 Welcome, everyone. This is Jenkins governance meeting. It's the 11th of July, 2022. Thanks for being here. So agenda items that I have on the list. Oh, thank you, Daniel. I've got any news, action items, a trademark request that Daniel's asked some clarifying questions on the developer list and it will help me learn more about how to do that correctly. So guidance on responding to request to the board. This is one where I wanted to get guidance from Oleg on. I'm relatively inexperienced on the board and I need some coaching on which things should I answer and how, and then we had a request related to the embeddable build status plugin, and the fact that it bundles a proprietary component. Another question, a question raised by Gavin separately to me was, could we consider moving this meeting one hour earlier on the same day, it would be a little better for him. Any other final forums and community topics, any other topics that others need to add to the agenda. Not from me. Great. Okay. All right, so in terms of, I guess news items. LTS to 346.2 releases next week. No, no, is it this week, wait a sec. Now I've got a double check. It's always the week of the meeting. Yes, it's releases this week so it releases on Wednesday, which means I've got to get that change log approved and merged. Okay, so change log is ready. It's a relatively straightforward release the one change that got an upgrade guide note is install plugins .sh has been removed. This is an old script that was deprecated 18 months ago in the Docker containers replaced by the plugin installation manager tool a Java program that actually does a really good job of resolving dependencies, warning about security, etc. So, so just be aware that changes coming. Brace for impact. That's right. Exactly. Any other news from others. Okay, then action items. I can use. So for whoever uses Jinx, fellow runner, I'm dropping good support in the next release. So we discussed it as a part of the Google summer of code project also communicated it to potential users. Mark, please correct me if I'm wrong, but to my, to the best of my knowledge club is doesn't want to depend on Jinx fellow runner. That's correct as far as I know so like did I get it correct that you're dropping Java eight support. Good. Okay, super that aligns with, with weekly has dropped Java eight support already. Just for the last week. I mean, Jinx fellow runner is still in beta. So I can use Liberty for taking weekly releases. Great. Thank you. Yeah. Thanks to everyone who was working on Java 17 support. I'm not ready to introduce Java 17 support because reflection. But I'm getting there. No, it's not looking very good. Sorry, Java 17 support Jenkins core is looking very good. Jenkins fellow runner well it's small stuff all built about reflection. So probably migrating to Java 17 would require some purchase in the Jenkins core also in JD. So I'm not sure what it gets shipped. Great. Well, thank you for the note and thanks for moving it from from Java eight to Java 11. We like that. I like that story a bunch I think it's a good story for everyone to know that the project is moving off of eight and Java 17 was defaulting ranks fellow runner for quite a while. Yeah, there are obvious complications there, but well hopefully Jinx fellow runner isn't designed for some plugins like made them a plugin so let's say the scope of the changes because in a question Jenkins. Great. Excellent. Any other news items. Okay next topic then action items and here I have the sad statement is saying that I have all the action items and I've made progress on none of them. I will try to make some progress in the future on at least one or two of these. Gavin in particular, we very much want to move the docs mailing list and the platform sick mailing list to community Jenkins.io. I just haven't started on it yet. So let's look into importing. Essentially, essentially they said if we want to import exporting from Google groups is really really easy. It's just Google takeout and you're done importing it since we don't have access to the actual physical install. You can't run in the import scripts. So essentially what we'd have to do is we only mode the forms. Download the that they can give us a dump of the database, we import it we import the re mark the mailbox file, and then give it back to them, and then I'm read only the forms. It's not to me worth it. The other option is to try to write a script uses the API. I don't know how much time or effort is worth putting into this so it's not as easy to the thought it was. Yeah, and for me, I think, leaving the switching Google groups to read only and leaving that be the place people read it seems safe. I have reasonable hope that they won't kill Google groups and take it away that they just it just isn't evolving nearly as rapidly user interface wise is community Jenkins that IO does. You have big faith in Google. Okay. Yes, quote, that there's a quote of a quote, you're right. There is not that many threads, we would like to move. I mean, if we even if you wanted to move. It doesn't