 Welcome to the meeting of the jump Jenkins governance board. It is the 15th of June, not the 14th, 2022. And topics I've got on the agenda include include news. That one action items where I'm proud to have finished one, a question related to embeddable build status plugin and our usual forums and community topics. Any other items that need to be on the agenda. Okay, then let's go with the news first. So delighted to announce that digital ocean has donated an additional $2,760 to the Jenkins project for infrastructure. We have a special thanks to Phoebe Quincy and Oliver Mensa of digital ocean, their, their open source community team, and thanks to Damien de Porto and have a lemur of the Jenkins infrastructure project we look forward to that. We had great experiences using the last donation that they offered of, of compute capacity where we're using it on ci dot Jenkins that IO with a Kubernetes cluster. So thanks very, very much to digital ocean. We will announce the 2.346.1 the next long term support release comes out next week. It will also include security fixes. There will be a matching release from the 2.332 line so 2.332.4 on that same day and a weekly will arrive that day with the security fixes that weekly will be 2.355. So security fixes so changes being merged this week into the main branch will not be visible until the following week on the required Java 11 news. We're looking forward to one week after that LTS the week of June during June 28. These are first weekly that requires Java 11, no longer supporting Java eight, and then roughly three months later, the September LTS will also require Java 11 or newer. Thanks to everyone who's done so much to bring that to the, to the point where it is where we're confident that we can run well and effectively on Java 11 and transition off of Java eight. To note that CD con happened last week in Austin, Texas, and there were awards presented. Congratulations to Darren Pope as CDF continuous enthusiasts to Oleg Nanashiv as CDF top documenter to Basel Crow as most valuable Jenkins contributor to Gavin Morgan as as most valuable Jenkins advocate, and as Jenkins security MVP, but a colony and for those who may not know the meaning of MVP it's a reference to usually American baseball for most valuable player during CD con we had a contributor summit. And there we were really pleased to buy a presentation from three employees of elastic, Manuel de la Pena, even Fernandez and Victor Martinez talked about open telemetry and highlighted how they're using it. Open telemetry provides distributed tracing logging and metrics, and they're using it in their Jenkins installation at elastic to monitor jobs and watch their progress and identify bottlenecks. We also had a user interface user experience improvements presentation by Tim Jacob Jacob included highlights like keyboard shortcuts are coming and more improvements to the plugin manager and better interactions with the sidebar. Xavier and Venon also led us in a conversation about what we do about the rather large number of core maintainers that are now inactive. And what he proposed is an alumni group similar to the Jenkins info alumni group. What that does is that allows these contributors to retain their account in the Jenkins CI organization, but changes their permissions from the elevated permissions to the core maintainer has to a lower set of permissions, while still keeping them in the group. Now that needs further discussion. It's a proposal right now, and we'll bring it to the developers mailing list and go further discussing. Now in all of this, I owe a blog post summarizing the results of the things that I just described, and Oleg Nanashiv presented a his view of what the future of Jenkins should be. Any questions or concerns on those topics on the on the news section. I don't have any concerns, but I think an alumni group is a great idea. Thanks. Yeah, I think it's worked quite well in the info project it's been there for I believe a year or maybe even two years now and it, it allows the flexibility we need. Anyone who wants to become active again can easily be granted their permissions again. In addition to being in the alumni group so it's a move in and out of groups pretty easily. Next on action items, I am proud to say that I've completed one action item. I was supposed to check with Tracy Miranda on the FOSDM funds transfer. I was at FOSDM 2020 cloud bees donated t shirts that were then sold as a fundraiser for the Jenkins project that the funds from that had been with Tracy in at her home in Canada for the longest time. We met with me at CD con we transferred them, and I've now converted them from euro to us dollars and deposited them thanks to the help of the Linux Foundation into the Jenkins account. So the Jenkins account now has over $5,000 in it. So we've got enough that we could consider running an outreach program. It's, it's great. I still have several more action items to do. And yes, I'll try to make progress on those action items. Now we had one item that was flagged on to the Jenkins governance board this came through a bug report. The issue report was raised just yesterday that what's happened is a particular plugin is bundling a proprietary font. And we either need the licensing that says we're allowed to distribute that proprietary font, or we need to get it out of the plugin. So the proposal is that at least my my proposal my draft idea is, let's allow up to two weeks for the maintainer to correct the issue and, if not corrected. And then we, we need to suspend distribution of the plugin, or take ownership of it, or adopt it and remove the, the offending component. Any questions there and so this one will be discussed on the board mailing list. This matches what we've done in the past if I recall with