 Welcome everyone. This is September 19th, 2022. It's Jenkins governance meeting. Thanks for being here. Topics I see on the agenda for today include news, action items, upcoming elections, CDF topics, forums and community topics, any other items that need to be on the meeting agenda. Okay, then let's go ahead and get started with the, with the news topics so Jenkins 2.361.2 release is scheduled for October 5. Chris Stern has volunteered to be the release lead the release checklist is open. The backporting poll request, at least the first backporting poll request has been merged and a changelog draft poll request or changelog poll request has been submitted. Thanks to Basel thanks to Kevin Martin's bunch of progress. An additional item Hacktoberfest is coming. Welcome to prep timber. John Mark Mason has posted a blog post and preparations are happening in the UX SIG, the doc SIG, and in other places to be sure we're ready for Hacktoberfest. If you didn't see the recording of the UX SIG's last UX meeting, you should probably watch that that's the highlight. Jan Farachik and Tim Jacome are preparing a presentation that they'll give at DevOps world on some ideas they've got for a major change to the Jenkins UI. And Tim noted, Gavin, I think you'll be delighted with this one pipeline graph view is now rendering much more correctly, much closer to what blue ocean did than it ever did before. It went so far that I've removed blue ocean from my Jenkins installation successfully, and I'm happily using pipeline graph view instead of blue ocean to render pipelines. Is that something someone did or just sort of works now. No, somebody fixed it somebody not Tim proposed three or two or three or four bug fixing pull requests and it just works. It's much better. So nice, nice improvement. And last item of news DevOps world is next week. Any other news items that we should highlight. Well, there was CDF mini summit open source conference. There was one presentation about the Jenkins so they're mostly about pipeline libraries and all the ecosystem of Jenkins at scale. The recording should be already live. So and did I get that it was at the open source summit. Yes, so it was open source summit in Dublin. Okay, thank you. So the presentation was by fidelity. If I recall correctly. Great, thank you. All right, any other items under news. The next topic then was action items. I'm, I've made no progress on community Jenkins.io is the replacement for the doc sig. It's going to be a while yet because I've got to get ready for DevOps world and after that I'm taking some, some holiday time to go vacation. Next was request full access to the CDF zoom account. Gavin you indicate you we've got a group now. I just need to contact Michelle and ask her to add that group. Yeah, I literally just created it because I forgot to do it last week. Well thank you because I'd certainly made no progress on it so I will I will reach out to Michelle with that request and thanks for thanks for helping that. Any other action items that I may have missed in previous notes or things that we need to discuss as action items. I know that we just used easy CLA with Kevin Martin's as a as a proposed copy editor. Is there anything else on easy CLA that needs to be done or we we settled there and things are okay. We still need documentation. Okay. So easy CLA is working but it needs to be documented. Great. Okay, thanks. It's been enabled on that repo for a while so anyone who touches that repo to merge anything we still get them assigned anyways. I don't know if we've technically switched over to it we just get them to sign both. Yes. For the one day, eventually maybe. So for me it's mostly documentation part during the first pass. I cleaned up everything including mine and please that we're no longer no longer used etc. But the guidelines in the central repository still not what we would like to have for easy CLA. Excellent. Thanks Oleg. Thank you very much. Okay, if we carry that one forward then as an action item easy CLA needs to be documented. So keep it on my plate. Okay. Not that I'm exactly proud to follow deliver okay but yeah, I guess that was a thank you for being willing to do it thanks for enabling it, it, it was quite smooth for Kevin's experience so thanks very very much. Any other action items. Okay next topic then is upcoming elections. So, the, the notes from our last session where that we would ask Damian if you would be willing to run the elections as in for officer he said yes. He needs to have a discussion with Olivier van on to be sure that he understands the detailed process. We'll have a discussion further discussion of that on info in info meeting tomorrow, because timeline wise, I think we're in September now where we want to announce and gather candidates October finalize the candidates November voting and then effective in early September. I would say we're already late because if they're going to do the meeting tomorrow that's a 20th that leaves essentially 10 days in September for this. Right. Well and we may have to, we may have to have to extend would you be comfortable if we extended some of the dates into mid October so that we could only finalize candidates for two weeks rather than having a whole month to finalize candidates. I'm not overly concerned I was just pointing out that September is almost over. Right. Okay. Good. All right and Damian agreed we would go ahead and use the same processes last year so voter registration on community dot Jenkins that IO, and then actual voting through the condorsed internet voting system at Cornell. Okay, next, anything else on anything else on upcoming elections. No, but I'll make sure that he's on those groups. Thank you. Yes, thanks very much. Let