug-in reviewed and signed for production.
Both points require a medum to large infrastructure and management effort backed by tools and staff.
Are you aware of this?
Regards,
Holger
- MFagerlind9 years agoStaff
I agree it's very ad-hoc at the moment and that we have to improve.
Your suggestions seem very sensible to me, but we have to discuss them before I can tell you how we will evolve this.
Please bear with us!
/Manne
- hschott9 years agoOccasional Contributor
Hi Manne,
i'm still looking forward to hear an "official announcement from the Product owner on our strategy for plugins". Any news about that?
Regards,
Holger
- MattiH9 years agoStaff
Regarding signing of plugins in SoapUI.
1) We welcome community written plugins for the new framework of SoapUI!
2) In SoapUI 5.2.1 and later we require plugins to be signed to run in the new plugin framework. The reason is to minimize the risk of loading plugins that don’t work as expected.
For example: Plugins written for the similar plugin framework in Ready!API might use the framework in ways not supported in SoapUI.
3) We will review plugins in a similar way as any code contribution to SoapUI, and after successful review the plugin will be enabled to run in the new framework.
4) We are aware that developers need a smooth review process that doesn't slow down iterative development of plugins, so we will work together with contributors to find a good process.Kind regards,
Matti Hjelm, PO SoapUI