 uh to publish it because yeah the previous one was missing. There are several missing. I've been holding off on publishing for to be sure that there wasn't something sensitive so I will publish absolutely. Recording will be published. Okay so are you alive? Okay so hi everyone. Welcome to the Virginia's governance meeting. Today is 24th of February and we have just a few topics in the agenda. So most likely it will be a really short meeting. So use now we have Jenkins contributor summit. Mark, hope you would like to summarize it. Yeah so so we started yesterday with the two-hour session 90 minutes of status presentation as noted there by various officers and SIG leaders. Then we've been running tracks all day today and the tracks will continue tomorrow. They are commonly a one or two hour session where interested people gather together under the guidance of a track leader and discuss and brainstorm and try to prepare an idea for what next step should be for the Jenkins project. We'll then present those tomorrow in a two-hour zoom session just like the session was on Tuesday. So we won't do it as a webinar because we want the facility of doing lots of interaction with the people that are participating. We will record it and the recording will then be published. Recording for the first session, the opening session, has already been published. Okay thank you. So if you're interested to just join the session, the sessions tomorrow and if you want to find them, the 27th calendar and the session is there. Are we planning to do retrospective on this? Absolutely. I was very nervous and didn't schedule the retrospective immediately after the summit. I'll likely do an online retrospective next week encouraging people to share their insights and what we could do better next time. Because that's the first time that we do it this way. Yeah and there were a number of things that we we will do better if we do this format again. It was yeah several things to learn. So next year all matrix all the time? Oh wait a sec. The guy who didn't want to do the the contribution channels thing. I like that. That's good. Yes all matrix all the time. I had no issue with doing it. We just never got it around to organizing it. Fair enough. The problem was the participants number because we didn't promote the event too much and there are basically many sessions. Right. That's part of the big challenge here. We had 50 or 60 register but only 25 attended the first session. So 50 drop off or better and that means we need to much more actively promote. That's still more than we had attend. I think the the contributor summit face to face in Belgium in 20 in early 2020 but this was online. We should have been able to get many more people. Okay so let's hold that with perspective. So any other news? Oh we released a Jenkins security advisory today and a and Jenkins 2.281 was delivered yesterday and the security advisor was only on plugins. This right and the release candidate 2.277.1 yeah. Yeah this is important because we have a number of breaking changes coming from the LCS. Well at least one change is known to be breaking at the moment. So definitely more feedback would be appreciated. Yes. Yeah the the change log pull request has been submitted. The upgrade grade pull request has not yet. So for trademark updates the key ability that finally the Jenkins trademark has been transferred to the continuous delivery foundation and particularly to LF charities limited. So basically it's organization holder for other Linux foundation trademark. It was planned when we voted for transition to continuous delivery foundation in 2018 but it took a while. Initially there was a government shutdown in the United States and then it was expected to take a few moments but yeah a few years later we finally have it. So what it means for us is that if you go to the Jenkins trademark on just you can see that the Linux foundation is officially listed as the owner of nine now. And it means that we need to update our documentation and so that we reflect that and also the discussions about the trademark usage policy which we had. Now it's fully effective so I dropped some content from here because now I just refer the organization pages. I just have a question regarding the trademark. Why is it the Linux foundation charity? Is it like the only sub-organization that is a non-profit and the Linux foundation is a for-profit organization? I mean why I'm just wondering why it's charities instead of just the Linux foundation? I'm not sure but there is even an organization called the Linux foundation registered one. Yes there is. I have the document for the one. I'm pretty sure I have the document for the Linux foundation for that too. I'm just wondering yeah. Okay well let's try to check for example Kubernetes and it's owned by the Linux foundation. It's just yeah it's an interesting question. I can ask Tracy about that. Okay thanks. We can figure it out. So other changes your trademark attribution changes. So basically all vendors and users who properly reference Jenkins trademark expect two grades in a grade to say that the Jenkins is registered at the trademark of the Linux foundation. And yeah there is no deadline for that but the immigration is needed. So if you work for a company which has Jenkins references on its website then you can let this company know that they need an update. And yeah also the reimbursement process we will gradually move to LFX. We currently have an account on LFX but the most of our money is still on SPI. So we need to eventually spend all money we have left on SPI and then we just close the account and say that now we use the direct still program. And yeah after that we will be using the Linux foundation crowdfunding platform. Or we also have some money. Do we already have ideas about how to spend the money from the SPI? Because I know that from an infrastructure standpoint we spend like $15 every month but we probably did not use that. I don't know how much we have there. We have quite a lot a significant part of that is Google Summer of Code money because we didn't spend money last year because we traditionally spent them on travel grants. And since there was no travel we didn't spend basically any money. Plus there were some remnants from the previous years plus there were some remnants from the common account. So if I recall correctly