me put that as a add Damian to the community dot Jenkins that IO groups. Great. Thank you. The next topic then was CDF topics. Here I had notes that Kevin Martin's blog post was posted last last week I think it was or two weeks ago announcing Jenkins 18th birthday and the new release of Jenkins 2.361.1. That requires Java 11. I think it's been a nice road. Thank you Basel. Thanks Oleg to both of you. We, it's taken quite some time to get there. Yeah, it's good. Next step is generally 17. Excellent. Absolutely. And actually Basel's work on Java 17 has been quite promising so so it looks like it'll be much less bumpy than Java 11, 8 to 11 was. 6,000 users in August on Java 17 so I'm hoping to get to 10,000 by the end of September. We'll see if that happens or not but people are definitely starting to adopt it given that I've been seeing by reports coming in so that's always a sign that people are using it. We have to tell a lot of people use 17 instead of 18 we get a lot of people on the forums and chat saying I'm using 18 it doesn't work we're like, yeah, it's because we didn't say it would. Yes, yeah, and that's that's a good one right to remind them really 11 and 17 are the ones we support and we know that there are issues in 18 and so stay with 17 good. The requirements page updated. It is. Yeah, the requirements page is definitely updated Kevin, Kevin Martin submitted a poll request Basel reviewed it and we merged it the day that we released that. Okay, so we officially 11 or 17. Exactly. Right. Okay, because I think we've been all telling people 11. If you want to try 17 it should work but we're not supporting it yet. But yeah it looks like seven 11 and 17 are official. That's correct. We intended for them to be official the testing was very positive no it's not been exhaustive, but as Basel noted 6000 users is a good 6000 controllers running it is a good, a good mix. Next topic then was JFrog. We've got JFrog working with the Jenkins infrastructure team to reduce data transfer. I guess I should also note and to prepare for a move. The of repo from one provider to another. Now that should be relatively transparent to us. But they're moving they the system that we're running right now repo Jenkins CI.org is relatively old and is somewhat of a one off for them. They'd like us to be on the similar kind of platform as they use for all the other open source projects that they sponsor. And so they're planning that move. They don't expect it to be a significant downtime, but they're working through the process to get that move prepared. Now, our efforts to reduce data transfer Damien's preparing a Jenkins enhancement proposal, and will lead the communication effort and the discussions on hey what things can we do in order to, in order to reduce how much data is being handed from this repository server. Any questions on the JFrog topic. Okay, next was yearly project previews of the CDF technical oversight committee meetings. Yeah, that's from my leg. So we started the regular review soft projects at the TC meetings. So we had two presentations recently. And the question is whether you want to have presentation for Jenkins, especially since there are topics being brought up recently for example about third party security review. And understanding that CDF wants it to happen eventually over a budget and other things you've provided. But yeah, I think that it would be nice for the project to present there. It's definitely not me who should be presented because I haven't been connected too much to Jenkins in the recent year, because of a lot of the stuff. So would it would it make sense to do a presentation to the TOC after contributor summit as sort of a summary of contributor summit is this mostly a forward looking thing a leg or is it a status reporting thing. So the goal is to present all the updates in the recent three months. Okay, the goal is mostly a show whether where the project is going, especially with regards to CDF statuses so Jenkins is great project so we are not going anywhere at the moment. So there's still a few beats like security reviews which we haven't completed one graduating kind of we should happen eventually. Okay, so security security reviews was a key. Now there was a, I had seen a question about your about something about their signing project. Is it sick store. The signing of artifacts was another topic that. So, and that's one that's coming to the contributor summit so those kinds of things security supply chain security, those types of topics that's what's interesting. So first of all, since every way because there is supply and change in seek and obviously, there are parties that are interested to push this topic, for example, chain guard. But in reality, yes, there is expectation for new deliverables that they would be signed. I don't know anything about that for managing distributions but when we talk about all the ecosystem around it like home charts, some images etc. Yes we have no signing there. Right, exactly so charts Docker images, etc. I guess I would even possibly plug in builds. Docker images are signed. Are they. So, and the, well the question is also the cat images for what. So once we should move to the new packaging flow. Yes, they have signing meta data. But it's not all the images we ship in the project. Yeah, I don't know. I'm not, I'm not really involved. I just thought I saw signing was happening for Docker. For Jenkins core images. Yes, for sure. For Jenkins agent images, if I recall correctly, also yes. Yeah. This definitely covers most of the use cases. I can also say for sure that Jenkins for the run of images on site. But whether it's a concern for the most of contributors in the project I guess not. Yeah, this is a question