Upgrade to Jenkins 2.x, using upstream packages
The current state of the Jenkins Debian package is quite scary: it’s lagging a lot behind Jenkins’ LTS version, and it has quite a bunch of known security bugs (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781223)
The Debian package state will probably not be fixed, given the Jenkins LTS release fast pace. In this situation, we’re quite stuck using outdated Jenkins plugins too, given they often depends on precise Jenkins versions. This doesn’t help our Jenkins plugins upgrade sysadmin task.
jenkins.debian.net is using upstream’s LTS package. We probably should
discuss the situation with them, as they’ll probably stumble upon the
same problem as they want DSA to take care of the sysadmin maintenance
of their instance.
Some discussions are planned at the 2015 Debconf about jenkins.d.n. Could be good to follow what happen on this front.
We could use the upstream APT repo and their Debian package, but it would need some review from our side, to see how the packaging is done and what it really install. Sadly, the Debian package sources don’t seem to be available.