there is around 12,000 at the moment. And there isn't a way to transfer that into community bridge. We have to actually expend it from SPI. We can transfer that and actually I did the transfer once when we were running community bridge. So yeah the first payment you can see in the list is Jenkins Project SPI made a donation to the Linux Foundation. So basically this is how we funded the community bridge project. Sliding was worth not. Jcast plugin for Visual Studio Code. And yes we can do transfer like that. Moreover we can agree that this transfer won't be a subject for additional fee. So for example here you can see that we basically put 3,000. And yeah it's basically the case for the most of the transactions we have at the moment. So we could transfer money. Whether we should do that, no strong convenient. Because yeah the crowdfunding platform is quite handy because it has an expensive backend. So to some extent it's more convenient than SPI. But at the same time SPI reimbursement process is also quite straightforward. So I wouldn't move the money until we know that we need to move the money. Yeah thank you. Yeah that makes that makes perfect sense. So the preference it reduces our overhead costs if we spend it directly from SPI. I think that's what you're indicating. No transfer fee if we spend it directly or now there's no transfer fee. Yeah there is no transfer fee for us. So we can move the entire budget without spending money. A real problem that we need to spend money on something else. Because otherwise it doesn't make much sense. So right now if you take a look at our budget breakdown. Yeah it's totally artificial but we have some reservation for bug bounty. I think Daniel about it because here we have some security swag. Right now this money is not required. Development sponsorship, documentation sponsorship, marketing, meetups, mentorship and travel. But yeah all this is just formal targets and basically we need to spend money as we wish. We can just buy Olivier more banners to sit behind him. Well so one of the challenges for Google Summer of Code if we select or if a project is selected and involves Kubernetes the student will need access to come computational resources to allow them to run a Kubernetes cluster. I would assume that might be something we would choose to fund from here or is that not a good candidate for this kind of funding? It's something we can do that we can do. Moreover it's documented in JPAID which is about JSOC funding. So we can use JSOC money to sponsor JSOC infrastructure but at the same time it's commonly easier to get credits. But yeah if you really want you can do that. Well and we certainly we in cases where the student could get credits we prefer those with Google's season of docs. Neither of the two contributors could get credits they'd already used them etc and so we ended up funding it from a donor company. I'm certain digital ocean would probably be sorry I can't say I'm certain. Digital ocean has a Kubernetes offering and they're very open source friendly for this kind of work. So I would suspect they would be willing to give credit out for that. Excellent okay thanks Gavin. So the bigger challenge there is making sure we ask the right people and understand their who we need to ask in those organizations for those donations. Good. So usually it's not a problem if you need a Kubernetes cluster. If you need a specific Kubernetes cluster for example if you want to implement the Kubernetes on digital ocean then yeah you will have to use digital ocean. The options yeah it's just one option to get sponsorship. Yeah and you know they might even be willing to donate in that regard as long as they get some info in the documentation yeah I was also thinking about like we should be looking into spending more on hosting stuff as well because we do have the problem where when sponsorships go away then the like the info goes away as well and we should have some you know some stuff that is a little bit more aesthetic that we don't have to worry about going away at any point. So the problem for us is the scale yeah because the computing infrastructure it's conserved and yeah when we talk about computer infrastructure we talk about 10 plus k per month. Yeah and I mean this is much higher than what we get as cash flow in donations. The thing is we would not I mean we would not be able to use yeah to that's pretty fun for anyway. No I wouldn't I'm not talking about like replace it all but there are some things like the uh I think you set up you started setting up a status page so something like that which would we want to be outside of our normal cluster that would just be independent status that might be something that's a low cost that's good for spending. Yeah that's for sure so it gives us some flexibility if you need to say 500 dollars to run a service elsewhere we can do that. You don't need to spend time asking SPF or whatever for 500 dollars but yeah basically that's what we can afford using this money. We have never really $6,000 on stickers and socks. We have never been promoting donations because if you start promoting the donations we can actually get much better numbers. Yeah well here you can just take a look at the products. Yeah and I did reach out to Tracy about getting an API for donations so that we can serve we could embed it into our site. Had that discussion hasn't gone anywhere and I haven't followed up to actually get the information but I have started the discussion because it would be nice to actually highlight the people that do donate. But do we explain why we use donation? Because for instance we don't get enough money for it for the infrastructure stuff but maybe if it's just for stickers or what I mean if it's for support people to add in conferences maybe yeah. That that donate link is awesome because if you go to donate without a slash you go to to the wiki which turns around and redirects you back to donate with a slash which is on this side. But yes I needed full request but it wasn't merged because there are other rules proposed and finally it could start forever. Yeah but I would like to make sure that we very clearly say which companies are donating infra if we can which companies are donating money which ones are donating whatever else we want to donate because it seems like the right thing to do whenever someone gives us stuff. And