►
From YouTube: Jenkins Governance Meeting June 26, 2023
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Welcome
this
is
the
Jenkins
governance
meeting.
It's
June,
the
26
2023.,
thanks
for
being
here,
topics
I've
got
on
the
list
include
news
action
items.
A
Upgrade
from
jira
8
to
jira,
9
GitHub
sponsors
this
one.
We
may
need
to
just
defer
as
a
topic,
because
I
should
have
raised
it
as
a
question
in
the
list
before
bringing
it
here,
budget
and
expenses
just
a
summary
and
then
a
summary
that
I'd
created
of
various
Community
activity.
Are
there
any
other
topics.
You'd
like
to
be
sure
we
add
to
the
agenda.
A
A
A
So
in
terms
of
items
on
the
news
two
days
two
days
from
now,
Jenkins
2.401.2
will
release
thanks
very
much
to
Chris
Stern
as
the
release
lead
and
thanks
to
Kevin
Martens
for
creating
the
upgrade
guide
and
the
changelog
the
CDF
technical
oversight
committee
elections
are
in
progress
right
now.
There
are
four
seats
on
the
committee
with
six
candidates
up
for
up
as
possible
candidates,
you
should
have
already
received
an
email
invitation
from
opavote.com.
A
A
Oh
okay,
thank
you
great
thanks
very
much
in
terms
of
action
items.
We've
got
first
eccla
to
be
documented
by
Oleg
and
Alex
has
proposed
documentation
thanks
out
for
that.
Yes,
thanks
very
much
and
I
I
have
reviewed
it
and
made
my
comments
on
it.
If
others
would
like
to
view
review
it,
there
welcome
to
do
so.
A
B
Oh,
no,
not
really
I
mean
the
easycla
process
is
pretty
much
straightforward.
Given
you
just
click
on
the
Bots
comment.
Follow
the
CLA,
whether
it's
an
icla
or
ccla
click
the
submit
button.
That's
basically
it
you
don't
need
to
print
anything
out
any
longer
or
I.
Don't
know,
I
think
the
old
process
was
with
GPD
armoring
and
submitting
that
to
the
board,
and
that
is
all
on
gun
that
is
handed
by
the
Linux
Foundation.
A
Yeah,
thank
you
Alex
very
much
so
open
Action
for
me
still
no
progress
on
the
working
group's
transition
or
retiring
the
Chinese
Jenkins
site
further
than
it's
already
retired.
It
has
already
been
removed
from
the
header,
so
there
isn't
a
Chinese
selection
here
any
longer.
However,
the
site
is
still
available,
I
believe
it's
at
zh.
A
A
And
then
I've
still
got
the
action,
an
active,
an
action
item
to
Archive
the
governance
meeting
notes
no
progress
there.
Sorry
this
one,
the
retrospective
on
signing
I've,
started
detailing
the
timeline
and
others
are
welcome
to
contribute
I've
realized.
The
timelines
are
actually
two
different
timelines,
one
for
MSI
and
War,
and
one
for
pgp
signing
for
RPM
and
Deb,
and
they
they
have
different.
They
had
different
sets
of
problems
and
potentially
different
solutions,
but
I'm
going
to
capture
them
in
this
single
single
document.
A
Okay,
then
next
upgrade
from
jira
8
to
jira9
Alex
had
noted
that
jira
8
will
be
end
of
life
later
this
year
and
that
we're
using
jira
8
for
issues.jenkins.io,
so
I
submitted
a
ticket
to
the
Linux
Foundation
asking
to
schedule
an
upgrade
and
they
have
proposed
step.
One
of
the
upgrade
will
happen
on
July
6.,
with
an
up
to
two
hour
outage
for
the
database
upgrade.
A
A
A
Okay,
then
next
was
I've,
got
a
topic,
and
maybe
we
should
just
let
this
one
be
discussed
first,
either
in
the
developer
list
or
elsewhere.
But
what
I
saw
was
an
article
on
new
stack
that
talks
about
GitHub
now
allowing
organizational
donations
to
project
to
open
source
projects
and
I
wondered.
