 Welcome everyone. This is the Jenkins governance board meeting. You should see my screen with a copy of the agenda. And let's get started topics that I've got on the agenda for today include news. Report of action items. Community activity. Including an intelligent test report experiment from Kosuke Java. Support plan and hacktoberfest and then governance topics. Board and officer elections social media posting guidelines or guidance. Azure credits. Oracle cloud and then at the end of the session and we will do this without after having ended the recording. Discussion with Damian to portal on infrastructure costs get his insights. We can ask him questions we can do further exploration, etc. Any other topics that you want to be sure we add to the agenda today. Okay, then let's go ahead so by way of upcoming calendar two days away. Next LTS is coming with no prototype with Java 11 end of life monitor and no support for red hat seven. Tomorrow we have a weekly release. And Jenkins officer and board elections are the major major item on the calendar. Alex and Uli anything you want to report there do you want to hold that report until later what's your preference. We can start ahead with that now I have no strong preference. Okay, so let's go ahead so voter registration has closed are we but I haven't seen any announcement of an election is that because an election is not needed. Yeah, you got the right mark that's a candidate for every open position. There's a candidate for the board, and there are all candidates for the officers. Everything says as is just with one note that Alex term, which ends on December the 11th. Yeah, I was, I was going ahead waiting you type without him. Yeah, all extra ends on November at December the 11th. And the, and the candidate for the board was Basil Crow and given there have been no contesters of other board members that have been. As it will be the next bottom of starting the day. Of December the 12th. Great. So Basel welcome to the board as of December, December the 12th. Thanks Mark. Yeah, but no December the 11 was just checking with my calendar. That's the first and last governance meeting we have this year in December. Okay, great. Thank you. And so officers as currently stand continue for another year is that correct. Everyone has been nominated and we have confirmed that they are willing to self to serve and yeah that stays as is. Excellent. Thank you. Thanks very much. Thanks to those who are present here officers Damien thank you for accepting and being willing to serve Kevin thank you for being willing to serve as well we appreciate both of you. Any questions or comments to to Alex or to Julian on the board elections. Thank you to the two of you for running the elections as well. All right next topic, big announcement here Alex received an award from GitHub at GitHub, you know, at GitHub universe they announced the GitHub supply chain Sentinel award was given to Alex. Congratulations Alex anything you want to share there in terms of what that how did you get that what did it mean etc. Thanks Mark. And back in December and January past year I participated in the close beta of the GitHub and advisory database as test pilot. I'm not sure how familiar, familiar you are with that, but that's basically a GitHub driven database of vulnerabilities. I'm very much fed with CV ease. And I have tried a few CV ease for Jenkins and was making sure the system works right. Nowadays we have a nice GUI and stuff like that. And yeah, a couple of weeks ago GitHub reached out to me and said hey, we have nominated you have nominated you for that award. Congratulations. That's great. Well done. Very, very well done. That's super in terms of action. One question and the database is for different open source projects and not for GitHub products. Yeah, right. Okay, it's a database. It's actually a language specific database hosting CV ease for go for Java and all the npm stuff. And it's not just one global database considered like CV ease for Mitre or something else. Okay, so but it's it's hosted by and maintained by GitHub so they've got people who are who are tracking the CV ease is the reported wherever and they make sure they're also represented in the database. Correct. GitHub has a team of security researchers actually try aging and reviewing CV ease fed into the database to have a more moderated system instead of having just one CV database. Everyone can submit anything to excellent. Okay, so so and you say they've got a Java a Java based segment or a Java based database that fits very well with Jenkins and you say they've also got an npm one so for our JavaScript components. Yeah, for example, they are currently 15,000 manually hand reviewed CV ease by the GitHub staff and more than 200,000 unreviewed ones people submit to them. And GitHub tried them to make sure the GitHub advisory database contains proper and correct CV ease, because like you know everyone can submit a CV basically and that is something a bit confusing, especially for smaller projects. So get upgraded something that is actually tried and can be monitored by GitHub staff. But the entire database is open source and you can just create a pull request if you want to fix something that is likely falsely flagged by dependent or something else. Oh, okay, so so this is there's a there's a process a public process to propose revisions to their database, not just a private process. No no the entire database is public. Thank you. Thanks very much any questions from others to Alex on the on the supply chain Sentinel award. All right, next topic then action items so I think we're done with the action item in terms of board elections is there anything that you want to note. Is there Uli or or Alex. Oh, I guess I do have one question will you do a do you want to do a blog post how do you want to hand how do we want to handle the announcement of of the results. Yeah, of course I think we should publish a blog post but and we should also publish that there is no vote of that of this year. Do something similar like we did last year, I think there was a blog post like four weeks or something before