I think we did want to talk at some point about fixing up that friends at Jenkins plugins. Yeah we definitely should discuss that. So yeah but donations flow is basically operational we got some donations through that obviously we could get more if we start to take promotions etc but if we don't have any use for it so yeah. So some organizations are quite active with that. So you can see that yes some organizations just get a bunch of small foundation donations and you can see for example kick out they just have a page somewhere so these donations and you can see that they actually get quite a lot of small ones. So yeah I think that kind of stuff is bigger in JavaScript for all the small projects that exist. Yeah if we really need money we can also get hub sponsors which is more convenient to some people so we can have an additional account there but again so far there was no demand in that in order to spend money basically you need somebody spending quirk in time to find ways to spend money. Right. And yeah while it's totally possible right now we just do not invest too much time in organizing these community programs. I'm just looking where they have donations. Probably under contribute. Maybe not. Nope. Anyway somehow they get quite a lot of donations. Oh it's a button on the far right. It's very super clear. Oh yeah well we can do the same. Why would anyone need downloads? Yeah. When you hover over the download button it says ha ha trick to you donate. Okay but yeah so if we really needed money yes it could be an option. Right now thanks to all the sponsors we don't need that much cash flow so we can be quite lazy with it. At the same time yep we really need to stop out rich programs because I can imagine that we just get community. Yeah but I mean like if we do go with you know one of the site search stuff for docs it would be nice to indicate them that there as well as their own requirement. You know we have we do have some Microsoft sponsorship. It would be nice to put in there you know. Hey we just still it's facilitating development. It's not contract development but yeah some of them for certainizations also use it for contract development. Yeah Since it hasn't been reported for several months yeah this page isn't very visible right? I guess not. I think we should also I mean at the docs same but we should also have a bot that goes through in text with the links pretty often. Yeah I believe Zbiniq did a patch for the PCI at some point. Okay so yeah. So on that note every month every week I don't know exactly the kittens. Matrix when they do their governance meeting they make sure they post it the recording to Twitter and they make a blog post. So you know I know we have this this doc but I wonder if we want to make a blog post every time the governance meeting happens it includes the notes from that specific meeting and the video to go with it. The reason I'm thinking that is on my infinitely growing to-do list I want to make a I'm trying to make a bot that will read the blog RSS feed and post it to the chat channels and probably to Twitter at the same time for every new post so it would be nice to have one of these that says you know new governance meeting minutes. Well we could I'm not sure about having it for every meeting maybe it could be a monthly summary or something like that. I don't know. I think theirs is more like a podcast podcast style though so theirs is probably more interesting to promote every time. I admit I've never watched their recording I just seen their thing every month. What I used to do I was putting summaries to the developer mailing list but I wouldn't say that it was quite popular as well in terms of responses from others. You can find the example this meeting didn't happen not a good example but here for example here. Okay so there are some meetings where there is a summary attached. Just throwing on the idea though. I don't know if it's good or bad. We definitely not active in terms of creating content right now so if there are important decisions it's actually definitely makes sense to create a blog post or if somebody just wants to write one. I don't know how much traffic the blog gets but it is probably worthwhile to add one for showing how to test the latest LTS especially this one because it needs a lot more eyes. Oh that's a good one. That may be a good counter in addition to we talked about doing a contributor or a webinar next week on the upcoming release and having a blog post about it would be a good idea as well. Good suggestion. So are you on the right account? No. Well I should have access from my personal one. Maybe something changed. Let me check. Yeah Jenkins and Jenkins X. But you have... Wow I've never seen that actual active user thing work before. I've never had a site in the traffic. Okay I think there is nothing really secret there. Yeah. No. Yeah but just for good way it's under highlights and loops. Okay you can find for example content what people are looking for and yeah so you get some information. And for blog I give you calls there. But this is people looking at it right now not like actual hits because this is under real time. Just a second. Six days content. You want to go to behavior. Yeah page views lost 30 minutes with past months. But yeah. So yeah anyway we can get this data it's all available but yeah the summary that the traffic to the block is not that high unless you have also promotion in the social media. And if you post on Twitter post on LinkedIn actually you get quite a good traffic to the blog post. Yep that's why I want to make this RSS spot. So yeah and then also redirect it to what else we have to write it. So many referrals from local host 8888. Yeah sure. But yeah just just again this is reports from real time so this is in the last 30 minutes. Just for just fine for I think giving the only one in the board do not have access to the Google Analytics right now. I think so because as access and Alex as well. This is something we can fix but you can definitely get some information from here and yeah I'm not sure I have access to the plugin site. So we don't use we don't have Google Analytics on the plugin site. Oh it needed we can have one. So yeah I agree with given that any blog post that I can also release can get it announced new LPS baseline etc all of that is helpful if someone has time to create this