 Welcome, everyone. This is the Jenkins Governance Meeting. Today is the 15th of April, 2024. Thanks for joining us. Today, we've got topics on the agenda, including upcoming calendar, news, two action items, community activity, and governance topics. Governance topics include Azure Expense Status, AWS Credits Donation, and Spring Security 5.8.x, end of public support. Any other topics that need to go on our agenda for today? Okay, then let's go ahead. I don't see Uli today. Am I correct? Oh, there is Uli. Good. I do see Uli now. Okay, so we've got all the right people. Let me note that Srikanth is here. And Kevin Martins. And I can update later with correct identifiers. I don't see Basel. I believe Basel is traveling. So we'll take that one out. Okay, thanks, everybody. So in terms of upcoming calendar, 2.454 will release tomorrow. Interesting changes, some improvements in UI that have been merged. I think this will be the first release that removes the executor's list from the left-hand side of the panel. 2.440.3 will release on Wednesday. Infra Team is ready and looking forward to it. In terms of major events, beginning tomorrow through Thursday is CDCon, located in Seattle, Washington, and the United States. And Basel Crow and I will be attending that. Dadezi Sanjika will present a status of CDCon and Jenkins Awards will be announced at the end session on Wednesday. Any questions on those events? Okay, next topic then is on the news side. Jenkins is continuing its work in Google Summer of Code and we're in the grading period right now. The grading proceeds and it's early May, I believe it is, when the announcement will happen or when we put it out. Bruno, maybe you want to give us some status report on that? Yeah, we are progressing. Lots of proposals have already been evaluated and the marks are coming in. It's not finished yet. I guess the mentors and commenters have until this Friday to get all the information into the sheet. And then next week we have a bunch of meetings in order to balance our feelings about these notes. And then I think that at the beginning of May we will give our final proposals to Google and then Google will get back to us with their choice. We don't know yet how many proposals will be accepted by Google. So we may submit four or five and only get three. We'll see. And Alexander, I believe you are also a mentor. So you're involved in the grading process. Yes. Great. All right. Thank you. Excellent. Anything else, Bruno, that you wanted to share? No, thank you. All goes as planned for the time being. So all is good. Thank you, Mark. Super. So the next is that the Jenkins Awards will be announced at CDCon on Wednesday. We have three awards as due to our, oh, I forget the name of the title. We are a graduated project at CDF, which means as a graduated project we get three award things. The three awards that have been created, most valuable Jenkins advocate with Alexander, Bruno, Darren, and Chris Stern, all as nominees, most valuable Jenkins contributor with Basel, Daniel Beck, Chris Stern, Stefan Speaker, Tim Jacob, and Uli Hoffner as nominees, and Jenkins security MVP, Alvaro Munoz and Yaniv Nizri as nominees. The winners will be announced tomorrow, late afternoon or early evening Seattle, Washington time. We'll then do a blog post on them. We'll do some other announcements as well. So when you see those names, that's an amazing collection of contributors. Thanks very much to everyone who's been nominated. Any questions on the Jenkins Awards? OK, next item was on action items then. Here we've got attribution entries for the downloads page. As far as I understand Basel's still working that. We've had sponsor updates since we started this project that now AWS is clearly a sponsor. We're really grateful for their sponsorship. We've developed Cloudflare as a sponsor and we'll be using them quite heavily, actually, to deliver the Jenkins Update Center. Kevin has the action item to retire the Chinese Jenkins site with much of the work on that, or much of the delay on that, my fault. Kevin, anything you want to share on that one? Well, I'm back on holiday clearly and I'm just back to reviewing and making sure everything is clear. There's regular updates to the Helm charts and a couple of the other repos that are in use. So I'm just making sure that I'm keeping up with all of that and reviewing that set up again. But yeah, more to come on that still. Great, yes, actually that's right. More work pending for more. Thanks, corrected. Great. Next topic was community activity. And here, this week's contributor spotlight is Erwe Lemeur. And we've done a tweet to announce that. We haven't done a LinkedIn post yet. Sorry, Alyssa Tong is out of the office and I'm traveling. But we hope to get a LinkedIn post out later today as well. Any questions there on contributor spotlight? OK, next topic then is governance topics on Azure expense status. So we're allocated $60,000 US for the calendar 2024 year by CDF for our Azure expenses. In January, we ran hot. And we ran hot by quite a bit. It was several thousand dollars if I remember right hot. And so what the infra team has set their goal is to try to keep this spend each month under 4,300 so that we will easily stay under our $60,000 total. In March, we were at 4,400 so just a little over but we're still well below the monthly of 5,000. Damian, Erwe and Stefan continue to watch that carefully and monitor it. The next topic was the AWS credit. So AWS has donated $60,000 US to the Jenkins project. We've received the credits and we've got to we've started the work to start consuming those credits. It requires separate account, must move resources to the separate account. So that is in progress. We think we'll get our first actual spend of those that AWS donation in April. Now I should forewarn I missed putting this one in and sorry about that was that I should have made a note here that we've got to submit. Oops, that's the wrong place. Sorry, you watching me edit is sad. We've got one other topic which is AWS credit application for 2025. And here the action item is Mark, wait to submit the hour application. The AWS will decide on 2025 donations in June of 2024. So it's crucial that we get those things in on time. So I've got a mark to complete before end of April I believe is the due date. Any questions on AWS credits? And what I intend to ask for is the same amount as they've donated this year. We could conceivably ask for double that but I think it's safe and reasonable to ask them to donate the same amount again next year as they did this year. Any guidance from other board members or others on the call as to should we, are you okay with us asking for 60,000 again? Do you think we should go higher? What do you recommend? I think applying for the same amount would be reasonable. Great. Yeah, I agree with only I think 60K is a reasonable amount. I'm not sure if we did exceed this in the past years but I think this is a good baseline we can start on. Yeah, well, we consistently run about 120K total spend but 60K of it is donated by CloudBees. And so my sense was it's still fair that CloudBees continues to sponsor and fund some portion of the AWS infra. I'm grateful to CloudBees for doing it. If the day came that they no longer funded that would be a big hit to the Jenkins infrastructure but for right now I think 60K is very reasonable for us to ask from CloudBees for now. It's also complicated for us to move all of our AWS resources onto a donated account because then we have to be ready to move them off again when the donation ends. Damian likes having stable infrastructure in addition to the flexible infrastructure that we get from the donors. All right. Next topic then is the spring security 5.8 end of public support. Here the crucial thing is that spring security has announced that August 2024 will be their last build of spring security and they will stop supporting it with security fixes after August of 2024. But we are dependent on Jenkins is dependent on the spring security framework 5.8. So newer versions of spring require Java 17. They require a transition to Jakarta EE9 which is Jakarta.Servlet instead of Java.Servlet. They required at least Jetty 11 and in our case it'll be Jetty 12 and a number of other transitions that will all need to happen at roughly the same time. So this one is a big complicated project and the big complicated project is going to need to be coordinated, et cetera. I'm still working inside CloudBees to try to understand how much help we can get from CloudBees to make this transition. We may need to live with spring security 5.8 for some period even after October and then make our upgrade afterwards. I'll continue investigating to see. It's not that spring security 5.8 is invalid but if we had to fix a security problem after their end of public support we might have to fork it and build it ourselves. Any questions on spring security framework? That was all the topics that I had for today. Are there any other governance topics we need to discuss today? All right, then thanks everybody. Recording will be available in roughly 24 hours.