make sense to move all the threads maybe some of important ones. And particularly on the docs mailing list that docs and platform of both relatively low volume user user lists and dev lists those are high volume higher volume lists, but those two platform and docs pretty simple pretty small I'm not worried terribly great. I would have Internet archives. I mean, there's so many services that dump these many increased and representing the searches. I don't particularly care to be honest. Great. Yep. Excellent. Anything else on action items. So one about Linux Foundation transfers. Did you get any progress there. Transfers ownership or payment for the for the top of the action items list. Oh, oh, got it. So no, I did not. Alyssa has started a discussion with them but I haven't I haven't done my part of it. So, for information my understanding that there was a change in the Linux Foundation stuffing. Oh, okay waiting for FATI from the CDF to return the visa the name of our new contact. Because we've had the same problems in the CNCF and in the CDF. So we are creating some other crowdfunding entities at the moment. Once I get information I will forward it to the governing. Great. Thank you. But yes, I believe that our money is still there. And as usually reminder, that is open question how we spend this money. Right and that's that's I think still a fair money is still there. I mean we've also got funds also at other locations like what is it the SPI. Yeah for SPI. So, if you want to have more people on the action items list you can at me for SPI. Okay. All right great. Actually depends on the same person. The same person is expected to issue invoice to the SPI which will be used for the transfer. Okay, great. Yeah, I had seen SPI based discussions where it was a possible that Kosuke may ask for reimbursement for some of his Jenkins related expenses that SPI could just fun to him and I'm, I'm open to all sorts of things like that. So for me the question is what we could move from KK to the CDF, because now what's going on. We are restarting the continuous delivery foundation. So I'm not sure how much is visible from the Jenkins project right now, but with the new executive director is the new leader of the outreach committee. Well, I'm a manager, hopefully coming soon. There are some activities going on. And what they are also elections for the treasurer role. So, formally in the CDF charter, they should be person responsible for all money stuff. But there has never been so they're trying to elect someone. No idea. Definitely it's not going to be me. Yeah. And I'm also advocating to have some one to the project infrastructure chapter chapter. So currently there is no project infrastructure community chair or whatever in the CDF, but I think it's something we need to introduce there. All right. Sorry for sick way into another topic. Well, and do we need to put a separate topic in terms of CDF transition or is that something you want to wait till thought he gets back on from vacation. You can add it is a good topic something like this from the CDF. Okay, great. Because we have been communicating Jenkins updates to the CDF. But I guess I could do better job communicating it in the opposite direction to. Topic added. Yep. So by the way, the term of project representatives was extended until 2023. So I will be on the to see for another year. I cannot say the same for the governing board, because my governing board seat is related to the to see chair status. And I'm not sure I will participate in elections in August. Okay. And I guess none of the so they will you contribute the representative selected. But I guess we don't have contributed presented from Jenkins on the board. Yeah, the ones that I have nominated, we're not elected so yeah, as far as I know we don't have a Jenkins representative right now on in that area. Well, to some extent it's mean but it's just provisionally and well, well, I'm my TBC chair. And it's not like I don't want, I don't want to continue it right now. Anything else on action items. So we need to have an action and forgetting full access to zoom account again, because right now, only existing computers can access it, because we get the emails, the two factor email sent to email we don't have access to. So and I thought that I was getting that email when I, but I think, I think you've got a good point let's put it here as you want me to take this one on Gavin do you want to take it what do you what would you recommend. I don't know just we just need to do it. I think we'll do it off of zoom. Honestly, that would be my preference I don't like sharing account. So, for that, we can create multiple charters on the CD of baby. Oh, one problem with it. So, I got an update from Michelle that they will be soon moving to the enterprise account. So the current limitations won't apply. And it means so that on baby will be able to do almost everything including streaming to YouTube. So, yeah, Michelle said he is September. But how do you want. I thought we weren't moving the baby I thought that was canceled. No, no, it's