of whether there is anything else. And the health charts is a good example of that because we kind of have them but I literally have no idea what is the current release flow there. Right. And I think that's a that's a good topic for discussion there right is what are the current or maybe I should ask that is release flows and interesting topic there for the TOC or not so much. Or is it what what the ultimate release flow we would envision would be. Well, if you check openness itself best practices, then if Jenkins wants to press it for you then release process is one of the key milestones for us. Got it. So it's not just about signing a distribution so that I also thinks everyone likes called as bomb. Which is again probably not the difficult for Maven. Right. But more difficult for other packaging types like talking images again. It's also something that we might want to put on the list if you talk about having full security audit in the future. Okay. And while I'm not sure what's going on with government users of Jenkins right now but from what I know as bombs become a must in this area. Good. Okay. Anything else on so anything else on that in terms of when how frequently are the TOC meetings and what would it take for us to get on the agenda, etc like. I can add to the agenda I just need to know who would be presenting and when. So the next meeting is next week. Next week, I guess it's not a good option to take in the DevOps world, but two weeks after it's something that could be used. I think to if it's if, if I were presenting two weeks after probably won't work either because I'm, I've, I leave on vacation the 10th of October. So you may have to be. Go ahead. So you're saying the TOC meaning is very two weeks and how much don't we need to give. So, for Jenkins, there is no specific time when it needs to be done. So, even November is fine. It's just some something that makes sense. Let me, let me rephrase. How early before a given meeting do we have to let the committee know this is like one meeting ahead two meetings ahead one day ahead one hour. Two meetings ahead is definitely safe timeline. Okay, so basically it's the same as in Jenkins. We park in topics until the agenda is full. Well, it's really full. So nothing really specific to this meeting. Because when someone's available is less important about how do we get on there when someone is available. So yeah, the one in three weeks is definitely available. The one is in five weeks is also available. One thing that for five weeks that I will be cube corn. So there will be much less people but I will be around to host it if needed. Seven weeks. Well, it's probably six week beyond beyond my normal planning horizon these days. So, and that feels that feels like November works. November would certainly work for my personal schedule and, and I think it sounds like it works. It is good potential for the, for the TLC meetings as well. Great. Anything else on CDF of topics. Okay, next topic then was forum and community topics. The items I had where that the contributor summit will be September 27. Agendas available from this Google Doc. And we're thrilled that Tim Jacome, Jan Farachic, Willy Hoffner, Alex Brandus, several others so Damien de Porto, me, we'll be there for that summit. It looks to be a very good summit. We'll capture the notes and share them afterwards. GitHub project actions from Google Summer of Code was an open question two weeks ago and we don't have a conclusion on it. This one was specifically asking what would it take to register the Jenkins file runner GitHub action. Under under a GitHub action with some registration process and I apologize I've done no further work on this. Are there others who have anything to report there. Well it's basically me who recommended to bring it up to the community. I'm just asking who also should have responded. But what needs to be done for every organization we need to basically send an additional agreement which is super straightforward. I don't think there could be any kind of legal conscience in this particular case. He's just publishing content on Marketplace. And once this agreement is signed actions would appear on the Marketplace. I see. I feel like Damien should get involved with you because he's a GitHub admin. Makes sense. Okay. Generally needs somebody from the infractive to bless it. But from the community standpoint, it's just, do you agree to publish the data they do you agree that we can delete it if you behave or badly, etc, etc. You agree. Okay, go. Is it probably I assume it also needs a security review from from the security team or is that outside of the usual range of things that the security team would review. I don't think there's anything specific to security. I don't know what the word needs for both of those. I think it should do it and I think security should look at it but I don't think it has to get done I don't think they're blocking. All right, all right. So invite them and be sure they're involved but it's not a no you must we must have an answer before we could proceed proceed. Generally anything to do with we things that we publish in info related is probably good idea security be at least aware if not auditing. But I don't think they have to do it. Good. All right, thanks. For anything we publish might be interesting to know how we expect to handle reports of security issues that are coming in to make sure that third parties know what to expect and how we expect to handle that. If this is anything resembling an official Jenkins project deliverable right. Good point very good point Daniel thanks I had not even considered that one. Yeah, that makes sense. How what is the issue reporting process. How is it different from or the same