2024-12-09T17:30:00Z
9 Dec 2024
Attendees
- @MarkEWaite (Mark Waite)
- @NotMyFault (Alexander Brandes)
- @slide (Alex Earl)
- @jonesbusy (Valentin Delaye)
- @kmartens27 (Kevin Martens)
- @gounthar (Bruno Verachten)
- @onenashev (Oleg Nenashev)
- @Stewi
Upcoming Calendar
- Election results announced
- Next weekly release: 2.489, Tuesday December 10, 2024
- Next LTS: 2.479.3, January 8, 2025 - Kris Stern release lead, using LTS release checklist
- Release candidate Wednesday December 11, 2024
- Choose next LTS baseline 18 Dec 2024
- Next major events:
- Jenkins contributor summit 31 Jan 2025
- Alyssa Tong has the venue for up to 24 participants and is organizing logistics
- Bruno Verachten organizing the agenda
- FOSDEM 2025 - February 1-2, 2025
- Jenkins is confirmed for a stand
- We plan to sell Jenkins T-shirts, brought to Belgium by Mark Waite
- Jenkins contributor summit 31 Jan 2025
Agenda
News
- Jenkins 2.479.x release dates
- 08 Jan 2025 - 2.479.3 (two week break at end of year)
Action Items
- Basil create the attribution entries for the downloads page
- Jenkins sponsors have changed
- Continues on the to-do list draft PR
Community activity
- Jenkins Content Security Policy project
- Announcement, progress report one, and progress report two
- Adapting plugins to be compatible with a future, broader implementation of a more restrictive content security policy
- Submitting pull requests, releasing plugins, preparing for future enablement in core
- Project has been running for 10 weeks - tracking sheet shows great progress
- Yaroslav Afenkin and Shlomo Dahan on the project until end of calendar year
- Think we may be able to fix most detected violations for plugins above 10k installs
- May have time to resolve some plugins above 1k installs
- Released CSP fixes for Jenkins core and more than 40 plugins
- Run Jenkins ATH with CSP enabled
- Static Analysis of CSP violations across the Jenkins repositories (Daniel Beck’s CSP scanner)
- Will continue to deliver more fixes
- Basil runs ATH with CSP violation checking regularly
- Detects regressions reliably
- Static analysis has some false positives and false negatives
- Would want to further refine before it is a part of every build
- If we can reach a point of confidence, can include it in plugin builds
- ATH is sufficient for those plugins covered in ATH
- Jenkins Content Security project part 2
- Possible project scope is being discussed with Jenkins security team
- No funding commitment from Alpha Omega yet, but hopeful they will fund the next phase of the project
- Mark Waite check with Michael Winser on details needed to request 2025 funding
- Spring Security 6.x Upgrade - mailing list thread
- Upgrade guide and changelog
- Some plugins require a lockstep upgrade
- Build failure results analyzer known failure
- Requires a lockstep upgrade in a relatively minor feature of the plugin (released 6 weeks ago)
- EnvInject plugin specific issue
- Documentation update on the Env Inject plugin in the LTS upgrade guide
- Much larger project to make a larger fix
- Multiple duplicates of this issue, likely more once Java 17 is required in LTS
- Redirect people to that comment
- Documentation update on the Env Inject plugin in the LTS upgrade guide
- Upgrade guide and changelog
- Contributor Spotlight
- 12 months of contributor spotlights completed, more to come
- Recently published: Vincent Latombe
Governance Topics
-
Meeting time proposals
- Second Monday of each month at 17:30 UTC
- Early enough for Arizona, California, and Colorado
- Late enough for Europe
- Approved by all 4 attending board members
- Second Monday of each month at 17:30 UTC
-
$9000 available for Jenkins project at Software in the Public Interest
- Approved last meeting that funds will be used as travel reimbursement for Jenkins Contributor Summit and FOSDEM
- Prioritized list of attendees to fund for travel
- Can we finalize the priority by end of this week?
- Allow time to confirm with proposed attendees and let them schedule travel before end of calendar 2024
- Confirmed that we will complete prioriization this week, notify participants next week
- Approved last meeting that funds will be used as travel reimbursement for Jenkins Contributor Summit and FOSDEM
-
Cloud expenses and plans
- Azure (CDF paid)
- July: $4.6k
- August: $4.5k
- September: $3.9k
- October: $4.2k
- November: $4.3k
- Azure Sponsorship (Microsoft Credits) - $41k remaining, donation ends May 2025
- July: $10k
- August: $10.5k
- September: $10.3k
- October: $12.9k
- November: $13k
- DigitalOcean - Remaining $15k (~5k consumed) until 02 January 2025
- July: $176
- August $200
- September: $158
- October: $196
- November: $146
- AWS:
- CloudBees:
- July: $6.5k
- August: $6.3k
- September: $6.3k
- October: $6.4k
- November: $3.9k
- Sponsored account
- October: $178
- November: $482
- Global Status:
- Credits left: $59,800 until 31 January 2025
- Credits left: $60k until 31 July 2025
- Moving ci.jenkins.io to AWS sponsored account
- Likely $10k per month Dec 2024 - Jul 2025
- CloudBees:
- Azure (CDF paid)
-
Java tip and tail release model discussion 17 Dec 2024
- Bruno attend for Jenkins project, consider Basil as a possible attendee
- How can downstream libraries adopt the release model?
- What if Eclipse Jetty adopts it or if Spring adopts it?