 Welcome to the Jenkins governance meeting. We're recording today. It is the 8th of September 2021. We abide by the Jenkins code of conduct. Let's share that screen and take a look at the proposed agenda. Here's the agenda proposal. Anything that needs to be added to the agenda before we begin working through the agenda. There was one thing I left on the notes in the last meeting. Sorry, I'm muted. It says zoom says I'm muted. I said I postponed talking about commercial support lists. I think we can postpone talking about it again, but we can put it in the bottomless and see what happens. Okay, great. Good. Okay, thanks. And I added something since I did the initial draft all I could suggest that he was wondering if we might consider moving the meeting one hour later to make it easier for him to attend. I think we'll meet going to be very late one hour later. Okay, so same here. Okay, good. Thank you. Elise at the same thing last time we asked, but I don't, he's not here to say anything. Okay, so topic for discussion will discuss it when we get there. I think it sounds like the answer is, that's not a great time for others. Okay. Any other topics we need to add. Okay, so news news, the Jenkins project confluence instance was attacked. We've blogged about it, we block the releases we reset user passwords. Investigation is continuing but releases are now allowed, although Tim Jacome reports that the continuous delivery releases through JEP 229 or not yet working so needs more investigation. So to add here in the current state confluence will not be back. So we failed to maintain it correctly in the past, and I don't want to bring that service back so I'm currently investigating options. Because that instance did contain valuable information. Most, I mean, we already migrated a lot of information to the to the plugins to the kitchen for tourists but confluence you contain a lot of information. Sorry, we only partially did it. We only partially did it through. So in the current, yeah. What I was, where I was talking with Mark in the earlier chats about this is I was thinking we could spit it out on a private VM somewhere that doesn't have internet access, and then is running through the exact same code that we do the migration thing with. So it does all the trimming of the stuff we don't care about dump bunch of ASCII doc files, and then commit it to get repo that handles the plugin side the non plugin side. It's pretty much the same thing, but we just have to make sure we don't release anything that's secure that would lock down for security reasons. But that was my thinking. So, so first, I already copy the machine on the different machine so it's already, we already have a backup both for database and for the machine. I'm working on that temporary machine, which I would like to be as soon as possible. I tried to other option in my case, I explore dumping, exporting everything to HTML files. So I have them on my machine at the moment. So the only thing is the rendering is not as nice as on confidence that's the first thing and second thing, the URL change. So for example, if you go to Confluence, you will not see that HTML and stuff like that. And for some reason, when you dump, when you export everything to HTML, it also introduce some random number in your head. So that's one of the options. Another option that I'm currently looking at to see how feasibilities would be to just deploy to use Confluence clouds, because the reason why we can't use G-Rack cloud is because of the limit on who has access to it. But in this case, we could just consider that maybe five or 10 people have right access to Confluence clouds. I already have a license for it because I did some experimentation with Atlassian clouds within the year. So that would be another option. I don't, I'm against adoption. I'm minus one on there. I do not think we should deploy Confluence again. It was a pain to maintain as pain to keep spam out. I don't think we want to ever have it running again. I'm just saying Confluence cloud, we don't, that's the last option. We don't, we don't maintain it. Oh, but I don't, I think we already have enough pieces. We don't need more pieces. Yeah, true. My plan was just to have a read on the Confluence clouds. But yeah, you're more than welcome to hand any of this off to want to me because it is interesting to me. So I don't mind doing it if you have other things to do. Okay, I can, I can give you access to the machine. And we can see together after this call. Excellent. Thank you. Okay, so Olivier and Gavin will work together on alternatives for what do we do to get that to not lose the data that's in the Confluence server without ever bringing back a Confluence server. Thank you. All right, next topic was the Jenkins 2.303.2 the next LTS is has been delayed by two weeks agreed with the security officer, the release officer and others, and it will include security fixes. So the extra two weeks will give us some time to assure that they're in there, etc. And then 2.310 has been skipped due to the Confluence outage. Confluence instance issue. And I'm assuming Jenkins 2.311 next week, though we may have it this week, depending on. So on that topic, we still have access to the container that generated the version 2.310. So we may manually finish the release, or we can just trigger a new weekly release. Okay. Any objections at the board level, Gavin from you are from Evelina if we were to call the 2.310 weekly release a loss and just say we're not going to do it. Is that okay. No, no objection from me. So just for the context already finished manually releases. I mean, I did once or two. They were. So, I'm pretty confident to finish it as long as we keep the container ready. I don't think it matters I mean the version numbers never. At one point they were like you could say this is 52 weeks ago, but really honestly the version numbers are not absolutely enough for us to ever make that distinction so it doesn't matter if we want to burn 310 that's fine 311. Great. So you've got the flexibility all the VA to make the call burn it or don't burn it either is fine. But yeah, that's great. Thank you. Next topic. I put this on Gavin did you want to share hosting status how it's going do we need to enlist additional help, etc. We need to have more people it's not really that big a deal. I haven't really done it in a week because of the conference issue I haven't touched anything to do with releases. But generally it looks like