for webinars, definitely we cannot move to baby, because you cannot easily host webinars on baby. I tried to and I failed to use the CD of baby. Sorry, I'm, I'm having trouble with your audio. You're saying we can't move to bevy or we are moving to bevy. So, we can cannot move to bevy for webinars. Okay, moment, because we like features. But for example, for special interest group meetings. Okay, you can put the host them on baby at the moment. And if needed, we can create multiple chapters for Jenkins so that chapters do not overlap with each other. Okay, so, okay. So, chapters in this case could be things like a special interest group. Well, chapters are basically meet up groups. Yes. So you can have, well, similar to the continue. Well, similar to see if each chapter there, each working group, etc. has their own chapter on baby. And this is what we can do for Jenkins as well. We have already checked it with Roxanne and Michelle, so they are fine with that. Because we just have one experimental chapter at the moment. And later we can introduce multiple ones. So I'll add a correct link to baby. But yes, if someone wants to try it for particular chapter, we can get it configured. We talked to FAT that we would create, we would grant access to some people not employed by the Linux Foundation. It's working progress, but the FAT is very open about that. Unfortunately, the Linux Foundation is not very open. So let's see where it goes. But yeah, the ultimate direction declared by FAT that we make all these resources as open as possible. Great. Okay, so, so, so we would be, we, oh, like just to be sure I can restate what you were saying. Sometime later this year or early next year, we'll be able to, instead of doing this meeting in Zoom, we'll be able to do it in Betty. Because it's like a SIG meeting, those, but we may never. Meeting if you want. So right now for these small project meetings, nothing blocks us from moving to Betty. There are some legitimate concerns about user experience. So for example, you have to repeat to every meeting to join. But otherwise, it's operational issues. Okay, all right. So, so is this something I should connect with because there are some meetings where I could do some test drives that are pretty low risk. The doc SIG where there are only three or four of us who attend. Do I contact Michelle for to get that started or just join the risk community groups channel on the CDF Slack. Okay. You can ask that. All right, thank you. So yeah, I'm waiting for permissions on for myself. Okay, but yeah, fatigued permissions already. So he can help us. Yeah, right now it's summer vacation period so everything is a bit slow in Europe. Right. All right. Anything else on action items. I was thinking about how we can spend money. I mean, I talked to Mark about it and I still want to write up a proposal, but I do think we should hire a tech writer to come in and clean up and move. Remove some of the blue ocean references that's littered all over the place as it's starting to become a very bad experience for end users. But I want to write it all right up a proposal some point for that. So outreach. We've, we've had good results without reaching in the one project we ran and, and so as a possible target. And I've got a contact there if you'd like it on a total on the toy. She and I are co speakers at DevOps world actually. Great. Thanks Gavin. I've actually, I've started that with Kevin Martens. So Kevin Martens is a writer who's, who's helping and is employed by cloudbies and he and I are planning that I'm not sure that we'll move as fast as what Gavin would like to do. But yeah, Kevin and I are talking about it. All the time we ripped out some of the content, including the quick start guide. But I agree was given that the portion is still all over the place. And I'm not sure whether you want to keep it by default in recommendations anywhere right now. Yeah, and that, that for me is a conversation we should host in the, in, in other channels I'm not sure governance is the place because I have, I have a pretty strong personal opinion I like it a lot for the pipeline visualization I know Gavin has the other, other feeling he would just not be there for anything. And I understand that. No public visualization is great there. The problem is whether you want to bring in the entire ocean, taking performance concerns, taking potential security concerns, taking data code base and make a bet on it. Yeah, that's why I want to write up a post about it before I make any movements. Yeah, I think it's, it's great that we have the have the discussion and Gavin I think it has has really good reasons really good rationales for his ideas. Let's, let's leave the action I'm there Gavin you're okay with how I phrased it there. Yeah, speaking of that, how is teams plugin doing. I mean, pipeline viewer plugin which was supposed to replace blows him. He's lost track of it. Yeah, so I talked to Tim at the contributor summit in June. He's not doing any further advancing of it he's not blocking anyone else from doing it, but right