Is
this
something
we
should
consider
investigating
further
for
Jenkins
and
finding
a
way
to
allow
organizational
donations
from
GitHub
to
be
deposited
into
the
Linux
Foundation
LFX
account
where
we
track
our
funds.
C
All
right,
it's
not
a
bit
easier
to
do.
Okay,
so
we
can
definitely
configure
GitHub
sponsors
and
most
likely.
This
is
something
we
should
do,
but
GitHub
sponsors
he
is
working
on
various.
C
All
right,
I
forgot
the
name
of
the
service,
but
yeah.
There
is
an
account
we
need
to
create
and
this
account
would
need
to
be
created
on
behalf
of
the
effects
Charities.
So
basically
that
organization-
oh,
it's
stripe,
account
so
basically
GitHub
sponsors.
He
uses
stripe
as
a
backend
and
then
somebody
most
likely
the
Linux
Foundation
would
need
to
somehow
transfer
the
money
from
the
stripe
account
to
the
Linux
Foundation
I'm,
not
sure
it's
really
simple
from
the
standpoint
of
the
U.S
law,
because
a
lot
of
Charities
is
wrong.
C
A
B
Github
supports
the
concept
of
fiscal
hosts
for
finance
stuff,
so
you
don't
really
need
an
personal
bank
account
to
run
for
the
money
to.
As
far
as
I
am
aware,
the
Linux
foundation
on
the
cncf
uses
open
Collective
as
fiscal
host
to
I.
Don't
know
if
they
use
GitHub
sponsors,
but
at
least
they
have
a
fiscal
host
at
open
Collective
that
possibly
could
be
used
similar
to
for
the
Jenkins
project.
C
B
No,
no
I
mean
GitHub
transfers
the
money
to
the
open,
Collective
account.
For
example,
if
we
enable
Jenkins
for
guitar
sponsors,
the
money
would
then
go
via
GitHub
sponsors
to
the
open,
Collective
account
of
the
Linux
Foundation,
which
acts
as
fiscal
host.
So
the
money
doesn't
go
to
anyone's
personal
bank
account.
C
Yeah,
it
could
be
them
well,
basically,
the
tricky
part
for
us
is
whatever
we
can
integrate
strike
or
open
Collective,
it's
still
to
get
them
on
our
account
on
LFX
and
then
the
other
program,
as
we
learned
halfway,
is
to
actually
use
this
money,
because
the
process
so
far
has
been
quite
complicated.
Every
time
we
retract
it.
C
So
the
question
is
whether
we
actually
want
full
integration
or
whether
you
know
probably
the
stuff
or
on
let's
say
open
Collective
account
stripe
account
and
actually
keep
some
cash
there,
because,
for
example,
when
you
talk
about
established
contributors,
so
that
can
wait
for
a
few
months
until
the
money
iron
goes
okay,
but
if
you
talk
about,
let's
say
in
terms
depends
and
definitely
can
avoid
wait
for
several
months.
I
think
that
we
cannot
go
with
a
living
Foundation.
A
C
And
so
I
think
it's
that
it's
difficult
to
every
time,
maybe
do
something
specific
like
Google
summer
of
code.
It
requires
so
much
Plumbing
that
for
small
donations
it
just
makes
no
sense.
So,
let's
say
several
hours
of
support
and
it
with
transferring.
Let's
see
50
bucks
from
the
open
Collective
account.
It's
not
something
that
I
would
like
to
know.
C
A
B
Yeah
I
think
I
get
Alex
concerned.
Maybe
I
don't
know
if
there's
an
actual
demand
to
use.
Github
sponsors
from
our
side,
like
I,
haven't
seen
anyone
requesting
that
we
should
enable
that
yet
so
I'm
not
sure
if
there's
a
demand,
but
on
the
other
hand
I
don't
really
track
our
crowdfunding
profile
within
the
Linux
foundation.
So
I
don't
know
if
anyone
regulated
dates.
