 Welcome it's Jenkins documentation office hours it is the first of April 2022 Asia time. Those of us who are in North America it's not quite yet the first of April but that's okay we're going to call it the first of April, and go from there topics I've got on the agenda news. We have 332.2 change login upgrade guide, she code Africa contributon and open PRs those are the only ones I had. Dear Roger there any topics you want to add Meg or the any topics you want to add nothing for me thank you. No nothing from my side. Okay. All right well so. Hey Kristen. Hey everyone has a going. So Kristen just checked are there any topics you want to add to the agenda. Okay, great. All right so. Then let's let's talk first about the news. So a zero day remote code execution vulnerability was disclosed in the spring security framework, one or two days ago. And naturally there's going to be interest interest because the Jenkins project uses the spring framework, our security team and our infrastructure team have both. Our security team and our infrastructure team have both done the analysis and found that Jenkins is not vulnerable. So, grateful for that. Excellent news. Oh that is so good. Because otherwise it was going to be a very busy frantic period. So it was, it was busy enough for the security and the info team without make it busy for the rest of us. So, very good. It's been tweeted it's been posted on LinkedIn. It's on the blog. And so, and it's been posted the community Jenkins.io. So we've got multiple locations for it. If people have questions or concerns. This start discussion link here at the bottom will open them into this page, and let them have a conversation about it. So the, it's, it's very nice this integration between community Jenkins.io on the blog. Okay, any questions on that. Okay, next topic then the 2.332.2 change log the. This is, let's start with the why. Next Wednesday is the release of 2.332.2. So, and that will include several interesting or set interesting. It will include some back ports. So, so we've got them they have been back ported and we can find them here they're visible pretty quickly. Nothing that's terribly frightening, but need entries in the change log no upgrade guide it'll be a simple short upgrade guide I started the work on it today, but did not finish it. I started a work with Kevin Martins. So he and I were paired together. And gave him an introduction to what it's like writing a change log. He's based in Boston area so he won't join us in these meetings but just so you're aware he's going to be right doing more writing for Jenkins fabulous. That one I will at will ask for reviews, probably tomorrow so cool within the next 24 hours. Not Kevin and I had to do a number of, oh, whoops, that's missing that's missing exercises that detected problems in the weekly change log that we've got to fix so reviews are coming. Any other questions. Is there a good time that we want to make sure that that we want to get our review in. Oh yeah, yeah so I will, I will merge the change log. Mark will merge the change log by Monday. Awesome good good just didn't want to want to make sure that we had, we got it in before to actually be helpful. Right. Yeah, so, so I will, given that most of it is copying from existing change logs. It should be a relatively clean exercise but as I noted there are some things that we detected were missing in weekly and need to be mentioned or need some further thought. So if you can review before month before, let's say before end of your working day Monday. Whatever your working day means Monday so for dirage that means, sometimes Sunday my my world right and for the rest of us whenever you're you're working on Monday if you can give your comments. I'll plan to merge it end of my working day Monday. We are content on this story we are continuing to get people who don't read change logs and upgrade guides and there's no, no match for that no magic for that just had another one in community dot Jenkins that I was saying hey my systems broken I upgraded I'm using these old plugins and the upgrade guide says you must upgrade your plugins. Okay. What else on change log and upgrade guide. Okay, next topic then she code Africa contribute on starting soon. It was announced in social media recently, but I haven't seen an announcement to us. So the Jenkins project has been selected. I learned that today from Elizabeth in the European office hours. Are there other projects that they're doing to or we is Jenkins the only one. No there are several others more than more apparently than last year. Oh good. So the way she described it it was. I think four or five projects whereas last year I think we only had three. Okay, cool. So, so now the, I, they haven't I don't think they've announced the, the selected participants. Right so they haven't announced those yet and they haven't that have not yet announced the start of the bonding period the get to know each other period where they introduced them to get and we do some presentations about various projects. Are we going to use get ups for this for the work, or are we going to. Was that the thing. Good question I don't think so in this case because so the in in this case, the project ideas were fit within were within typical Jenkins framework. Typical Jenkins therefore plugins core core core etc. So they won't be anything strongly coupled to a get ops deployment methodology. Okay, I was saying the problem was that last year, because everybody has windows systems, often old windows. Oh, I see. Okay, you weren't asking. Okay, I'm sorry I misunderstood your question. Okay, so, can the participants, I think what you're really asking is can the participants use a hosted ID, a host of development environment. Okay, yeah. And, and that is, oh dear what's what's the name of that get pod get pod that's it. Yeah, sleep deprived. Yes. And we think so. John Mark mess and has done it and shown that it's usable for plug in development. He's he's shown and regularly uses for Jenkins.io development. So for documentation development. Okay. I, and let's see and Darren Pope showed that it can be used for Jenkins core development. Oh wow. So, so, and docs development. And Darren showed using it for core Jenkins core so it's it's there are there are some limitations I'm sure one of the limitations is how many hours you can use it in a month. And but given that this is an open source use these contributors can ask to be made open source contributors and then they get more time. Cool. Yeah, good question. Thanks for asking and and that will be one of the things we will introduce for them is hey here's