Governance Meeting, July 24, 2023

2023-07-24T17:00:00Z

Jul 24, 2023

Participants: Mark Waite, Alexander Brandes, Basil Crow, Ullrich Haffner, Bruno Verachten

Agenda:

• News
  • Releases
    • Jenkins 2.401.3 released Wednesday July 26, 2023
      • Security release as announced in Jenkins advisories mailing list, includes 2.416
      • Merges are paused to the controller branch of Jenkins core until after the release
    • Jenkins 2.414 is the next LTS baseline
      • Jenkins 2.414.1 release candidate Aug 9, 2023
      • Jenkins 2.414.1 release Aug 23, 2023
• Action Items
  • Mark Waite archive the governance meeting notes to a GitHub repository, use the Google doc as the working document, then publish final notes (done)
    • Mark archive submitted to the governance meeting archives repository in a merged pull request
• : Thoughts about using HackMD (https://hackmd.io/6mgEkr1rS7Ca4j4a5YxZfA) as a living document, like the infra team does?
• Allowing us to retire this doc totally
• Reduce the size of this document to make it more reliable
  • Test drive next meeting on HackMD
  • has invited Mark to the document
  • Mark Waite retrospective on signing certificate renewal process and its improvements
    • Code signing certificate update for MSI and WAR files
    • PGP signing key update for RPM and DEB files
      • Debian key packaging improvements (some other projects use that technique now)
    • Notification and process improvements
      • Reimbursement improvements
    • Details being gathered in the retrospective document
  • Mark Waite submit jenkins.io pull request to combine subprojects and SIGs into a single concept - “working groups”
    • More pull requests needed
  • Alexander Brandes and Ullrich Hafner run the officer and board elections for 2023
  • Mark cancel the August 7 board meeting - next meeting Aug 21
• Community activity
  • Artifactory bandwidth reduction project
    • JFrog hosts https://repo.jenkins-ci.org and covers all costs for the Jenkins project
      • JFrog is happy to continue hosting and sponsoring https://repo.jenkins-ci.org
    • Bandwidth use has been excessive due to abuse and misuse of its services
      • Duplicate downloads of released artifacts (jenkins.war, some tool installers)
    • 20 TB per month saved by blocking IP address of one abuser (March 2023)
    • JFrog has asked us to password protect our mirrors for the next reduction in bandwidth
      • Mark Waite’s proposal is described in detail in the help desk ticket
    • Action: Mark scheduling a discussion session this week with Jenkins infra, Jenkins security, and others
      • Damien Duportal, Daniel Beck, James Nord, Stephane Merle, Herve LeMeur
      • Other are welcome to attend
  • Prototype.js removal blog post guides new contributors
    • Prototype.js removal epic making progress
    • Plugin progress visible in the tracking sheet
    • Concern for company maintained plugins to services we cannot test ourselves
      • Artifactory - maintained by JFrog (Over 22k installed)
      • Fortify - maintained by MicroFocus (Over 4k installed)
      • Xray test management for JIRA - maintained by David Duarte (Over 2k installed)
      • Synopsys Coverity - maintained by Synopsys (Over 1k installed)
      • qTest - maintained by Tricentis (Over 1k installed)
    • May need to make special requests to those company maintainers
    • Thanks to Rahul for the Prototype.js fixes (active choices and git parameter plugin both more difficult, released!)
  • HTMLUnit 3 upgrades proceeding through 250+ plugin pull requests
    • Completed for test harness, core 2.409, tools, plugin pom 4.66, and plugin bom 2163
    • See the tracking sheet for latest status
    • Thanks to Tim Jacomb and Basil Crow, see Tim’s replacement script
  • 4 Google Summer of Code projects midterm evaluations complete
    • Mid-term presentations recording is available