 the cloud. Welcome to Jenkins governance meeting. It's the 12th of January 2022. Oh, sorry, Daniel. Yes, I should have should have had you there. Thanks. All right. So topics on the agenda. I've got the today news end of your blog post draft. Just for information sake, administrative access. Don't know if we'll have that topic. Much more to do on it. Google summer of code. She called Africa contributon and highlights from the mailing list. Any other topics that you need to add? Okay, then let's go ahead. So first topic was the security releases today. Oh, yes. Thank you very much, Farrakh. That's great. After having been waiting that multiple times today, it's easier to think about the version. Much appreciated. Well, and maybe you could share with us briefly about it. Give us a one or two sentence update on how does the security release, etc. So it's done. It's released for both the weekly and the LTS. Thanks very much, even with some surprises that we created in the infrastructure. So yeah, we got multiple surprises. The first one was on Monday. There was a plugin that was released. Despite there was a security release. So we have to restage that plugin. And we were like, yeah, okay, it was a plugin up for adoption. So not a big deal. But that happened again on Tuesday, the morning and the afternoon we got that unexpected weekly that was triggered. So we restage multiple times, multiple things during the release. At the end, that's a good experience. We have discovered some things where the corner case in the process with my new role, I expect to be able to push more automation, more simpler process, different rules for different things to simplify a bit the work. Because honestly, as a newbie coming there, I don't want to have that job. It's so complicated. It's so complex in general. It's something that has to be simplified. Otherwise, I will be officer for life because I accepted by chance, I will say or not. But yeah, that's a bit the issue there. We have to simplify a bit the thing for us, but also for the different people being involved with what being voluntarily involved, I will say because they are just maintaining a plugin that need to be also simplified for them. And we got a great support from the infra team for the different configuration stabilization in general. So that was great. In terms of content, that's interesting to have seen one core change that's not really impacting a lot of people. It's mainly for people without the security room being configured in the sense, if you run it only for your local network, we don't expect anyone with a team or a company using that no security room approach. So not a big impact. But if you're in that situation, it's pretty big impact, I will say. Otherwise, multiple plugins, I think we got I don't remember exactly more than 10 plugins in total. It's just a lot of plugins with at least three high vulnerability that were corrected and also around 10 plugins that were not corrected. So mainly un-maintained plugins. We have de-published some of the plugins as well. So trying to clear a bit the list of plugins. And that's all for the news, I will say. Thanks for the tweet, Marc, especially about the detail that you extracted from the information there. That's something we should be able to provide next time if you want. So that could be more useful than you having to do that manually. Well, thank you for doing it. Thanks very much to you and to Daniel, both. Thank you. Thank you to the security team. I appreciate Gavin's note here. We did have infra issues, and it's correct. We had to do some fixes or some workarounds for things that ultimately we want to solve. And so thanks very much to the infra team also. Yeah, I specifically wanted to throw that out there because, you know, the Jenkins.io had issues. Actually, I think Jenkins.io is running somewhere else, but plugin site is having issues. Some of the Docker images weren't able to release, you know, there's all kinds of things that were affecting all kinds of things, and it's good to just document that it happened. And we're seeming to be back on track now. Right. Well, and there is more to be learned from it. And I think there are still more fixes yet to be done. Go ahead, Adak. Yeah, sorry. Thank you, Marc, for having mentioned that. But yeah, a huge thank you for Daniel. Actually, we spent 80% of the day together. So I completely forgot that we did that. I was thinking about the infra team in particular, but yeah, Daniel was the necessary mentor during these trips. So thank you, Daniel. Thanks very much. All right. So next topic are any other news items? Oh, yes, I take it back. We had one that we sort of got past preview sites are now available on www.jankins.io poll requests. That means you in order to review how a poll request looks, you no longer have to actually run the site yourself locally. Thanks very, very much to Gavin for his his effort on that. It makes things much, much better when you can see how the site will look just by clicking the view deployment button that becomes available on every jankins.io poll request, especially for new docs or like bolding or stylistic changes that are just, yeah. Yeah, it is it's a it's a thing of beauty. I am I am so pleased with it. And yeah, thanks very, very much. So examples like, okay, guess what, here's a poll request. And take this poll request. And now I can see a, okay, this is a terrible, horrible thing to see all these changes. And how do I know how they look? Well, view deployment takes me to this site. And I say, yes, there we are. And now I've got the full site ready to go and ready to look around to see how does it look? What are the parts and the pieces of it? All of that, Gavin, thank you very, very much. This made life much, much better for authors on jankins.io. Any other topics in the news section? Okay, next topic then was end of your blog post. Oleg reminded us that we need an end of your blog post. Keep going, Mark. Yeah, sorry. So that end of your blog post has been a working copy started. And suggestions have been received on the mailing list. Thanks very much for those suggestions. If you