how you get pod. Good. Okay, anything else on she code Africa. Yes, just a doubt. See written here that have not announced the selected participants. So is the selection process of the candidates is within the organizers or the Jenkins. Oh, it's it's they're selected by she code Africa. Good question. So your question is who selects the participants right. Yes. And the answer is she code Africa does. Okay. And the reason they do that rather than having somebody else do it is that assures them a time a local time zone evaluation. And they can be much more aware of these women's particular needs. Otherwise, hey, do they have reasonable internet access do they have access to the right computer, those kinds of things. Okay. Great. All right, I guess G suckers off the agenda because you have the separate meetings going. Well, we can certainly talk about G sock if you'd like that's that's a good one to, if there are topics we'd like to discuss I'm happy to discuss them. The G sock office hours starts in in 45 minutes. Right. And then I was wondering do we have any issues the big brew ha ha about the countries that we can't accept participants from this year. That's a good question. Okay, so let's talk to that one and let's. So G sock rules for bid participants. So those who might be receiving who would receive a reimbursement. Right. I think it's all participants period. Well, hang on just a minute. I'm not sure. I don't know. Let's get there. Yeah, so they definitely forbid participants from embargoed countries. Yes. And that includes Russia. Belarus Belarus is am I pronouncing it wrong. I don't know. Yeah, so Bella, and then North Korea. North Korea. Am I absurd when associated with the current mess but yeah, so not not limited from Ukraine, but from a place that is. What's that. It could be I'm not sure that's that's where there are some there are some rules that they've they've noted. And when I say participants here what I really mean is anyone who would receive a reimbursement, and that includes mentors. Right. So this would lock mentors out if they are residing in one of the embargoed countries. So lock mentors out even if they're not getting reimbursed. I think I'm not sure I yes yes I think well it's it's that if they if anyone who would potentially let's put it that way. Now maybe you know let's just put it this way. Let's let's take this out because I think you're right make just period, anyone so it could be mentors. Participants, etc. If you're, if you live in an embargoed country, you are not allowed. Right. And actually it's important that you say living in as opposed to from right right and that's the thing is is residing in the embargoed country is the thing. Not not citizen of right. Participate or they're not they are allowed to participate but not allowed to get the reimbursement. No it's as far as I can tell they well and that'd be one where I'd have to refer the list but I thought it was that they're not allowed to not allowed to to participate in any way. They said hey we have to ban them. At least from the Jenkins project perspective, I don't think that we have any interest right now, or from a potential student who we would have to say, unfortunately, they can't. We can't, or you can't participate so I haven't seen, at least like me personally seeing any of the stuff I haven't seen anybody do that so it's. That's good. It's good to say good good from the I would hate it's always very upsetting to have to tell somebody. Right. So, luckily, we haven't had to do that. Right so now in in years past, I think we have had at least one or two applicants that might have been affected. But right now, the vast majority of our applicants are from from India, and the Indian subcontinent. And a few I think we have from from North America. So as far as I can tell, Kristen's right, we don't have I'm not aware of any that are affected by the, the, the embargo. Kind of a shame that Jenkins isn't impactful in those countries but right now it's convenient. Yeah, it's exactly it's like I'm just. Yeah, I would. I mean it's like the awkwardness of having to say so. Right. We really like your proposal. On the mentors list has been more people who want to be mentors that are upset about it. And understandably so right because, because they, many of us know great contributors who are from one of the embargo locations who've been serious, seriously valuable contributors to Jenkins over many years. Right. Yep. All right. Anything else on Google summer of code. Yep. Okay, next topic we had was open PRs. Although, go ahead and make. Oh, go ahead. I'm open to say, hey, we'll, we'll call this one pause, not look at it because I'm not sure that makes it makes level of brainpower and my level of brainpower ready to do much on it. I take it there's no been no movement on that great big security one right there has not. No, that one worries me that that's going to get harder and harder because we keep adding stuff. Yeah. Can we get a good, or is there any way to break it down or like is there some way that we can reason why it's so big is because you know, I did everything I could to pull like any new, you know, new work that was controversy. But that's a problem when you start moving documentation around it. Yeah, try yourself and not with little ones but I know I'm just like, and we need to maybe just say like this is this meeting this is what we're doing. I don't know, like maybe maybe next meeting. And part of it is because it's so it's security. I mean Daniel and vatic have been over it a couple of times but we need their blessing and they keep getting called off on to higher priority things. Right so Maggie it was. Restructure security section yes. So, and let's just double check I don't think we've got yeah it's right now got a conflict. Textual conflicts we can we can handle but it hints that there is the danger that was concerning for Maggie is real now right if we've got conflicts that says, obviously something is going on there. Well that's about the third time it's happened the others I had gone in and fix them. You know we're getting big changes like, and I did upgrade this then for the fact like if you can no longer choose to not use the agent controller filter that it got restructured for that but that even some of these were getting into changes that are non trivial. Right. Okay. So, so Kristen back to your ideas should we the challenge for me with us taking this one on is really there is a there is a level that the security team needs to agree to, to the the change because it's security related content. Yeah. Is there, do they have a meeting. They do not they, they