Well I think since 2014 or was it 2013? I'm not sure, but I heard all Bukkit staff left and Bukkit was dead. Is this still true? I hope it's still going as I got unfairly banned from spigot so now hopefully I can code again if this is still active!
@SamB440 Depends on what you define as dead. CraftBukkit development stopped at Bukkit, community is still there though.
Oh okay. Do you think it's coming back anytime soon? Also is spigot completely compatible with Bukkit so I can post them here?
We first need skilled developers and a legit way to work with the DMCA and stuff. And it isn't 100% compatible, but you can always build on the Bukkit.jar
Spigot is a fork of bukkit. Essentially its bukkit with some "improvments" to make it "faster". So its compatible and we provide support of it unless it is about a server in offline mode which is not supported.
Bukkit, sadly, has been dead since august 2014. There is nothing to salvage here anymore, after Curse's and Mojang's actions and the DMCA that was sent against Mojang. Your best solution is a whole another new API, and by that i dont mean one that forks Bukkit.
I hope in the future there will be a new one better than spigot and Bukkit.. I really want to get back into developing for the public - if there is a new one let's hope they have better staff than SpigotMC
@SamB440 Sponge is the biggest alternative, which Essentials is migrating to. You can also look at Forge, Canary, Rainbow, Trident and a lot of other legal server softwares.
@mcdorli indeed it does (and is one reason I don't really like it) but I consider security more important though. "Better be safe than sorry" ~Unknown
How is Spigot less secure? I'm not talking about events that happened in the past. I'm talking about right now in its current form.
You would think that if there were any known security bugs right now that they would fix them. Using past history is probably the best that can be used. And what a history it is.
Indeed they are. Spigot is just as secure as bukkit, maybe even a little more since a few of its improvements are "anti-hacks" (ore obfuscation and fly detectors, etc. Not 100% accurate, or close to it, but definitely something). Spigot adds improvements to help lighten the load on the CPU and RAM. Boot times decrease and overall TPS (Ticks per second) stays at a steady 18-20 even when hosted on a low end computer with 15-25 players online. (I can testify as my first servers would lag on Bukkit but not on Spigot). BungeeCord however nearly dissolves security. It forces the server into offline mode, meaning it will not check to make sure the player attempting to connect has a real MC account or if they are a bot. It involves complicated proxies to make those multi-server networks trick the client into "thinking" it is on the same server it joined initially. Overall, it's up to the user and what you like and what works best for you. You could use Bukkit or Spigot, but I would not suggest using BungeeCord as security is one of the highest things of importance. Spigot is nearly completely compatible with Bukkit, so almost all plugins built against Bukkit will work on Spigot (aside from a few outliers and exceptions).
@shades161 spigot is certainly not as secure as Bukkit, bur rather far from it. There are many cases of authentication exploits and enlarging existing issues, as well as crashing servers due to other issues. The most famous issue would be when every single spigot server online crashed at once due to a faulty timestamp check, an issue spigot staff tried to pinpoint on Bukkit at first.
@Necrodoom_V2 I'm talking about present day however. The current, most recent build. (Excluding Beta and Alpha builds). Most of the security issues were patched in previous updates. I am not denying that Spigot did have security issues, but most of them have been fixed and no longer exist.
@shades161 The thing about these kind of security issues is that no one is aware of them until they get reported in public. spigot's procedure has consistently caused these issues and its only a matter of time until more of them show up.
If you're having an issue with someone on the team you can always e-mail md_5 directly or contact me, assuming it's not a silly issue like having a resource declined or something.
I don't know what security issues people are having in mind... how about linking some? The bungee question has been raised. Obviously that's a much different setup and you could run almost any type of server mods behind it. Bungee has its own pros and cons, and also needs a little more competence on server-owner side to setup, e.g. the necessary firewalling. I'd also rate that even more 'experimental' than Spigot, due to the nature of what they're doing, but i am not a rating agency, so.... The next thing is security issues in Minecraft, which then usually are in Bukkit/Spigot too - i can't recall the Spigot project acting inferior to the former Bukkit project in any way, in terms of how they react towards the security issues becoming public. In fact i see Spigot slightly at an advantage with fixing actual issues, because they don't rely on a 'rc-beta-dev' cycle. Now this is where comes in, what you may have had in mind with mentioning 'security'. Actual 'safety' issues can arise, if a server owner can't distinguish well anymore, which build to use. Most will likely just build the latest one, which also seems to be intended by the Spigot project, but which also poses some safety risks, in case they keep building more experimental changes. The change lists are your friend on that account, but it also needs some experience to judge such. Concerning another 'safety' aspect, Spigot contains more deviations from vanilla, e.g. by making entitiy spawning and ticking behavior configurable. As always it gives the server owner control, but also changes how things might feel (to some extent). Now is that 'security' thing a real thing?