 Welcome. This is Jenkins governance meeting. It's April the 20th, 2022. Great to have you here. Agenda topics for today include items in the news. Pending action items question on the Ukraine invasion by Russia Linux Foundation survey request. Oh, and then Gavin the the items from the forums and topics that I didn't put in there. I assume you'd like that one. I'm going to speak. Okay. Any other items that need to be on the list. Actually, the, I think you replied to a thread somewhere about a Java exploit. Did you want to put that on this at all. Maybe this one. Maybe we'll find out when we get there. Yeah, okay, so that's good. Let's, let's be sure be sure that we let's be sure it's there because there are, I definitely did reply. And I think it's worth a brief conversation if nothing else. Right, so news Jenkins 2.332.3 LTS is in is preparation in progress. Thanks to Alexander Brandis as a release lead. This is Alex's first time you may know him as not my fault from GitHub. I'm very grateful for what he's doing in UI improvements and is taking on the release lead role for this release has been very nice. It's great that we rotate it will keep rotating it. Thanks to Tim Jacome for starting the rotation and recent security items so Oracle released a critical patch update to deliver a new version of Java 11 Java eight Java 17 and possibly Java 18. For for the ones that are relevant to us 811 and 17 Eclipse Temeron is busily building those. So because we're based on Temeron will wait for them to finish their build and verification process before we update our images and our components. The, the, the CVE is described in the various places or the multiple CVE's are described there, and we'll, we'll update to it as soon as they're available. And we, we have a release that that uses them in any questions on the on the Java topic or on Jenkins LTS prep that's coming. Okay, so then next topic on security was the get project released a security update on Windows for get 2.35. Dot dot one was the thing that had the issue. They released it in dot two and then did a further refinement in dot three. And updated on a number of operating system vendor platforms in older versions so older versions that match that particular operating system vendor. We've updated on our images and are going to go ahead and push those out as as the natural flow of pushing them. And those are actually I think significant risks to Jenkins users, but it's much easier if we use current versions so that they don't have to ask themselves, are we vulnerable. Same story with get LFS 314. It has an issue on or it fixes an issue on Windows. I could deduce we're, we're not really vulnerable based on their description, but we're updating just to be sure. Open action items I've got to open actions I have not done them yet it will be at least another week before I get on them. Next topic then was the Ukraine invasion by Russia, and how it relates to the Jenkins project and I have not yet done the status check on those to two items they are these pull requests so PR 5027. I think we could just as well look at them together here and see what the voting says. Okay, so we've got one comment here a plus one for the Cossack image. And this one has. Okay. One that says plus one for the butler over the Cossack another one for the butler over the Cossack. I think in this case it would say, and another so it would say we probably should just choose the butler. Any objections to us choosing the butler based on the relatively small voting population. Now I think it's like it matters that you know something is done more than what exactly which which image exactly we go for so yeah. Okay. So then, then let's go ahead with Gavin is that okay with you if we go ahead and based on the preferences expressed will go with the butler. Yeah. Yeah. I think you and I need to keep an eye on forums because I know when we deprecated master build agents. There are a number of people who were let's call it trolling the form so we just make you an eye on that a little bit closer for the next week or so. Great. Thanks, yes. And let me make a note of that mark and Gavin. Watch the forums. In case of trolls. Or other disruptors. Good. Okay. So we're going to place. Sorry, let's put this in the correct notes for today. Oh yeah. All right, got it. Thanks. Okay, so we'll consider that one closed based on our having the three of us here. We've got a majority of the board available. Next question was Linux Foundation has asked to survey active maintainers of CDF projects. The request was sent to several of us. They'd like to send the survey the 22nd and close at May 13. My initial question was could we use community Jenkins that IO but the problem with that is, it's their survey that they're initiating the alternative was we send the email to our maintainers to active maintainers. And they then choose to, they choose to click the link or not without us disclosing their email address. Sorry, Gavin, your comment. I said sounds good. And Evelina, are you okay if we were to go with the