Governance Meeting, May 13, 2024

2024-05-13T18:00:00Z

13 May 2024

Attendees :busts_in_silhouette:

Upcoming Calendar :calendar:

  • Next weekly release: 2.458
  • Next LTS: 2.452.1, May 15, 2024
    • Alex Brandes is the release lead
    • Kevin Martens has created the changelog and upgrade guide
  • Next major events:

Agenda

News

Action Items

  • Basil create blog post to announce Jun 19, 2024 as first weekly to require Java 17
  • Basil create the attribution entries for the downloads page
  • Kevin Martens retire the Chinese Jenkins site
    • Mark needs to do more Kubernetes setup, then Kevin and Mark will meet with Damien
    • More work pending

Community activity

  • Contributor Spotlight this week: Kevin Martens
    • Next spotlight - Alyssa Tong
    • Future spotlights - Jan Faracik, Vandit Singh

Governance Topics

  • Propose to cancel next governance meeting May 27, 2024
    • Public holiday in the United States, Mark Waite and Basil Crow not available
    • Approved 5 of 5
      • Switch to meet every 4 weeks instead of every 2 weeks
      • Meet more frequently if board approval of an urgent topic needs discussion
        • 5 of 5 approved
  • Require Java 17 in Jenkins weekly - mailing list thread
    • Require Java 17 in Jenkins weekly June 19, 2024
      • More time to complete Spring Security upgrade to 6.x
        • Reduce risk, increase efficiency by allowing long patch chains to merge earlier
      • Retains same Java versions for LTS releases
        • Jun 12, 2024 - require Java 11 in weekly - 2.462
        • Jun 19, 2024 - require Java 17 in weekly - 2.463
        • Aug 7, 2024 - require Java 11 - 2.462.1 (?)
        • Sep 4, 2024 - require Java 11 - 2.462.2 (?)
        • Oct 2, 2024 - require Java 11 - 2.462.3 (?)
        • Oct 30, 2024 - require Java 17 - 2.476.1 (?)
      • How should we communicate this?
        • New blog post that shares this decision (yes, good) (5 of 5)
          • Basil will write the blog post (action item)
        • Update the admin monitor in weekly (more effort than the net gain)
          • Make a more general improvement to know LTS and weekly change dates
    • Choose LTS baseline June 26, 2024 (don’t choose June 19 as baseline)
    • Part of Spring Security 6.x upgrade
      • Spring security 6.x requires Jetty 12 with Jakarta EE 9 (jakarta.servlet), not Jetty 10 with Jakarta EE 8 (javax.servlet)
      • Spring Security 5.8.x end of public support
        • Last public build of Spring security framework 5.8.x is August 2024
  • Azure expense status
    • Azure donation from Microsoft expires Aug 31, 2024
    • Azure use acceleration is in progress
      • Reduce AWS and DigitalOcean expenses between now and Aug 31, 2024
      • Increase AWS and DigitalOcean expenses after Aug 31, 2024 to offset end of Azure donation
  • AWS credits donation
    • Credits have been received, work started to apply credits to Jenkins tasks
      • Credit consumption will increase after Aug 31, 2024
  • AWS credit application for 2025
    • Application has been submitted - answer not expected until June or July 2024
  • Spring Security 5.8.x end of public support
    • Last public build of Spring security framework 5.8.x is August 2024
      • Spring security 6.x requires Jetty 12 with Jakarta EE 9 (jakarta.servlet), not Jetty 10 with Jakarta EE 8 (javax.servlet)
      • August 31, 2024 date seems likely to stick
    • Last public build of Spring framework 5.3.x is August 2024
      • Spring framework 6.1 and later require Java 17
    • Alternatives:
      • Accept that if there is a security vulnerability reported in Spring security 5.8.x between August 2024 and end Oct 2024, we may need to fork Spring Security and fix it ourselves
      • Mark started discussion in the mailing list to find alternatives