the term ended. And if we do that again this year, I think we should be all set. Great. Would it make sense in the future to first gather the candidates and then start the voting, because it's not two times in a row that we started to get new voters but we actually did not need to vote. It's a little bit strange if everybody submits a message I want to vote and then we came here sorry if there are no candidates. There is no election at all. So maybe we can for the next period we start one month earlier and try to find candidates and if we don't have more than one. It makes sense to start to don't start watching registration. Interesting comments from others that sounds good to me I don't see any downs I don't see any negative to that or is there anything that others would see as who by doing them in parallel we get some benefit that I'm not aware of. No, I 100% agree with only I think this year like 50 people or maybe 60 signed up for voting. And last year we had like an equal amount of possible voters and there was no vote. And it would definitely make sense to first run the candidates and make sure they there are more than one candidate per position, and ensure they are willing to serve. And if both is confirmed then we should definitely host the election because everything else like feels a bit wasted to make to enter people join the group and there's no vote. Good. Okay, so do I how about if I put an action item there is that one Alex you or really could take Alex or really propose. Do you request revising the PR revising the election process. Yes, I can do this. Okay, great to start to start one month earlier, or nominate one month earlier earlier, and only solicit voter registration only register voters. And there are, if more than one person is a candidate for each position for a position. Good. Okay, thanks. Excellent. Actually, I made a mistake that should go out to the top level shouldn't look like this. There. Okay, anything else on the election. The next action I am then was a Jenkins that I will pull request to converge sub projects and six. Sorry, still not done. Not likely in the next two weeks either but I hope by end of calendar year. Next one was Kevin Martens and Chinese Jenkins site Kevin you want to share with us the current status. I've been able to meet with Damian and Mark couple times now. We've gone over the structure of how the journey sites built and actually have some options is how we can take care of it and either remove or rewrite the path that's being used so I think we need we're going through right now building testing. We're going to need another session to just kind of go over our findings and kind of next steps but we're we're making a lot more progress than we have been previously. We're looking really good. Thank you. And we had noted this earlier that the Chinese site has already been removed from the Jenkins that I had our and I confirmed that's gone so great. Thanks Kevin very very much. Any questions for Kevin on the Chinese site removal. The next topic then is a draft proposal on licensing policy and phrasing changes. Sorry no progress and again, unlikely to make progress before end of calendar year my apologies this one's just not not top of my list. Any questions or concerns there I know we've we've discussed this one previously and I think we understand the concerns in the areas, and they're covered in the notes here. The last item on the action items was update the governance meeting GitHub repository with latest notes and I'll take care of that that one's easy for me to do I just got to get it done in the community activity section there was a recent developer a meeting list request from Kosuke Kawaguchi Kosuke asked noted that his company launchable has a product now, or a prototype that they're working on that is trying to help people understand what caused the test failure. And he's offered hey he would be willing to submit a poll request to the Jenkins CI pipeline to enable the feature if we're if we're interested in it. I'm open to conversation from others Kosuke is not here but he is a board member insights from others or ideas concepts. I've read the announcement but I'm not really sure how helpful is this feature is for my plugins. I'm not sure maybe it's more helpful for Jenkins core where we have a lot of more tests and a lot of more code and in a plug in. Yeah, I always thought all tests and it does not take so much time so. I think I agree with that as well really in terms of a as a plug in maintainer, even the plugins that I have with many many tests and spend a lot of time testing. Still their failure rate is quite small but that's because relatively few contributions, his proposal to Jenkins core I think is interesting. What I mean is the benefit is if if we find it's disruptive, we remove it, right it's an easy thing to have brought in, if, if he brings it in, then we have a facility to remove it. I'm not aware of anything sensitive in the public execution of our tests so I don't see any reason why it would be a negative for him to add it. I see a hand raised sorry I missed your hand raised. I'm wondering how much kind of issues it could catch between when we have agents that are going down due to infrastructure issue or tools missing compared to a real life test results. I'm not sure how much it can catch because maybe it's late in the process after that kind of issue could happen so I'm not really sure I just have a superficial meaning. But I believe it could help a lot to answer at least quickly the question a I've sent a pull request and it's failing is it because infrastructure did something wrong or is behaving weird or the network, or is it because I broke the code. I'm wondering if this could be used for that parts. I guess it needs some training on that but I see a lot of value here. Okay, good. Thanks. Yeah, I, as I'm, as I'm looking at I'm not. It's not immediately clear to me that it will help with that style of failure but if it's if it's large language model based and it's looking at things based on failures Jenkins core may may help us it may help us detect flakes or unexpected failures