There.
C
And
we
also
have
episodic
one-time
contributions
so
that
they're
quite
big
ones,
so,
right
now
the
effects
crowdfunding
kind
of
works
I
mean
we
definitely
received
more
money
there
than
we
spend.
Well,
maybe
get
this
big
expense
report
from
our
but
yeah.
The
thing
is
that
again
we
don't
know
how
many
people
are
ready
to
go
to
the
Linux
Foundation
service
register.
There
then
put
the
credit
card
on
and
while
GitHub
support
testing
will
be
quite
extended.
Money.
A
Yeah
so
I
think
what
I'm
hearing
is
based
on
based
on
no
observed
demand
and
I
agree
that
I
don't
see
any
observed,
demand
and
challenges
associated
with
it.
We
table
it.
We
no
no
further
plans
for
now
can
can
reconsider
in
the
future.
A
B
Think
we're
already
doing
that.
Okay,
if
I
remember
if
I
remember
correctly,
the
sponsors
file
and
GitHub
points
to
crowdfunding
at
least
I
think
it's
core.
C
At
some
point,
we
agreed
that
we
don't
want
to
put
it
in
dot
GitHub,
because
yeah
it
started
to
have
maintainers
who
have
set
up
their
own
funding
channels,
so
I
mean
when
we
were
setting
it
up,
sponsor
something
GitHub.
Basically,
a
little
podcast
override.
A
A
Okay
so
and
I
think
it
may
have
been
Bruno's
actually
microphone.
That
was
injecting
some
noise,
so
I've,
muted,
Bruno,
great
all
right.
So
next
topic,
then
was
budget
and
expenses,
and
this
is
just
as
far
as
I
can
tell
we're.
Up
to
date,
the
crowdfunding
site
shows
our
current
budget
balance
and
so
8763
U.S,
with
my
expense
for
the
code
signing
certificate
correctly
shown
and
the
expense
for
the
reimbursement
to
votec
following
a
that
was
took
us
a
very
long
time
to
get
done
everything
it
seems
to
be
correct
there.
B
Yeah
great
to
have
fun
like
here,
you
piloted
the
Dingus
project
with
an
LFX
security
a
couple
of
years
ago
and
I
onboarded
myself
onto
the
project
control
center
a
couple
of
weeks
ago
to
investigate
into
easy
CLA
and
how
everything
works
there
and
I
saw
that
the
Jenkins
project
doesn't
really
use
LFX
security
but
uses
it
for
the
infra
organization
and
I
was
wondering
if
there
were
any
thoughts
or
concerns.
Why
the
we
never
onboarded
that
until
the
main,
drink
and
CI
organization,
given
that.
C
It
was
done
as
a
part
of
LF
executed
and,
unfortunately,
this
pilot
project
couldn't
go
through
there
because
we
were
waiting
on
the
Linux
Foundation.
So
the
story
for
us
was
that
at
that
point
I'm
not
sure
about
now.
The
LFX
security
couldn't
configure
basically
exceptions
for
false
positives
in
any
meaningful
way,
and
there
wasn't
no
facilities
for
organization
management
at
all.
C
So
we
spent
some
time
talking
to
LFX
team
about
that,
and
basically,
we
gave
up
because
the
FX
team
was
unable
to
provide
us
with
a
response
what
we
actually
do
to
resolve
these
issues.
At
that
point,
there
was
no
even
configuration
through
the
repository
available
and
even
now,
I
believe
that
there
is
no
Global
configuration
through
go
to
GitHub.
So
if
you
decide
to
enable
it
organization,
wise
is
going
to
be
a
pain
for
the
maintainers
for
someone
they
still
probably
wants
to
evaluate
it.
C
We
enabled
it
for
a
few
repositories,
so
basically,
together
this
Olivier
for
a
few
infra
projects,
where
that
are
much
more
contained,
that
during
this
plugins,
but
Jenkins
plugins
due
to
the
original
packaging,
which
is
not
Java
packaging,
it
needs
a
bunch
of
patches
to
work
as
a
one
would
expect.