have others, please include them. I'm sorry that I'm a little slow getting it generated. In previous years, we had it done pretty consistently by the 10th day of the new year. This this year, it may be ended this week before I'm done with it. I'll look for reviews and comments. It will be at least another day before I submit a poll request with it. And thanks very much for everyone's help. The exercise of reviewing 2021 reminded me just how many things happened in 2021 for the Jenkins project and how many impressive outcomes we've had as a result of work done by various people in the community. Thanks. So next topic is just to carry over from last time. I still have an action item to get the the license agreement, the contributor license agreement worked out with Linux Foundation for one piece of that. Google Summer of Code is coming. Alyssa Tong and John Mark Mason are leading the effort being tutored and guided by OLEG. And they've got 10 plus project ideas collected already. We're looking for more project ideas, more mentors and looking forward to launching that as as the year goes forward. Any questions or concerns there? Please bring them to the advocacy and outreach SIG where those are that's discussed in more detail. Next topic was Sheikot Africa Contributon. And this was an event we did last year. We mentored five women from Africa as on their first contributions to open source. They're changing the program slightly this year, moving it out one month and broadening the time that it takes. So we also we started the planning in Docs office hours and we'll do more discussions in a wider location on community.jankens.io in upcoming time so that we can get project ideas. We can get assure that we've got good sponsorship. We'll be looking for some funding to to do it not from the Jenkins project but from commercial companies. So we think cloudbies will fund and there may be others who want to fund as well. Do we know what the typical hours are? Because whenever we ask for volunteers that's my biggest thing is being so far west coast. It's hard for me to know how much I can contribute. So right and and this one this one is a very good one to understand that because the the most typical times that work for these contributors tend to not work well for US West coast. Yeah and and that's that's a good practical thing for us to be sure that we note to people. It works well for Europe because Africa is largely aligned with many of the European time zones. It does not work as it doesn't really work at all for mentors from Australia for instance. We really need mentors sort of biased towards Europe and US East Coast. So yeah just for future knowledge of posting for asking for volunteers we should be aware of that. Yeah exactly that's and that's a good one for us to remind people of we don't want to put someone into a condition where they're volunteering to mentor and then realize and they have to do it in the middle of their night or the wee hours of their morning. Good point because some of us sleep I mean not you and me but some people here sleep. Yes right any questions there okay next topic then highlights from the mailing lists. Oh this reminds me sorry I'm butting in the Ruby and Python because we did that over the end of the year. Oh yes right right exactly January 22. Thank you very much we should note that 2022 January 22 2022 is the removal of JRuby and Jython based plugins from update center right that's what we've announced announced a month announced at end of December 2021 and in first implementation happened to mark them as deprecated I think in early January. I think it was literally the last day of the year but it was okay great yeah so in late December thank you yeah and and I've not seen any concern or angst about that one so I'm glad to see it's seem to be progressing well and the next step I believe is a pull request to the update center for not merged until January 22. To actually like stop distributing them I think so yeah so it's to remove them or and and I apologize I'm not using the right word the right verb to describe what happens there the deprecation has already happened but I it's a notice I got confused by this too we're not suspending distribution we're noticing that we they will be deprecated well that's what we have done so there are the deprecations that's where it currently is and the separate file called artifact ignores but I generally call that just suspending distribution and so we will just move their entries from deprecations into suspensions and then they're gone okay so more succinctly we've put a warning in sorry we put a warning in but we haven't actually stopped distribution yet right right so one thing did we did we deprecate all of the downstream plugins as well or just the two run times as far as I know we deprecated all downstream plugins but I'll it's an easy thing to check let me do a quick check here live while we're in the session because the gitlab hooks plugin is one example let's see if it shows deprecated it does great okay so it's not even so we minimize the risk of admins thinking they're unaffected because they use gitlab hook and have never heard of ruby runtime right right so this thing in addition to having two security vulnerabilities is also now officially deprecated I'm so happy this is on the plugin site now yeah thanks very much that's not mine but that was that was not one of my changes but I'm very happy that it's in there right so the other is if we look just let's take one other sample just to be sure yes capy tomcat whatever it is is deprecated good all right so so we do still have the change that will need to be need to happen as announced january 22 and daniel you said that's just a change from one file to another to say instead of just warning it's we're going to stop distribution completely right so we cut and paste some text and that's it excellent thank you all right anything else on the removal of j ruby and jifon based plugins okay next topic then is is highlights from the mailing list and community forums so oh yes that's a good one I threw that in there I didn't know if that's in highlights