that then started working in with no code change. Yeah. Okay, so, unless there's an objection here I'd like to propose that I'll respond to close the case saying yes, the board discussed it and we feel like it's a good thing to go ahead. Any objections from the rest of the group. Okay, so I'll make I'll put a reply out with that. Is this action running on our infrastructure or is it data transferred to an infrastructure of launchable. I'm reasonably confident it must be transferring to launchable infrastructure because we certainly aren't hold hosting a large language model anywhere inside Jenkins right now. So I don't think he's proposing that we would take on the burden of hosting something like that. The way they do it with launchable is they ship we ship data to their data storage and they then do the processing there, and I'm assuming something similar here buzzle does that seem sensible to you the way I've described it does that align with what you might expect from something like this. It does. Okay, thanks. All right so mark to reply. That discussion that the board discussed and that discussed and agreed. Thanks. All right. Next topic was the Java support plan and there, the jet the Jenkins enhancement proposal is in progress. There's still quite a bit of work to do thanks to Basel Basel has detected some things that we really need to do to make this thing more effective. Let's get more details about what the transition means how we will do it in particular what does it mean to drop support for a Java version in terms of the actions we must take and when we take them. We saw a number of things that we learned as we added Java 21 that we can use they're fairly fresh in our minds. The last time we dropped a Java version was back when we dropped Java eight. And so it's going to need some some digging to find okay what are the things we do and what do we have to do. And there are some things that have changed since then that will need further discussion so further refinements are coming. Look forward to everyone's conversations there. Any questions or concerns or comments there on on that Java support plan. The blog post that we published. I wanted to make sure that I wanted to make sure that all of us were aware of the change I added to it. So I added a sentence in the bottom of it. Underneath the expected upcoming dates. Yeah that last paragraph about how you don't need to build your application with the same version of Java used to run Jenkins. I added this paragraph, just to make sure that nobody was confused about this because I think the last time that I wrote a blog post like this about a year ago. There was some confusion from some people about this point so I just wanted to highlight that in case you see anyone who's commenting who might be confused about this. I'm linking to the official docs that talk about how you could run a Java based build with some other version than the one that you're using to run Jenkins. So, I just wanted to highlight that. And I liked very much the contrast. Fuzzle drew a contrast in the blog post between alternatives where one was, oh let's just support all Java versions all the time three versions all the time. And that I think is just more than the development team those who are working on Jenkins can stand that's more than we can do the other was only support one Java LTS at a time, and that gets in the way of our enterprise customers enterprise users. So this compromise we're using is, hey, we'll got we'll support to at a time with this overlap period. Thanks very much, Uli thank you especially for your involvement in in the discussions back and forth. Next item was Hacktoberfest and it's finished. John Mark Mason has done a summary to the to the developer list and I believe a summary blog post as well. Nope, no summary blog post yet sorry. But what we've seen generally is about a 30% reduction in total submitted poll requests. And my personal perception has been as significantly better than 30% reduction in spam. So I consider digital oceans implementation has been a success for us. We got less spam this year and we got still a very reasonable set of contributions others comments from any others about that. Okay, next topic then we had a we had a, and we've talked the board and officer elections the next one for me was the social media posting guidelines or guidance what I wanted to do was raise a of the visibility on the question that Oleg raised he's not here today but I think it's worth us talking as a board. So Alyssa Tong proposed and followed all our guidelines proposed this tweet from the Jenkins Twitter account. And it's in honor of a United States holiday Veterans Day. But Oleg noted that hey he was worried that that's a US specific holiday that might be misinterpreted by people outside the US. And we had a conversation with a Belgian friend today who noted hey that day in Belgium is a day of mourning because of World War one and the terrible, terrible things that were in that period. So, the question to the board here was, do we want to give some additional guidance on how, how to handle social media posts. Right now it's a very simple policy. A post is proposed by one person and a plus one comes from another of the sort of social media team, it's approved. And this one followed those rules but do we need some more guidelines or are we okay as we are and don't worry about it. Comments. I'm not from the board but I had a good feeling when I saw the proposal and I thought about putting a minus one. But I thought it was too harsh. In fact, I wanted to make a detailed response about my feelings because I thought this was very US centric, you know, and pushing the Jenkins project to the west side of the world. So I didn't. I have written something down but I didn't want to hurt anyone's feelings, but I was feeling that this was off the Jenkins project. I know we already had some discussions about war in Ukraine. Some people we know were working in Ukraine so that may be different but there are also some wars in other places in the world but we don't say a thing about them. It's a tough subject and coming back to the