I'm trying to debug a problem with application links between Jira 5.0.7, Fisheye 2.6.0 and Confluence 3.5.6. When I dug into the config.xml file on the fisheye server I found that there were multiple entries for each application I'd created a link for. For example, I'd created a link to the Jira server at 10.74.47.118 and the Confluence server at 172.17.77.174. During the debugging process I updated each link several times and a few times I deleted the link altogether and started over.

When I examined the config.xml file I found 17 trustedApplication entries for the jira application and 3 for the confluence application all with the same name, id and publicKey. I backed up the config.xml, made a change to the Application Link for the confluence server and compared the new config.xml file to the backup. Lo and behold, there was a 4th trustedApplication entry for the confluence server.

It's worth noting that there's nothing in the config.xml file to indicate if a given trustedApplication entry is for incoming or outgoing authentication. I figured that each trustedApplication entry would either have a section for incoming and outgoing or there would be exactly two entries for a given trustedApplication, each one being either incoming or outgoing.

Is there a compelling reason for this behavior? Or have I found a bug in Fisheye? More importantly, is it safe to delete any of the trustedApplication entries in the config.xml file?