there's not a lot of requests to come in. I have like six I haven't dealt with yet. Tim is helping with, I think Tim and Mark are helping with the actual RPU repository which is probably the bigger more complex one. The initial initial hosting requests are pretty simple. There's one so far there's one plugin I kind of wanted to say no to, and I don't know why I shouldn't, but I kind of just keep bringing off. Essentially this user wants to add a Java applet and a new TCP port to Jenkins as a plugin and I kind of just want to say I don't think this is a good safe thing for the community you could have it for your own personal use that's fine but I don't want to deny it from. So. And then Daniel did reach out and say there are some tooling he can run for scan so he may or may not start doing that I don't know. I'm not totally worried about. I'm just going to, you know, keep plugging away, try to do my best where I can. I'm going to put it all into, like I said in the mail and eventually I would like to see hosting and GitHub access all that as pull requests so we have that all managed we have recorded we have a history. So right now we have no idea who has access to what we post. No it's tracking. It's actually an Artifactory access not GitHub access. Right. It's no GitHub. Yeah. And it's, it's really hosting partially right so it's tracking it's tracking one piece of a hosting request because a hosting request is more than just Artifactory access it's also GitHub access. It comes in as a geo request, then it does a bunch of checking, then it wouldn't get approved, it forks the repo please the RPU request, it's just there's a lot of moving parts and I want to reduce that and I, you know, for that's one thought I want to reduce. And the other side is, I know we've had trouble when someone says I want to take over this thing and we're like okay. Well you have to do this step and this step and this person has to do this one and this person has to do this one and it's really complicated and I kind of just want to make it all pull request so that one person can improve it and all done. But I don't see that happening in terms of just one of the things I love to do. I like it. Okay. Great. Anything else that you wanted to share there Gavin in terms of hosting. Nope, I guess I'll start approving them again now that we're not fully green lit but we're greenish. Right, we're no longer we're not no longer hard red. Yeah. Like a weird yellow we vomit green thing. Oh, oh thank you that was a lovely image by my days just started your welcome. Yeah. Elections let's go to something more positive Olivier. So, I hope that you, that you read my suggestion so the idea is to use this course as a place to submit nomination, and also to record people, I mean to restore people want to participate to the election, explain everything the proposal. So that that's basically the main the main change that would happen compared to last year. So no good form, or no other option. So that's, yeah, that's something that I would like to improve. I did not receive feedback, except to Gavin and I like, so I guess people are fine with that proposal. So what I would like to do for the next step by my initial plan was to start promoting the new election, starting by for tomorrow, but I think I will need some time to write a blog post. Oh yeah, if people are fine with the deadline, I will maybe just delay everything for by one week, or maybe several days. So the most important thing is we have enough time to collect nomination and to collect and to register participants. So, so Olivier one thing that wasn't immediately clear to me is sending a message to the group election committee so I can see the group here. How do I send a message to the group is there some action I do here on. Anything can go up. So I guess there is a permission that I request here. Normally, so let me double check normally. That's something that I tested with Timion, but I guess he has an access so that's so if I were in order to, in order to subscribe to vote. I normally normally if you are in the group, I go here and I would click this button to request. Next next to that button you should see a message but I can fix the permission for tomorrow. Okay, so, so I will go there. I will click here and here there will be a button that says send a message to this group. If you go to the group voters selection voters I think that's a name. Okay, election voters, which is here. And that's the same because I disabled the ability for people to notify members of this group. So yeah, this is a permission issue that I can fix tomorrow. Mark, can you write a reply on that thread on which thread on the previous one just says the the one that this thread that one. I just read it like a comment saying I went to try to message this group and I don't have permission that way if anyone else has the same problem they can see it and reminds of the viewer I did fix it later. There was election committee group right. Group, but there was no button to send the message. There was a button to request to join. But not to send the message. So, is that what you're suggesting, Gavin. Yeah, more of us. Yeah. Great. Okay. Excellent. Okay, so I read, go ahead on on the blog announcement idea and earlier the news. I made it a lot easier on Jenkins IO to turn on commenting. I don't just reminded me. So essentially you can just say discourse true, and it will enable commenting you don't have to create a topic and link it and everything else with that before, which I think Mark I looked at it looks pretty good. Yeah, and I was, I was truly impressed. The, the, the change means I can reference discourse and it will create a thread automatically if there isn't one. So the, the example is here on this most recent blog post. When we look at the bottom of it, discuss one reply. There's a reply. I go check. I think the reply is just me making it listed. Well, except now there's no control here that lets me click it so we may have some more work to do. I can't get there. Yeah, I'll take a look. I'll take a look. Right. Yeah, Mark, Mark, can you just quickly check the election committee group. Sure. Here. Yes. Oh yes, there it is. And so now you can send a message. So now I could, I could send a nomination by typing it here. I nominate as such and such great. Okay, that's nice and easy. Super. And while you're here, maybe you can show how to join the election photo group. Oh yes, I can do that certainly so election voter