2024-05-13T18:00:00Z
13 May 2024
Attendees
- @NotMyFault (Alexander Brandes)
- @basil (Basil Crow)
- @gounthar (Bruno Verachten)
- @MarkEWaite (Mark Waite)
- @uhafner (Ullrich Hafner)
Upcoming Calendar
- Next weekly release: 2.458
- Next LTS: 2.452.1, May 15, 2024
- Alex Brandes is the release lead
- Kevin Martens has created the changelog and upgrade guide
- Next major events:
Agenda
News
- Jenkins in Google Summer of Code 2024
- Approved for 5 projects
- Manage GitHub permissions as code - Danyang Zhao / Alex Brandes
- OpenRewrite for plugin modernization - Sridhar Sivakumar / Valentin Delaye
- UI for Jenkins infrastructure statistics - Shlomo Dahan / Kris Stern
- Jenkins knowledge in an LLM - Nour Almulhem / Kris Stern
- Repository Permissions Updater automation - Phillipp Glanz / Alex Brandes
- Approved for 5 projects
Action Items
- Basil create blog post to announce Jun 19, 2024 as first weekly to require Java 17
- Basil create the attribution entries for the downloads page
- Jenkins sponsors have changed
- Continues on the to-do list
- Draft PR is almost ready for review at: Add a Sponsors page by basil · Pull Request #6882 · jenkins-infra/jenkins.io · GitHub
- Kevin Martens retire the Chinese Jenkins site
- Mark needs to do more Kubernetes setup, then Kevin and Mark will meet with Damien
- More work pending
Community activity
- Contributor Spotlight this week: Kevin Martens
- Next spotlight - Alyssa Tong
- Future spotlights - Jan Faracik, Vandit Singh
Governance Topics
- Propose to cancel next governance meeting May 27, 2024
- Public holiday in the United States, Mark Waite and Basil Crow not available
- Approved 5 of 5
- Switch to meet every 4 weeks instead of every 2 weeks
- Meet more frequently if board approval of an urgent topic needs discussion
- 5 of 5 approved
- Require Java 17 in Jenkins weekly - mailing list thread
- Require Java 17 in Jenkins weekly June 19, 2024
- More time to complete Spring Security upgrade to 6.x
- Reduce risk, increase efficiency by allowing long patch chains to merge earlier
- Retains same Java versions for LTS releases
- Jun 12, 2024 - require Java 11 in weekly - 2.462
- Jun 19, 2024 - require Java 17 in weekly - 2.463
- Aug 7, 2024 - require Java 11 - 2.462.1 (?)
- Sep 4, 2024 - require Java 11 - 2.462.2 (?)
- Oct 2, 2024 - require Java 11 - 2.462.3 (?)
- Oct 30, 2024 - require Java 17 - 2.476.1 (?)
- How should we communicate this?
- New blog post that shares this decision (yes, good) (5 of 5)
- Basil will write the blog post (action item)
- Update the admin monitor in weekly (more effort than the net gain)
- Make a more general improvement to know LTS and weekly change dates
- New blog post that shares this decision (yes, good) (5 of 5)
- More time to complete Spring Security upgrade to 6.x
- Choose LTS baseline June 26, 2024 (don’t choose June 19 as baseline)
- Part of Spring Security 6.x upgrade
- Spring security 6.x requires Jetty 12 with Jakarta EE 9 (jakarta.servlet), not Jetty 10 with Jakarta EE 8 (javax.servlet)
- Spring Security 5.8.x end of public support
- Last public build of Spring security framework 5.8.x is August 2024
- Require Java 17 in Jenkins weekly June 19, 2024
- Azure expense status
- Azure donation from Microsoft expires Aug 31, 2024
- Azure use acceleration is in progress
- Reduce AWS and DigitalOcean expenses between now and Aug 31, 2024
- Increase AWS and DigitalOcean expenses after Aug 31, 2024 to offset end of Azure donation
- AWS credits donation
- Credits have been received, work started to apply credits to Jenkins tasks
- Credit consumption will increase after Aug 31, 2024
- Credits have been received, work started to apply credits to Jenkins tasks
- AWS credit application for 2025
- Application has been submitted - answer not expected until June or July 2024
- Spring Security 5.8.x end of public support
- Last public build of Spring security framework 5.8.x is August 2024
- Spring security 6.x requires Jetty 12 with Jakarta EE 9 (jakarta.servlet), not Jetty 10 with Jakarta EE 8 (javax.servlet)
- August 31, 2024 date seems likely to stick
- Last public build of Spring framework 5.3.x is August 2024
- Spring framework 6.1 and later require Java 17
- Alternatives:
- Accept that if there is a security vulnerability reported in Spring security 5.8.x between August 2024 and end Oct 2024, we may need to fork Spring Security and fix it ourselves
- Mark started discussion in the mailing list to find alternatives
- Last public build of Spring security framework 5.8.x is August 2024