Governance Meeting, November 11, 2024

MarkEWaite · November 12, 2024, 4:06am

2024-11-11T19:00:00Z

11 Nov 2024

Attendees

@basil (Basil Crow)
@MarkEWaite (Mark Waite)
@NotMyFault (Alexander Brandes)
@uhafner (Ullrich Hafner)
@kmartens27 (Kevin Martens)

Upcoming Calendar

Election voting in progress, November 1 - 30, 2024
- Email invitations have been sent to all registered voters
Next weekly release: 2.485, Tuesday November 12, 2024
Next LTS: 2.479.2, November 27, 2024 - Kris Stern release lead, using LTS release checklist
- Release candidate Wednesday November 13, 2024
Next major events:
- Jenkins contributor summit 31 Jan 2025
  - Alyssa Tong has the venue for up to 24 participants and is organizing logistics
  - Bruno Verachten organizing the agenda
- FOSDEM 2025 - February 1-2, 2025
  - Jenkins requesting a stand

Agenda

News

Jenkins 2.479.x release dates
- 27 Nov 2024 - 2.479.2
- 08 Jan 2025 - 2.479.3 (two week break at end of year)

Action Items

Mark announce the reopening of voter registration while voting continues
- Good to welcome more voters
- Announced in Jenkins user mailing list and Jenkins developer mailing list
Basil create the attribution entries for the downloads page
- Jenkins sponsors have changed
- Continues on the to-do list draft PR
Kevin Martens retire the Chinese Jenkins site
- Kevin and Mark will meet with Damien in November
- More work pending
- Basil has lots of experience with redirecting if needed, don’t break the URL’s

Community activity

Jenkins Content Security Policy project
- Adapting plugins to be compatible with a future, broader implementation of content security policy
- Submitting pull requests, releasing plugins, preparing for future enablement in core
- Lots of rapid progress in this stage due to widely used plugins
  - Plugins are usually well maintained
  - Will change as project moves deeper into the list
  - Pace of work will be slower in the coming months
    - Some plugins won’t be updated (deprecated, etc.)
- Project has been running for 6 weeks - tracking sheet shows great progress
- Yaroslav Afenkin and Shlomo Dahan both planned to work on it until end of calendar year
  - Think we may be able to fix most detected violations for plugins above 10k installs
  - May have time to resolve some plugins above 1k installs
- Released CSP fixes for Jenkins core and more than 20 plugins
- Run Jenkins ATH with CSP enabled
- Static Analysis of CSP violations across the Jenkins repositories (Daniel Beck’s CSP scanner)
- Will continue to deliver more fixes
  - Basil runs ATH with CSP violation checking regularly
  - Detects regressions reliably
  - Static analysis has some false positives and false negatives
    - Would want to further refine before it is a part of every build
  - If we can reach a point of confidence, can include it in plugin builds
  - ATH is sufficient for those plugins covered in ATH
- October report submitted to Alpha-Omega by Bruno Verachten
  - Also provided a Jenkins blog post
Spring Security 6.x Upgrade - mailing list thread
- Phase 1 - Apache File Upload 2.0 - done
- Phase 2 - Require Java 17 in weekly - done
- Phase 3 - Upgrade Jetty 10 to Jetty 12 EE 8 - done
- Phase 4 - Upgrade Jetty 12 EE 8 to Jetty 12 EE 9 + Spring Security 6.x - done
  - Jenkins 2.475 (3 Sep 2024) and later
  - Jenkins 2.479.1 LTS (30 Oct 2024) - LTS release checklist
- Some lockstep plugin updates needed for Spring Security 6.x Upgrade
  - LDAP plugin lockstep upgrade as noted in 2.475 changelog, LDAP plugin changelog, and community.jenkins.io post
  - CAS plugin lockstep upgrade as noted in 2.475 changelog and
  - Reverse Proxy Auth plugin lockstep upgrade as noted in 2.479.1 upgrade guide and
  - Windows Negotiate SSO plugin lockstep upgrade as noted in 2.479.1 upgrade guide
- EnvInject plugin specific issue
  - Documentation update on the Env Inject plugin in the LTS upgrade guide
    - Much larger project to make a larger fix
    - Multiple duplicates of this issue, likely more once Java 17 is required in LTS
    - Redirect people to that comment
- One plugin still with a known issue - Jira integration plugin (not “Jira plugin”)
- Build failure results analyzer known failure
  - Requires a lockstep upgrade in a relatively minor feature of the plugin (released a few weeks ago)
    x-and-5-3-x)
TechStrong TV episode with Jenkins maintainers
- Alan Shimel and Lori Lorusso hosts
- Basil Crow
- Damien Duportal
- Kris Stern
- Mark Waite
Contributor Spotlight
- 12 months of contributor spotlights completed, more to come
- Recently published: Jesse Glick