now he's focused on other things. To the understandable. Yeah. Anything else on action items. All right, next topic was a trademark usage request. I'm just going to open up the message from the to the governance board so that everybody can see the, the text this was what was the question was raised by Nakazato Takayoshi of luminous and in the English text it says, hey they're they're speaking at a conference a Microsoft sponsored session of a conference that like to use the Jenkins logo in the presentation materials now as far as I see from their usage in the materials it's it's not actually something that should require a branding, or a trademark usage authorization, because they're they're not doing anything that would confuse the Jenkins brand. I wanted to double check is, is my interpretation correct or is there something more I need to be. We need to be considering there on this request. First of all the interpretation is completely correct for this request, there should be no approval. And secondly, the Jenkins community doesn't longer make approvals for the trademark usage. We transfer to the trademark. I believe for the guidelines have been updated so that people should comply with Linux Foundation trademark usage guidelines. So I actually wonder from where this request actually came. Yeah, and I suspect it's just that they probably did not bother to read the they probably did not read the material here. Right. So, the phrase here if you're still in doubt contact the board, but in this case, they don't match any of the other conditions right in this they are not. They're not using the mark in a way as part of their own trademark or brand identifier they're just not. There is a section there on trademark attribution, if you scroll down a bit. And that's only the part I would say to them is, you could throw in a Jenkins is registered trademark. I don't personally care, but they could do that. Ah, good point. All right, and that that is a valid point that that because they're, they're placing the trademark there, noting that it should be attributed correctly is a good thing. Does anyone attribute correctly things in other presentations. No, not really not that I've seen. I certainly don't sometimes in the notes, but not usually on the slides themselves. Yeah. So I think that, well, for this particular case. Yeah, let's go ahead and bother. Maybe it's something we need to think about how to work it better. Right. Okay, good. So, can reply to the requester. Can the trademark reply to request that no approval is needed. Encouraged to use to use current use attribution for the guidelines. I'm going to use this. Okay, thank you. Okay so anything else on the trademark usage guidelines topic. And then was I need some guidance on responding to general requests to the board. So the Google group is intentionally not public and that's that's intentional because if there are conflicts or things that need to be handled privately by the board, it should be private. So that's expected. However, I wasn't sure if I reply to the group. Does it go back to the submitter or no it's just to those who are already subscribers to the group. It only replies to the ones that you specify so by default, I believe the reply to is the submitter. But it, if you apply to just a group it won't go to the user submitted it. Ah, okay. And that's the same with every other mailing list. The difference. The only thing that depends on the configuration of the specific mailing list is what happens when you press reply. Some lists. Would you have replied to the original sender, while other lists will have your reply to the list. And this is just a default but you're what you're sending us up to you. Yeah. I think in this case, the reply is to the group. Okay, and just check your two address all the time. In general rule anyways right. Yes, so one thing to be careful is about web interface because a few days from the web interface responding to the sender is not really. Okay, you just said something very important because I usually reply through the web interface. And so what I should typically is rather reply through my email client. Okay, thank you. You see the email of the sender. So when you click reply you can just add it to this email to the CC list. And, but if you respond in the web client, it's somehow possible, but yeah, I felt multiple times. Okay, good. And there is one additional complication there, and that is people who configured their domain to have SPF. Because the problem is if someone sends an email to the mailing list, the mailing list resends the same email to all of the mailing list members. And with a domain doing email validation. That would fail because obviously Google is not whatever your web mail provider is, if you send an email to a list. And so Google groups will rewrite the sender to say name via Jenkins board, and the sender email address will actually be the board email address. And you need to look into the at the original email headers to find out who actually sent the email. So that might be an additional complication. So