are just fully loaded on delivering security capabilities. They had like a like this one. Yes. Yes. I didn't know if they had like a sink or anything and then we could just be like, we get on their list to be like hey. I may, I may have some leverage it's a fair it's a fair question let me see if I can, I can broke barter something with with a little bit of, and it will be truly bartering. So it's got to be a trade of this for that. But if there's anything that we can do to help them. Right. And so let me, let me take that as a possible. Actually think getting this one published just going to help them act. Right, because it's this is restructured the section and it's like it feels like this is the, like Maggie were saying like this is this kind of has to go in so we can start editing the other pages right. So it's like the longer that this sits and we're not able to edit the other pages like just the harder it's going to be to be able to actually make them. And it adds new I mean it adds a bunch of stuff that I got right out of Daniel's mouth a few years ago that never made it here so it's not you know it's not perfect but I think and part of the purpose here too was to get it structured so it was easier to make changes so Exactly so that that way it's like so since they're doing all this work or if there's any other updates maybe we could help them. Yeah it's like it's in the smaller pieces so yeah it's it's so hard but if what will we need just like a thumbs up or is this something where we need them to go through and review everything again or. Well so what we've got is yeah we definitely need Daniel's approval, but Daniel correctly doesn't give approval until he's reviewed it. He understands the danger of him approving something and not having reviewed it. I know I didn't know if he had already read through it and like had made some little changes and then we had gone through I had to look at the histories I didn't know if it was just kind of like a oh please make these few changes but everything else looks okay or. I haven't even had a chance to like read past the first document. So he definitely had reviewed it. Yeah, so as so his his reviews but these were. Well, he had he definitely has been involved in reviews. Okay yeah. I didn't know if it was what level of like David thumbs up is a bad idea like thumbs up is more of the like okay cool I see you've addressed the questions that I've had. Like that type of situation versus a I have to go through it. Some of them are reorganizing the reorg like right up against was it right this this one is a is actually a. It's it's a mixing between the content and a structural change right right. It's why you see so much badly organized documentation it is so hard to handle a reorg. Yes, yeah. Okay, so that that one continues so let's let's put on me an action item to talk with the security team see if we can. Let's call it what it is the security content restructure. And I'll go in this weekend and check the merge problems and see a lot of times those resolve quickly. Right. Okay. So we have other topics that we should be sure we bring to today's session. So just curious about how the VT change log process is going, because I was not able to review it for the past few weeks. So as thanks for asking as far as I can tell the review process seems to be okay. Kevin, Kevin Martins has agreed to to be a weekly review as well. And do you Raj if you're available occasionally that's great we'd love to have it. And I reviewed last week and published the content of the change logs was relatively simple. So, Kevin and I looked at it today and it's about its range from 10 to 20 changes per weekly. That need to be reviewed so it's not been too bad. Okay, sure. Because I looked at one of the VT change logs like two weeks ago and it had comments from team and another person whose name I find it hard to pronounce. So I was wondering like maybe there was a problem or not. Actually, quite the opposite at least as far as I've seen. I'm sorry for the reservation now the week that I was out of the office I just didn't pay attention so I didn't worry about then, but was that the process is working quite well. Now I guess there was one problem, but it's, it's a tooling problem not a, not a, what do you call it, not really a review problem. It's a tooling problem that pull requests labeled removed, we're not in the change log. And that was the script didn't put them in. And I've, I've attempted a pull request or attempted a change to fix the tool. And I, I pushed the missing entries into the old change locks. And that was a little bit awkward because as it turns out when you remove something it's very important that we tell people. So I felt a little sheepish about that one here we had something that had been removed and had an entry that said and it needs to enter in the upgrade guide. And it was neither in the weekly nor in the upgrade guide for the LTS. So it was, it was, I dropped the ball twice it wasn't just dropping the ball once it was dropped the ball twice. So, did that answer your question. Yes. Thanks. Oh, and I guess there's another class of problem here which has been that that the automatic change log only considers Jenkins core, the Jenkins core repository. And that's been just fine until until we implemented system D. So in the installer, because that those changes come from a different repository. This is going to be an interesting problem. Well, and we solved it just by inserting the text manually. But, but it was, it was a, it's a reminder that because Jenkins core is the only thing that contributes we have to find great placeholders or do those kind of things to get, get entries in the change log for things that aren't naturally included by the tool. Still much better than the old days when we had to do the entire work all ourselves. I was just thinking like how trying to remember to pull those things in. Yeah, and the way I've done it is I put I'll typically put marker text into an existing pull request and say, don't forget this or the middle comment into the weekly change like saying be sure you do this. Insert here. Okay. Now that assumes that we're that somebody makes that comment and says hey don't forget this. All right. Any other topics we need to discuss today. Not for me. Go take a little break before your next meeting. All right, let's call it done then record I'm a I'm badly behind on posting recordings so it may be a 48 hours or more before I get the recording posted but I will post the recording eventually. Thanks everybody. Okay, oh by the way, I'm Mark and Kristen do you know that a leg has covered. No.