as the existing process. I mean, it might be as simple as I need to add a new component in the security Jira project. But would also what would also be important as this has come up a bit in the past with basically everything that's not just a plug in who owns this who's responsible for the component. So that would also be interesting. That makes sense. Good. Thank you. Okay. Any other concerns or issues we need to need to be sure we address before proceeding on GitHub project actions from Google Summer of Code. Okay, next topic then was progressing towards a single chat, a single chat interface to multiple chat destinations. Gavin you want to share with us what your experience has been there. I didn't know this is going to be ongoing, but sorry, but I did infra, and I did releases. So the IRC, the getter, and the matrix rooms are all linked up into one spot now. I haven't heard any complaints, but I also don't know how many people are using them. So, yeah, the key thing here is that I think there might have been confusion earlier. I'm not linking all IRC channels to one spot all make getter channels to one spot. I'm only linking the verticals across one right making it a horizontal link. So all releases channels will be together together all info channels will be together. Eventually, the Jenkins IRC, the Jenkins getter and the Jenkins matrix will be together, but I'm not making them all one giant room. Got it. Alright, so thank you. Thanks for the clarity. Okay. So, and how would I get access to that matrix channel is there a URL I connect to is there. Yes. The key thing is you can you can use whatever you like so I know you like get her so you can use the getter URL and then I'll speak to the matrix and they're see the same. Although I have noticed is a tiny bit of leg. So like three or four seconds when a message goes through. Nice. Okay, I can. It really is providing bidirectionality into and out of IRC the releases channel. And if there's a getter releases channel it's, they see each other. Thanks to this matrix. Yeah. So matrix is the central and they have bridges to either side. Thanks. Okay. Oh man, this is cool. I just tried it. Thanks go in. Now I can have actual conversations with myself. Yeah. Definitely have done that a few times. I'm not sure that was the objective, but I like that. It's great. It's a. It's a win. Right. Let's call it a win for that. Excellent. Well, and thank you. And seriously, thank you very much, Gavin. You've been, you've been absolutely wonderful at working on communication channels and making things, making things just better in general. Any other forum and community topics that should be should be brought. I have there's nothing on cross mail list or chat that I saw that should get brought up. I would love to see some sort of screenshot or demo in the forums about the new cleaned up pipeline here, but yeah. Oh, oh, that's that's an easy one right. Well actually so so I have to admit, like, Darren Pope and I are going to do a live stream tomorrow. That will include the pipeline viewer as part of it. So so we can post that a link to that video into the into the channel if into one of the community pages if that's okay with you. Yeah, I just, you know, there's a community section for showing off. You can also use that channel or that category for anything I want to bring up in this meeting and some of those things that wouldn't hurt to have a hey look it's working. Yeah, show, show the pipeline graph viewer. And for me it was, it was really, it was a delightful thing that I was actually able to on and remove blue ocean from my Jenkins installation and still can render pipeline graphs and see them. It's not as thrilled with the log viewing experience but it's, it's workable. So, and the big reason I wanted to make sure that we mentioned that plugin, like when we're doing the blue ocean docs, was because it's, I'm contributable pollution is not right and while you can spend, you know, three months trying to figure out how to build blue ocean. It's not really sustainable if anyone knew. Good. So I think that's why I've gotten immunity members to submit bug fixes to the new plugin is some good evidence that it is more approachable, which is really a positive step. Agreed. Thank you. Yeah. Any other topics for for the community forums. Okay, so I got all all the rooms in the things. So in front releases are done. Some fun I'll do the others, but I just wanted to see how well they work before I touched them again, anything else regarding chat. Would it be a good idea. I think to update Jenkins IO slash chat. So the documentation there, especially if if we're doing linked channels I think that entire page needs an overhaul, because right now it's basically split by or I don't know. I just thought, you know, this might need some documentation basically there's the release chat and whatever technology you're using you can join it. Yeah, these methods. That sounds a good plan. I don't know. I don't have immediate goals to do that but if anyone wants to start working on I will gladly help out and polish and edit and stuff like that. Yeah, so I think we ought to beg Kevin, Kevin if you're it would you be willing to, to at least explore it. Yeah, I was actually, yeah, figuring it was going to be something to help out with anyway so of course. Great. All right. And then once we get this working like the once this is working reliably no one has any major complaints. I'll go back to the matrix and get her people and be like here's our list of all the rooms and we want to my good all them. But I figure these are somewhat easy low traffic ones that didn't involve the entire community to start with. Great. Any other topics for today. Okay, thanks everybody.