alternative. Yeah. Okay, so approved to use the alternative. I need some help from the from the infra team because I don't actually have direct access to email addresses either. Even even to do a temporary one but I've got I've, I know we did it before in notify coming out to send it to the dev mail list. Oh, that's a good question. I didn't. I don't think we should use the term active, but you're right maybe we should just let me know that because they they're thinking of the project in a different manner than it is right. That may be yeah good. I don't think there's any way for us to get email addresses everybody the best way would be Artifactory or LDAP and that doesn't remember up to date. That's a good point whereas develop Jenkins developers list is is is a much better choice. Good. Put it on the forums put it on the dev man lesson call it a day. Yes, okay. Good. I like that I will propose that back to them. Just to be sure Evelina and Gavin you're both okay with that technique would just use the dev list. Yeah, I think it makes perfect sense. Okay, great. Excellent. Thank you. And forums and topics on forums. So Gavin, did I address the question you had in my earlier discussion of the Java Java update. Yeah, I mean I didn't follow it too well there was a thread I think this morning or last night, someone was asking about the new Docker image and I saw your reply. So I think that's all I want to cover and I think you did. Yeah, so, so there are other certainly other Docker container updates that are that are included in that Docker base image updates for Debbie and Docker image updates for command line get versions on the windows images those kind of things so that it's a it's a good thing for us to roll the images when new dependencies come out anyway. So this is good. And do you know offhand if the issue where it was only publishing one architect was fixed. It is not well it's not fixed fully yet because I've seen a case where it happened again, but we are getting all architectures correctly published for the fully qualified name. That's right this week. Right, right exactly and that was, that's a good question. There are still cases where the short forms are missing amd are arm 64. And in bits being investigated by the infantry. Good question. Yeah. Anything else on the Java Java topic or container update topic. I think, I mean related we got approved for more open source Docker stuff, I think, but I don't think it'll affect any end users I think it's just the internal info stuff. Good. Okay, and I'm not aware of the details of that but I know that they were working that so yeah in for a team is handling that. Actually it's a good point on the, you remind me there was something. Yeah, what was it something else about Docker. It may come back to me. Okay, okay. All right, then, in other news, the, the, I had submitted a request to the developer mating list asking to delay the selection of the next LTS baseline, two weeks, two to four weeks for stabilization. It felt like there were too many regressions 2.344 that was released on Monday fixes many of the issues. So the, the release baseline has not been selected yet, but Tim Jacob the release officer also has not not agreed that we should delay he's I think he's still watching to see how good or bad things look as we make improvements we're very going to Jan Farachik. Tim Jacob, Basel Crow, Alex Brandes, and a number of others for the fixes they've provided 2.33344 needs more evaluation but the fix list look very promising. Oh, I guess I do have another topic. Java require Java 11. I'm looking good for the September LTS. So, no more no Java eight support in September LTS Java 11. And right now we've got Java 17 preview already available. I hope by then we'll have Java 17 support full. Any question on any of those topics. No. That's all that I had Gavin any others from you thinking the only other one is, I deployed a fix a change to plug in site. So issues tab is not working again and loses tab is a little bit more. It should be processed the same way get how markdown work. So we switched from using the Java back end to a no JS back end the node JS markdown plugins are a lot more maintained aggressively community sported. So yeah, it should look a lot more like the same as GitHub now. And eventually we hope to do the same with the other tabs as well. So now that means these plugins can show releases and a renders renders very nicely and the issue list is current. Yeah, it does both GitHub and Jira. And the releases releases tab has been working for a while but now it's like I said a little bit more accurate to what you see in GitHub. A couple bugs with like new lines and stuff and this just gives us higher easier way to maintain in the future. Excellent. Thanks very much Gavin. Thank you. Thank you for the plug in site. Any, any other topics we should review. Thanks. Okay, I think we can safely call it of Evelyn any topics from you. No, no, nothing. Okay, let's call the meeting done. Recording should be posted in 24 hours to 48 hours. Thanks everybody. Thanks.