group here. So I'm currently in it. So I'm going to leave first. And now the way you join it is you click here. It appears and you click the join button in the top right hand corner and now I'm a member. Yes. And so what I will do at the end of the month, I would just export the email address every people in this group. And then we'll use a tool that we use the last year and two years ago, which is a condors voting system. So invitation will be sent from that application. And ballots then are likely sent in sent through condorses in October or is that in. I guess you'll tell us the timeline in the blog post. Yeah, so my proposition was to wait one month so people could take one month to nominate officer of board members. And during that timeline, during the same time, people would also register to the vote to the voter group. And then we would take one week to review the nomination and contact the different nominees to double check with them if they are interested or not. And after one week, we would send an invisible would close the group on the voters nobody will be able to join. And then we would, we will invite every members of the group to participate the direction. And, and during the nomination phase, I will nominate the names of nominees be visible or you'll just accept if you get the same nomination multiple times for a person. We can accept, like we'd like we did last year we can accept multiple nomination. Just look at the end of the month how who were the nominees would double check that with them, because we don't want to embarrass them or whatever. Right. Okay, so, so the nominees names won't be public that just then just the committee will know about the nominees until you've had a chance to qualify them to see are they are they interested and willing. And yeah, and the reason why the group of reviewer addiction committee group is small is because we only have person there. We're not interested in you will not participate to the addiction. So for example, Kevin has amended for one, one more year. I think even in that as well so that's why they are in the group. Great. All right. Any other, any other questions or concerns with regard to elections. Okay, so then I guess the next step for me is to write a blog post and open up your own Jenkins that are your websites and once, once the blog post is ready, we officially, we officially start the election. Yeah, I wanted to just be sure I get a record for sure of approvals so Gavin you're okay with it. Yes. Olivia, you're okay with it. Hey, sorry, I had a trouble with finding the unmute button. I'm okay with it. Yes. All right, excellent. And it's your proposal but I think we should record your plus one, Olivia, you're okay with it. Yep. Excellent. Thank you. Okay. Okay, so proposal to the move meeting one hour later I think this one needs to wait until Oleg's available. And we have a discussion, we can certainly discuss it another time. I would be interested to do it at another time. Yeah, even another day. Okay. Gavin commercial support list is there anything you want to do there you want to discuss there. If you want it, I just haven't pushed it. So essentially, I'm, I really want, like, you know, as someone who does a lot of support, I want to make sure that we have the companies that are offering commercial support, an easy way to offer for users to find easy way to find which one they want to pick. I just don't have a good solution for it. Maybe we just do a page on Jenkins IO, and people manage it by pull requests. I don't know. The page on Jenkins IO managed by pull request is the best one. My only concern is, and every new company will try to put themselves at the top. As long as I not concerned as they don't do it. I can just see that you know there's flights like I want to be higher than you. And we have we actually have that that exact condition already is a worry in this page right here. Where right there's an there's an implied ordering here that that probably shouldn't be implied but I don't know how to do a non ordered page right. I want to randomize it. Let's be that we want a solution is make it like make it metadata like what is it yeah we're yaml files right or whatever. So we have metadata and then we just JavaScript render it and say randomizes each time. I like that that's actually a very creative solution so so, but I think you've got a valid point if we don't have something like that. There's something implied by ordering in that we may not intend to imply. And we also have to define a rule about when we can remove a name. Yeah, because otherwise it's too easy to just put your company name there and have and be listed for years. So this is something that we should review I don't know once a year. Like I said this is something I really want I just, it's a bigger problem and just being like yeah can I get approval to do it. Right, right. So is, is this a case for Jenkins enhancement proposal is this really outside of the realm of that kind of thing. I think I would be interested to see if there are company who really want that and really want to be listed there. So maybe we can just maybe we can just invite them to a discussion. Yeah, but say I should reach out to the existing link that was on the wiki. If we can get that list again. And then, and reach out to them and see if they want to be listed some still. And if they do then proceed to find out what would be useful for them. Hmm, right. Okay. Yeah, because because there certainly are companies, at least I think there are companies still that that are doing this all over the world it's not not just one company kind of thing so yeah good. There's a dozen on on the wiki page it just was those four years out of date because no one could update it. You can drop the word postpone because we started talking about it. Yes, very good. Okay. So I guess that's an action under for me to see if I can get around to reaching out, although it's not a high priority for me. And certainly understood. And I think reaching out to others is much more value than in Jenkins enhancement proposals I mean I'm going to just delete that. Yeah, because I think you've got. Yeah, I'll reach out to get some notes and then we can put it on the on the community on the community page and see what we get to because I did start a topic about this. Right. Excellent. All right, any other topics we should be discussing today. That sounds good. Okay, thanks everybody. I'm going to go ahead and stop the recording.