it, I need to be aware of that and it sounds like if I use my email client, I'm most likely to be okay, I just have to then be attentive to who's actually on the address line. Yeah, if you reply all you're good. All right, thank you. Okay, so you're not, that's that's the whole point. Because if someone Google will not forward the email from someone who has configured SPF on their domain. Okay, so if a sender that hasn't been my experience using the Gmail client if you use reply all you get the actual domain not there, not there. Okay, if if you're if you're using Gmail for your own email. Okay, I don't know how that works. I don't for a bunch of stuff that I'm a member of in Google groups and it's a mess. I see. Okay. All right, thank you. Okay, so. Thanks Daniel. The next topic was how to handle requests like the net app compliance survey. And I think there the answer was reply. Oh, like you had said you would, you'd send a reply to them. I made the mistake when they sent the second request I sent another reply but I didn't make it visible to the board at all. And so is it best to reply in a way that board members can see. I think so and I believe I also didn't see see the board. No. Okay, so my response was also not that kind and not officially affiliated with the board. Got it. Well it was better than some tweets but still. Okay. But if I had known that they were also harassing the board I would have mentioned that. Well, and that's I think that's the point right good good point Daniel is that more communication is a good thing. Yeah, excellent. Thank you very much. Okay, so then. Now Daniel noted that hey trademark usage requests in general don't go to the board and I think the answer that Oleg gave earlier is, we shouldn't be processing trademark usage requests at all because we've, we've switched the model to use the Linux foundations for trademark approval guidelines. And so, and that has been updated shouldn't so we should not have not should not need to process those kind of requests. I mean, there is still in the case of doubt contact Jenkins board. Right. Which is legitimate case I guess, though, I don't I'm not exactly sure it has to be private. But the otherwise should be little to no request of such kind. Great. Okay. All right. And I think the answer to my next question how to handle code of conduct violation reports is those are handled privately on the mailing list, because it's only visible to board members the board members can discuss it privately there to decide what action should be taken or not taken. If someone says hey, there's this code of conduct violation that's occurred. There is one exception. Okay, this collision to the board members happens about another board member. Right. But otherwise, yes. Right that makes sense happens regarding another board member. Then it's, then it'll use private channels. Okay, great. Anything else on guiding on responding to guidance on responding to request to the board. Okay, next topic, the embeddable build status plugin. Daniel had reported this actually detected that they're using a proprietary font. And there's been a solution proposed. Here in this issue report. And I think I can open that. Yeah, so, so it looks like it's a relatively straightforward thing. If we want to retain embeddable build status as far as I understand it, the maintainer is not active on this plugin. So if someone else wants to maintain it, they could take this step. If we don't get a maintainer. I guess then the choices are, is it easier to adopt it, or easier to to delist it. I think it's suspended. It's a violation of our guidelines, non open source binary code. I mean, if it's not fixed, it has to be suspended. Yes. Okay, so the choice, the two choices are either corrected corrected and a new version released. I imagine once it's suspended someone will step up to maintain it but I think, you know, to follow the guide we should be suspending it because it is not complying with license agreements or licensing terms or whatever you want to call it. Right. Well, but the impact on the community is quite high. So I would advocate for a fix. I mean, the fix shouldn't be big. So you can make a system just to find a maintainer. So, yeah, sometimes I vote for let it burn approach. But I'm not sure embeddable build status is the right thing, taking the wide adoption and taking the fact, many public facing instances depending on this plugin for pages, etc. I mean, it doesn't remove it from their installs. It just puts the thing that says it's been suspended, just like with the SS a publish over SSH stuff and I think if it's not maintained, we should be suspended. Okay, but can you download it by plug in installation manager. Not from the plugin installation UI but you can download it. Well, I'm in plugin installation manager. So let's say docket images. I just went to the plugin and what happens with whatever infrastructure is called users of Jenkins that depend on this plugin. I think once it's suspended, it's no longer available through that at least I believe that was the case. Daniel, do