the, with some other plugins that have had proprietary components. Exactly. Yeah, it is consistent. I need to I actually need to do the research to be sure, precisely how we handle them because I'm not sure that the two week timeout is consistent. But I haven't done that research yet but yes it's, it's, we've used that technique and suspended distribution of plugins that contain proprietary components. In order to fix this problem, the proprietary font could be replaced with an open source font. Yes, yes right. This doesn't seem like a high effort fix. So it seems reasonable to to request that change to me. Right, and, and that's, that's that's one alternative. I think it could be just remove the proprietary font and references to it. And I don't know what, what impact that would have on the user experience but that's another, another alternative and either of those would bring the plugin back into compliance. Any other questions or topics on embeddable build status plugin. All right, then last topic was forums and community topics. So we had a recent question related to the system D upgrade, and Gavin Mogan suggested. Should we make the, the answer that I provided as a, I think he called it a canned response. Apparently, community Jenkins.io has the ability to use prepared responses for rather common questions. And I think that's a great idea I look forward to it I hope it's hope we could use that because when someone hasn't read the upgrade guide this is a pointer to hey read the upgrade guide. And here's a blog post and here are two videos, and those those pieces of media usually will prompt people to do, do their research to understand what they need to do. Yeah, about 15 years ago, I use the product called help desk to answer support tickets. And I started out help desk help spot. And they had a canned response feature that was pretty useful. You could define the responses for various commonly asked questions and then, you know, press a button to essentially just paste that in and mail out the reply so I think the only, the only, the reason that worked well for me and help spot, you know, so many years ago was that the responses were written very well in a way that that answered very specific questions and didn't make the person who received it feel that they were getting a canned response. I think that's a good pattern to follow. Basically, like the FAQ style pattern rather than another another kind of canned response I've seen is like, you know, the, you know, the one that we've all gotten, you know, just unplug it plug it back in and try it again. And a lot of us enjoy getting those canned responses. But, you know, in general, I think it's great to have. And there's no need for it to be private either could just be an FAQ. I don't know, I don't know how, how the software works for this forum, but at least the way that help spot works. There is a, the canned responses were also visible in an FAQ. And you could read them without having to be given the canned response. So, I don't know if the software can do that or not but either way it's good idea. Well, and you've got a good point we, we want to be sure that they are phrased in a way that one they don't feel condescending to the user, and they don't rebuke or lecture the user they rather. I want some information that will help you and encourage them and motivate them to. Oh yeah, here's something great large on the screen you click this and it takes you to the thing that will help you for me I like that I just like the visual presentation of the way community does this I find it more attractive than the average web page. Excellent. So we had one other that I felt like was was fun to note. We had a user that was trying to run Jenkins on a red hat enterprise Linux that has FIPS mode enabled. And a while before we realized that that was what it was that FIPS mode was enabled we ended up asking questions back and forth wow we've got lots of people who are using red hat. It works great. What's different about your environment and one lucky guess was included a reference to this existing bug report that notes that when, when running on FIPS mode Linux. Give this assertion that the user reported. And that assertion is is associated somehow with FIPS. And I think I understood the message to be that FIPS mode denies certain operations on certain kinds of private keys. And so with that denial, the user was blocked. Any other topics that I had buzzle were there any topics that you had seen on forums or community topics that you'd like to highlight. Now I think there's some work being done to better support things like FIPS mode. I'm not going too closely but there there are some efforts. There's some efforts to detach various components into into plugins. And to update those plugins for better compatibility with FIPS mode so they may well be worth trying this again in a month from now, or whenever that work has landed to see if. That takes us across the finish line or if there's still more to go to get across that finish line. But it would be nice to get that added to our test matrix as well and I think that would be good to advertise or that would be something we could proudly advertise if we finally do cross that finish line. Yes, thank you. Well and and as a as along that same line. Se Linux is often used in context of along with FIPS mode, and it has has a set of problems as well. I've got a submission from to one of the to the get plugin that's related to specific behavior around Se Linux and the that that's a good story that more and more interesting things are happening in secured environments in sort of hardened environments like FIPS or Se Linux environments. Yeah, great. Thank you. Let's get back to our topics before we end for today. Okay, let's call today's session done then.