or not but yeah I think it should be absolutely so we've got the java eight end of life that's being discussed actively I intend to write the jankins enhancement proposal to outline a plan to do that deprecation to do that end of life the time frames that are being discussed now are either the june 2020 2021 2022 or september 2022 lts and the question is which of those is the best fit for jankins users and for jankins developers for your info oracle has declared that their premier support for java eight ends in march of 2022 but extended support goes until 2030 and red hat says they'll support java eight until may of 2026 so it's not that we're really in any risk of having java itself not be supported by the vendors but there is clearly a horizon where oracle is saying hey this is changing modes for us in march of 2022 any comments concerns or questions there on java eight end of life so one thing I don't know whether I send it to the dev list as well but it would be useful for us to decide whether we want to adapt our usual process in some manner here or whether we just treat it as any other enhancement we merge it at some point and it ends up in in lts within the next quarter or so to better understand you know what the what the impact is for example as as an example right we might decide and I am absolutely not advocating for this just to be clear we might decide let's keep supporting the last java eight compatible lts line for longer than the usual three months so that users on java eight get more time to upgrade their java version which I don't think we should do but it would be an additional argument to say yeah if you're on java eight you just keep using that line and work on the migration some other time and we can just integrate it into whatever weekly release we want because it's not as jarring as an experience to upgrade as an example so if we decide not to do that perhaps a bit more runway after the announcement is useful good I'm also not in favor of the extended line for me anyone who isn't going to upgrade java is not likely to upgrade Jenkins and I don't think we need to put the effort into supporting that small punny use case of people that update regularly but won't update their dependencies okay end up stats right sorry we got the cleaned up jvm version numbers yeah I think someone fixed that yeah yeah and it was it was a significant portion that have well it was a relevant portion I don't remember if we we've yet achieved majority greater than 50 running java 11 but it was much more than the five percent that we saw a year ago yeah it's uh we're seem to be up to around 30 percent or so but it's also they don't have to upgrade so they probably won't upgrade right right well and and given the operating system packages they don't mandate a java version so so for any for example the deb package and the rpm they just use whatever java I have configured good all right anything else on java eight end of life okay next topic then uh oh and I should Daniel UI modernization is continuing and you can see it already in Jenkins 2.330 includes many changes more to come see the pull requests for the changes that are happening Daniel I saw for instance that you had given some good feedback to to Jan on us some specific topics and it to me it looks very encouraging that we're making progress there we also have a regression fix ready for the narrow configuration forms oh god that that one's a bit fun because um change log feedback indicates that the narrower configuration forms are so bad that people had to downgrade again which I cannot quite believe but um that's what the weather report in the change log says so we have a regression fix for that ready and it will go into the next weekly so that would be 233 one excellent thanks very very much yeah that that is a that it's a fun indicator that wow a narrower a narrower entry form cause people to mark it as I absolutely downgraded weekly wow okay thank you uh it would be nice to see I mean this is something Daniel who goes or mark who goes to every meeting ever uh it might be nice to see some of this kind of uh announcements in the forum a bit more not something we need like a formal blog post for but a bit more screenshots to see what's coming you know always I know we're not getting a lot of feedback um PRs from external people but the more we do it the more people will see them the more they'll you know get feedback because I didn't know this was happening I've been a little bit out of it and haven't been following so a good point and this is a this is a really good time to do it because the baseline has not been selected for the next LTS yet and so this is a really great time for us to encourage people to come try this give us their feedback if they detect a problem so that we can assure that the next next LTS has a good baseline for the user experience yeah so and your community and were you thinking other locations Gavin no I mean I mean yeah no I think honestly a post or two on the community site with this one screenshot saying you know these are some things that are have been implemented because some people don't do weeklies and some things that are coming we would like feedback maybe some links to some PRs just so that people if they're curious can see it and then you know if anyone outside of the meetings is interested they can share it on social media if they want but I don't think we should spend a lot of effort doing it I just want to give people the opportunity who don't follow every PR good yeah I like that good suggestion thanks good excuse for a sort of a quick screencast from from a desktop with a little bit of narration to say hey look at this compare this old to this new I mean I would even go that far I would post a couple screens to be good but I mean you do you you know great all right anything else on UI modernization good okay next topic then is migrations to github and so infra issue tracking is moving to github moved has moved right past tense correct finished the marriage yesterday um people are some of the info team members have gone a lot of emails I assume you have as well mark but