you recall for sure. If, if we suspend a plugin I thought it was no longer accessible through update center. But it's gone from update center, but we generally do not delete the artifacts and artifacts so if there's some nonsensical feature to pass a URL that might be a workaround for that obviously not something we want to see happen. Personally, I would prefer if someone would step up and fix it, because the plugin is installed on ZI Jenkins IO. And while there are plans to migrate away from it. I mean I spent the time to fix three vulnerabilities in this plugin because of it a few weeks ago, so I would rather this not be a way have been a waste of time. And I think I think I'm interested actually in adopting another one so this is not one that scares me too badly. I think let's look for the. I believe the position is correct that Gavin's noted, we should either correct the issue or suspend it. And let's look what if we give ourselves two weeks. And if we can get a maintainer in the next two weeks. Great, let's get that maintainer online then we'll discuss it again next meeting. I'm on the firm believer that unless something is fixed, it's not fixed. So I'm okay delaying it two weeks but I think we should send out a mail list item right now and say it will be suspended in two weeks and if someone wants to step up and maintain it that's fine, but it will be suspended in two weeks. Objections from others. Good compromise. Okay, so, so is this a let's see the suspend process really is a license thing so it's not a security thing so it doesn't come from the security team. So is it something should come in my voice or somebody else on the board. Okay, I can write something but it'll be Thursdays. God for Friday before I can get to it. Yeah, no and I'm happy to do the writing. I was just trying to figure out which which group is the best voice is it. This seems like it's a board level thing not a security thing. Thanks the board. Okay, good. So I will, I will send that note and we'll we'll go from there. Okay anything else on embeddable build status. Okay next topic updates from CDF. Well, yes, so I talked about the elections. So we have fully established governing board with a lot of people stepping up and also the entire foundation seems to be on the recovery path. It was in just half a year ago. There is still a lot of things to be done, but it evolves in the right direction. So, one of important topics is that period has applied for the CDF membership. So it's distributed back. So I delivered a manager is red hat canonical and if you're pretty proud. I guess you spoke that right, and I pronounced Troy. Yeah, so it's been centralized vacation network. So there will be presentation soon, but it looks like this project is getting closer quite support. There are also some discussions about other projects to join the CDF. So stay tuned, but some things are changing the positive direction. Another thing which is important for the Jenkins community is CD events. So CD events is marching towards version of one that zero, sorry, 0.1 release sometime in autumn. And also we just dedicated the to see budget to support some initiatives in the project and actually also writing documentation, or maybe doing some developer tools for CD events. There are two projects considered right now. Basically, we had a short presentation at a CD con this together with Shruti. But actually what we need to stop the CD events. There was a number of contributors reaching out in the minimum case. So I will try to help this topic to happen. But yeah, the main question is whether somebody is interested to consume CD events, because now we have Adam and his captain. This demo works really well. But yeah, the question is, any other Jenkins adopters would like to adopt CD events to the moment. For example, clouds. Jeremy McMahon of fidelity expressed interest in in the CD event spec and certainly wants to be involved. I think his initial discussion was adopting the initial events plug in work that Shruti had done as part of Google Summer of Code and then considering replace or extend it to you to support the CD event specification. It would be nice, maybe just the place and everything by support of CD event specification. Because to be honest, I don't think it makes much sense to maintain the current format right now. Because it was experimental anyway. But yeah, so I had the initial introductory discussion but yeah, it's to be done. Okay, so what else going on in the CDF. So there is a new chair of the three committee. So it's a lot of rules again from JFrog. So JFrog is basically doing a serious investment uptick in the continuous delivery foundation efforts. Well, it's great. So basically, there is a lot of things going on including the ambassador program updates. I hope every ambassador of the new cohort received the swag. And there will be some more activities happening around it including Kaverya. And another important topic already brought up is project infrastructure. Whatever committee in the CDF, because right now there is no entity that would