Veterans Day. Yes, in Europe, it's more of a morning day and not something to celebrate. So yeah, next time, will it be considered harsh to say minus one or should I detail what I'm thinking about that. I think that would have been a, I think that's a valid response there and it would have been a nice safeguard. So I think a minus one in that case would be quite appropriate. Okay, thank you. Alex or Uli, any comments you want to make? Well, I'm trying to read. Don't use Twitter anymore. So yeah, maybe I'm too old for these things. So, yeah, when I, when I use Twitter, I wanted to see information about Jenkins as a development tool and not celebrating things. Yeah, holidays or other things. So this is one reason I don't use these things because there's too much information, which does not help me anything in my day. So, I don't have the time to read all these news. So I'm happy to don't look at it. So, yeah, sorry, Uli, go ahead. Yeah, I think it would make only sense for us to post things about the development or that we now support only Java 21 or something like that. I don't, it doesn't make sense to post any holiday comments or something like that. But this is my personal opinion. So I'm not so the guy used in social media. Others. Yeah, I agree with Bruno firsthand. I think we should minus one or minus zero or at least state if we don't feel well with the post before it goes out, rather than having a backslash on something. I also agree with Uli, I think our social media presence should likely focus on Jenkins or Jenkins related topics, whether it is development, whether it's something made some major new feature we want to talk about, or some contributor highlights if someone contributed something really cool that is actually a network for the project and for the people behind that, rather than I don't know holiday greetings or something like that. Okay, that's, I was, I was envisioning a list of holidays to do celebration on a knot, but I think you've got them, you and Uli have the much better idea of no let's let's make it interesting to developers so that it is it is developer centered, not just trying to generate noise. Thanks, good. Yeah, because if you ever start with Indian holidays and festivals will have a post just every other day. Sorry, Indian friends. Happy Diwali, by the way. Okay, great. Thanks. Yeah, as an example of the what I thought was a positive one actually was this post on the GitHub supply chain Sentinel award to to Alex that one came in and I thought, yeah, you know what that's interesting that was useful it had good things that could help the developer community that was directly related. Are you the rest of you okay with that kind of thing as opposed to hey a community member had this good thing happened related to to development around Jenkins. Fine with me. Yeah, this makes more cleanse. Great. Yeah, sounds good to me. I think posts like these are maybe more interesting for the people following the Jenkins account. But that would be just my idea. Okay, so how about as an actual mark extend guidelines to emphasize emphasize developer centric posts, rather than more social posts. That feels like a reasonable thing. Oops, great. Okay, thank you. Next topic then Damian processing the Azure credits donation so you had asked the question to the board two weeks ago which of the several alternatives and could you describe more this one. Yes, of course. So, as a reminder, the whole idea was to decide should we take the risk of moving our current subscription that we use for the CTF to a new one, or use two different subscriptions. If migrating is high, especially technically speaking, all of the permissions will be moved if we change. So the idea here that I propose is that I came with is to create a second subscription that we will use to consume the credits. And this is it for ephemeral war workloads, mainly agents on all the controllers. So that will just add a bit of overhead initially for the infrateam to create the new credentials on that new subscription had everyone as administrator there, but then we can pay for that specific subscription. Once the credits are exhausted, either we ask for a new world and had new credits or we close the subscription and migrate everything back to the original one. The status right now is that we have been focused the past three weeks on the new updates and the migration. The idea is to set up the work here to start before end of year to consume credits on the on that new subscription. The main target will be all the ephemeral agents we are running, whether it will be virtual machine from Seattle and Kinsayo or container we use for Jenkins releases. Thank you. Does it answer? Does it need clarification? Any questions from others? All right, thanks Damian. Next topic then was Oracle cloud costs and there the answer is no progress from Oracle and I'm sort of tired of asking them to make progress there. When they fix the thing will pay them and until they fix it we can't pay them so we'll see. Any questions on the Oracle topic. Damian your question. We will speak about billing and infrastructure billing. Is it something acceptable to maybe ask Oracle for sponsoring the project again that could help solving the problem and eventually gain us new cloud credits. It's an interesting idea. An interesting idea, particularly since Oracle just announced at KubeCon, a $3 million donation of arm 32 equipment or of arm 32 credits or arm 64 credits to CNCF associated projects. Well, I don't know if they'll be willing to give more having donated $3 million to CNCF and us not being associated with CNCF, but it's, I think it's a reasonable thing to ask and I'm going to go ahead and ask it. I will, I will certainly send submit the request. Hey, would you be willing to donate to the Jenkins project. Here are two examples of where places where you could donate a small one like this or you could give us a bunch of infrastructure and we'll happily use either. Great. Any other questions on the Oracle cloud costs. All right, then I'm going to go ahead and stop the recording and let's have our discussion about I can find my control.