yes I yeah a lot of emails I got all got migrated over I think people are generally pretty happy in both cases that you can have the new forms the new github issue form so we can be a lot more pushy on what fields get filled out and how yeah so um working well now we still have to we we don't do security issues through github right and so that's a that still continues the pattern we've had in the past that security issues go through JIRA because we can keep them private but general intro issues hey this or that issue github issue forms are actually easier and more accessible for many of our users and then it doesn't have the weird catch 22 that I have a problem with Jenkins project infrastructure yes use this piece of Jenkins project infrastructure to report the problem yeah I can't activate my account uh cool good luck right yeah yeah a good good point on the catch 22 right no no no mandate that you must have a jenkins.io account in order to tell us about a problem with Jenkins.io yeah very good yeah log in to report that the LDAP has problems good luck yes yes and and please tell us how that worked for you yeah so one thing about the forms would that make a useful addition to the github repository for the org-wide pull request templates and such are pull requests also controlled by this or is it just issues? I believe they are and but I'm not sure that I think that Tim and Erwe are both considering that and thinking how it might apply I'm not sure that they're ready to put it as far as pull requests to Jenkins plugins for instance so yeah it's a good question if it's if it's being considered yeah that's great and I believe it's still someone evolving I think the new issues UI is only just now released so well yeah the the if I understand correctly the forms thing is a relatively new thing yeah relatively new as in like 12 months or less oh maybe weeks oh okay good all right um yeah so I think it's still evolving and but I think there the two of them are leading the charge and seem to be doing pretty slick work so yeah thanks very much to Tim, Jacombe and to Erwe with due apologies that I never I my keyboard does not have an easy way to do the correct accented character for Erwe's name sorry about that and then I also threw in Tim has migrated Tim has also migrated the hosting repo to GitHub the good thing about that is it's now fully uh user it's called re-triggerable so in the past whenever there's issues with hosting requests and we had to wait we someone had to trigger the bot and then you know you make a change you trigger the bot again and all that is now done to GitHub actions and and you know with the forms and the drop downs and they make sure that people have JIRA accounts and Artifactory accounts before we even attempt to start the hosting process so you know there are a couple minor changes there but it's a lot easier to integrate and deploy and a lot less copy and pasting everywhere so we haven't had any new uh hosting requests we've had a couple um what is it what is it called uh they're moving something out of core um splitting off like so just some libraries that got split off they're not really new plugins so nothing job on mail and such yeah right so nothing really new testing out the new flows so we'll have to see how that goes with like regular new people but it seems to work better mostly for the common integration um and I do have like six uh hosting requests that are way behind on that I got to finish reviewing and get out the door and then we can move everything into GitHub but you can't create new requests we can only finish the older ones and since you mentioned it like the problem that we have with security issues is there are no per issue permissions on uh GitHub so um we cannot use a regular issue GitHub issue tracker as a replacement even if we were to make it the private repository we basically would need one private repository for a combination of reporter and maintainers which seems kind of silly right okay uh so and but for me that that actually reminds why I'm so in love with okay I'm going to show another thing from Gavin's work on the on the site this report an issue page that's available gives me a way to report a bug and it will go to GitHub if the plugin is using GitHub or it will go to JIRA to report a security issue and and that page is for me has been just a great benefit of okay this if you want to report a security issue click this button and it will take you to the right place to do it yeah very good point also not one of my changes but also a really good change oh it's not one of yours oh sorry I thought I added I made the link say JIRA but that's about all I did that's cool well so thrilled with the result that's all that I had for today are there other topics we need to discuss before we conclude the meeting uh okay well I mean all I all I did reply to the thing he's still working on getting ECCLA which recovered uh CDF has not yet been accepted into the inclusive naming initiatives um and he's working on that oh okay all right so that's that's an item for up above let me put a note on that okay so inclusive naming I'd miss that one so inclusive naming yeah the sentence is CDF has not yet been accepted to the inclusive naming naming initiative interesting okay and he's having chats about that okay great and then we did have discussion on the mailing list about twitter um and it's more of an advocacy topic so I think I'm going to leave it for that but there is talks about having twitter as coding so that it's a little bit more what is it what would be more auditable and without going into any of the real details from the post right better governance better audit etc absolutely yep okay good thank you and on the inclusive naming topic chicode africa is very much interested in assisting us with inclusive naming changes they they would love to be involved they and we'll include that plan to include that as a proposed project anything else for today no not bad for a month of not having any meetings yeah all right thanks everybody recording will be available probably in about 24 hours thanks very very much thank you very much