handle project infrastructure. And what I might be kidding for is having a kind of group that will be led by Linux Foundation employed program manager to actually gets public cloud access sorted. Because it blocks at least four projects in the CDF. I mean they explicitly asked for some public cloud transfers, etc. including Jenkins. So, yeah, I think it's important topic. Once it starts, I guess for them and forever, it would be interesting to participate there. Right now, no idea. Any questions for all that gun CDF updates. Okay, last topic then was meeting time one hour earlier. Gavin noted that it would be a little easier for him if we, we had two slots this slot that we're in right now and the one previous where the one previous was a could do it for one other person I forget who. So, Evelina Oleg in particular. I actually specifically wasn't going to bring this up yet. Oh, sorry, Gavin. I was, I only asked if you knew offhand from your results if it was a feasible option. The thing is, I'm, I'm either going to just miss the next one or I'll, I'll do the next one. I'm starting a new team on the first and I was going to wait to after the first before I made any suggestions on trying to change the time yet again and especially because we've just changed it like six times in the last month. So I'm in the thing of just leaving it for it for this for the next meeting and probably the one after that. Okay. But yeah, this is not ideal time for me earlier later is better for me was a little work. Yeah, I can do earlier I can do later, most of them on days but yeah. Okay. Great. Thank you. Sorry, excuse my bringing it up prematurely there Gavin thanks for your patience. Next topic then forum and community topics Gavin. I don't know who added that one. So this is from Basel. I don't know if he wants to talk about it at all. And I don't have links but the other ones I'm thinking about are there's a call out for DevOps world, I think talks from Alyssa. I don't have the link open right now. As I said earlier, I want to write out there are a number of issues with blue ocean especially with the last update, something with I think Jack's be made some of the doctor images break. It was mostly because it wasn't up the doctor image wasn't updated in the plugin, but it is something that we saw a number of people saying me to me to. Okay. So this is the nature of the doctor images using ref and not actually forcing baked in plugins overwrite what was that what was already there. But that's yeah so there's a couple of threads with that. There's a mailing list in the dev mailing list about GitHub versus jury again. It's not going to end in town soon but it is a topic that's well discussed. And I'm working on prototyping a vendors, a new vendors page for premium support. We might want to have an official policy about. No, maybe there was a discussion about having like libraries from external. You know Daniel and I have had troubles where plugins have incorporated dependencies from GitHub, which are non accessible anonymously you have to sign in and use a GitHub token. So we might want to have an official policy about that sometime like, don't do dependencies from GitHub. What are they called GitHub revos GitHub libraries. They don't packages get a package content. Yeah, I mean related to containers but actually the packages one. Okay, so in this this I'm not sure I understand that one can you help me so that is that if I declare a dependency on a package that's delivered by the GitHub package manager facilities. I'm not going to authenticate in order to get it. Yeah, so the JFrog and Maven central and Artifactory all like the Jenkins central or whatever Jenkins Artifactory, none of those required logins so you anyone can fetch them. But anyone's using GitHub package repose any of the package repose you have to be logged in to be able to download things. And it's basically what JFrog threatened us with because of our bandwidth and storage use, which we've been able to work around so far by by by deleting stuff and the worst offenders in terms of creating unnecessary traffic. So it's just GitHub basically launched with that. And it means CI builds, for example, would need to authenticate with GitHub. I don't know if he didn't discuss it now but there was a thread about it I think we just kind of said don't do it and they're like cool, and they replied to it. Okay. But it is something that should probably have a formal statement. Definition something like that. Thanks. So is that one that we would take up and discuss further in the mailing list to frame a draft of the formal formal policy. I mean Daniel knows more but I think it's happened twice in the last two years so I don't really. Ah, so not not higher agency. Yeah. All right, great. Any other forums or community topics Gavin. Nothing on my end. All right, nothing from me any others who need to put items on the agenda for discussion here. Almost out of time anyway. Thanks for your thanks for your contribution everyone recording will be posted I hope within the next 24 hours. Thanks again.