Governance Topics

$9000 available for Jenkins project at Software in the Public Interest
- Approved last meeting that funds will be used as travel reimbursement for Jenkins Contributor Summit and FOSDEM
  - Mark Waite propose prioritized list of attendees to fund for travel
Governance board and Jenkins officer election in progress - Election Calendar
- Blog posts
  - Voter registration - 26 Sep 2024
  - Candidate statements - 3 Oct 2024
- Voter registration
  - 74 voters registered as of 31 Oct 2024
- Proposed to reopen voter registration while voting continues
  - Mark Waite submit blog post announcing the reopening of voter registration
  - Mark Waite send announcement email to Jenkins user mailing list and Jenkins developer mailing list
  - Mark Waite and Basil Crow continue to review and process new registrations and invite newly registered voters to the polls
- Email invitation sent 4 Oct 2024 to all registered voters
- Voting progress report - 74 registered voters
  - 36 votes cast for governance board
  - 33 votes cast for release officer
- Governance board term ends in December for Alex and Ulli
  - Governance board positions are available for election for the term 2024/12/03 - 2026/12/02
- 6 candidates nominated and confirmed for 3 positions on the governance board
  - Alex Earl
  - Alexander Brandes
  - Kris Stern
  - Oleg Nenashev
  - Stefan Spieker
  - Valentin Delaye
- 2 candidates nominated and confirmed for Release Officer
  - Alex Earl
  - Tim Jacomb
- 1 candidate nominated and confirmed for other officer positions
  - Alyssa Tong - Events Officer
  - Damien Duportal - Infrastructure Officer
  - Kevin Martens - Docuemntation Officer
  - Wadeck Follonier - Security Officer
Cloud expenses and plans
- Azure (CDF paid)
  - July: $4,571
  - August: $4,552
  - September: $3,910
  - October: $4,200
- Azure Sponsorship (Microsoft Credits) - $33k remaining, donation ends May 2025
  - July: $10k
  - August: $10.5k
  - September: $10.3k
  - October: $12.9k
- DigitalOcean - Remaining $15k (~5k consumed) until 02 January 2025
  - July: $176.01
  - August $200.08
  - September: $158
  - October $196
- AWS:
  - CloudBees:
    - June: $5,862
    - July: $6.5k
    - August: $6.3k
    - September: $6.3k
    - October: $6.4k
  - Sponsored account
    - October: $178
    - Global Status:
      - Credits left: $59,800 until 31 January 2025
      - Credits left: $60k until 31 July 2025
    - Moving ci.jenkins.io to AWS sponsored account
      - Likely $10k per month Nov 2024 - Jan 2025

Topic	Replies	Views
Governance Meeting, October 14, 2024 Community meeting , governance	17	October 14, 2024
Governance Meeting, September 16, 2024 Community meeting , governance	8	September 17, 2024
Governance Meeting, August 5, 2024 Community meeting , governance	20	August 5, 2024
Governance Meeting, October 2, 2023 Community meeting , governance	380	October 3, 2023
Governance Meeting, September 18, 2023 Community meeting , governance	352	September 18, 2023

Governance Meeting, November 11, 2024

11 Nov 2024

Attendees

Upcoming Calendar

Agenda

News

Action Items

Community activity

Governance Topics

Related topics