content. Anything else? We launched Mark and I launched the the POC for agolia on plugins this week. I'm pretty excited about it so. Even if it is interesting there was a shot to them at the previous documentation track of the computer summit. So it's Mark. Could you put the link later? Otherwise on a different topic I have I have sorry I'll announce soon that we have to update the update center route certificates. Oh the update center certificates. I wrote a draft this afternoon and so now I have to convert it to for changes on your website. So my plan is to to write to publish that to publish it as a blog post and send it on the death mailing list. I don't have a date yet I mean we have a strong deadline beginning of April but I don't have yeah. Yes of course they don't say that all the Jenkins versions which don't have the new certificate installed yet won't be able to access the update center right? Yes and so basically those are the version older than April 2018 so so those are yeah two years old versions so anyway I mean anyway those versions does not have access to the plugins to the update center anyway because it's already too old um the perfect um but they will just get the latest updates which are most likely incompatible with today versions. Right and from a plugin developer point of view that's also a good time to remind people to to update the base the version for the plugin but yeah otherwise I'm not expecting any major okay so yeah thanks for that and yeah since it's 2018 it should be related to this most for all active for Jenkins users well never seen never okay quick update on LFX tools so in addition to crowdfunding we currently use mentorship though it's not actively used but somebody wants to have a profile configured so you can create your project ideas there and invite the participants. We also have a few other prototypes what I wanted two reference now there is community events and this community events basically uses a different platform so it's not meetup.com it's to again forget the name but we should expect that at some point the Linux Foundation encourages us to move there most likely we will remove the majority of meetups maybe except Jenkins online meetup because Jenkins online meetup it really makes sense to keep it on meetup.com and well the rest of meetups are not really active anyway so let's see and another update mostly for security but maybe for others so that we go to access to sneak so you can see this well terrible numbers yeah if you want you can explore why yeah what I wanted to say that now we have access including Daniel and Wadiak so they can also manage access for others if needed through support request now we can okay I can fix it but yep I have access I think that it's not really helpful because we need to pin it up before we really start getting any benefit from the security stance so if somebody wants to get involved you're more than welcome to do so I guess I should have clicked on this button it's a bit strange yeah okay I guess that's the answer because before that it was the same so you click this link you end up in jitter you click this link and actually you get it working now just no anyway you can see we almost want the vulnerability system at the very least it's good to be good at something right for the best at vulnerabilities so yeah what else we have in tools we've got easy CLA before and it's something we also need to follow after the trademark transition because if you go to our CLA you can see that this CLA is also tied to the SPI and it basically brings up two questions so first question is what we actually want to do with code ownership because yeah currently yeah this basically a form which is just confirms with you that you understand that it's MIT license and that you can confirm that you're eligible to contribute code on this license and so there is a lot of other words but basically that's it so we can just modify this one associated project of the Linux foundation or whatever we can update it to use easy CLA we probably need to talk to the Linux foundation about the text to ensure that it's what they commonly use and after that there would be also a question is what we do with the existing CLA's because we have a number of collected ones so maybe we want to invite people to resign them they use easy CLA at the same time well I don't feel very strongly about it so in the gradual process and currently easy CLA has some magic integration with GitHub actions so that we can automatically verify CLA signatures but again it's rather a fancy feature that's something useful because we don't have so many people who need to sign CLA if you request every contributor to sign CLA then yeah of course it will be a completely different story but in our case we request only core maintainers and other people with sensitive permissions sign it I'm sure that definitely easy CLA is much better than what we have now especially in terms of corporate CLA because the current process of corporate CLA so that basically you have to create CLA PDF you can you need to encrypt it that's I mean to the Jenkins government and the Jenkins governance port processes it and puts it here just of course doable but at the same time you can see how many companies we have listed here why you're giving corporate CLA at all it's anyone's question right now but in principle we could simplify this flow I don't know if I've used easy CLA specifically but any of the other ones I've used in the past that are GitHub integrated are much slicker much easier to use than this one this one I'm not even sure my CLA signature is actually valid anymore because I signed it when I was still at CloudBees so yeah yeah so in principle we don't get too much about that but yeah so I'm totally in favor and I'm totally in favor of switching to this yeah I want to set it up at some point obviously depends on whether and when you have went away for that but yeah in principle it's quite handy for us and yeah basically it's all common tools there are a few others like dashboards and sites etc but yeah all of it is not that used at the moment so I tend to put a roadmap review on the agenda but taking time we should rather use the tomorrow's contributor summit session so do we have any other topics for today none for me thanks everyone and yep that is the next meeting it's usual in two weeks that's all