C
D
C
Every
plugin
declares
independency
on
Jenkins
score
and
other
plugins,
and
basically
LFX
security
has
seen
by
default.
They
basically
take
the
dependencies
as
something
that
is
bundled
into
HPI,
which
is
not
true.
So
basically,
if
you
support
that
the
old
core
version,
you
get
a
lot
of
thread
plugs
for
all
reasoning,
security
releases
for
the
releases
of
bug
independencies,
even
if
they
are
not
physically
bundled
into
the
HPI
file.
C
Yeah
so
again
it's
a
small
amount
of
programming
for
classic
stick,
but
a
LFX
team
when
they
were
implementing
LFX
security
1.x.
They
basically
do
the
design
for
that
use
case
and
we
were
dead
in
the
water
and
for
all
FX2
2.
This
way
we
started
pilot
because
we
wanted
to
adopt
it,
but
at
that
point
the
Linux
Foundation
team
wasn't
able
to
deliver
on
that.
A
C
C
A
Tracy
Reagan
I
believe
is
leading
that
I've
been
invi,
I've
been
invited
and
I
missed
the
most
recent
meeting,
but
intent
plan
to
attend
Alex.
If
you're
interested
I'd
be
happy
to
invite
you
along
as
well,
particularly
since
you've
got
some
interest
in
it.
B
Yeah
I'm
heading
up
to
Olex
concerns
I,
think
the
a
lot
of
Executives
more
than
just
security
nowadays,
given
you
can
filter
for
blacklisted
words
and
go
with
dependency
licenses,
feel
it
feels
like
merging
multiple
tools
into
one.
It's
like
no
longer
really
focused
on
just
the
security
aspect
and.
C
A
Right
and
Oleg
thanks
thanks
for
the
the
background.
Thank
you
very
much.
The
next
topics
I
had
were
on
community
activity,
and
here
my
summaries
may
be
weak,
so
anyone
should
feel
free
to
chime
in
on
other
summaries.
Artifactory
bandwidth
reduction
project
is
high
on
my
list.
We
met
with
jfrog
last
week
and
had
a
discussion
with
them.
They
really
want
us
to
switch
so
that
our
the
mirrors
we're
maintaining
of
other
repositories
like
repo
one
and
the
jgit
repository
should
stop
being
public
because
they're
seeing
a
very
high
bandwidth
use.
A
However,
that
will
require
changes
to
our
parent
palms
and
that
will
require
some
changes
to
our
use
models
and
so
we're
worrying
about
how
do
we
do
that
in
a
way
that
doesn't
break
things
unnecessarily?
So
it's
there's
there's
an
awful
lot
to
happen
here
in
order
to
try
to
comply
with
jfrog's
request.
A
It
feels
like
it's
a
healthy
thing,
thanks
to
Basel,
thanks
to
vadek
felonier,
for
that
discussion
and
bringing
it
any
questions
on
either
of
those
two
topics.
B
A
The
Epic
is
in
progress.
There's
a
lot
a
lot
of
work
to
do
to
remove
prototype
from
plugins
before
it
can
be
removed
from
Jenkins
core.
This,
the
tracking
sheet
shows
the
progress
thanks
Basel
very
much
for
maintaining
the
tracking
sheet
anything
Basel
that
you
want
to
note
on
prototype.js
removal.
A
A
D
Well,
a
lot
of
these
pillar
quests
to
learn
compiling
yet
so
they
can't.
You
know
I,
think
that
we
should
be
making
sure
that
they
compile,
especially
for
the
long
tail
of
plugins
with
fewer
than
I,
don't
know
25
000
installations,
there's
a
lot
of
these
that
are
orange,
meaning
that
they
cannot
be
merged
since
they
don't
compile
so
be.
A
A
Right,
yeah,
that,
for
me,
is
the
biggest
the
biggest
headache
there
is.
If
someone
doesn't
do
this,
but
then
later
requires
a
parent
Palm
upgrade
they'll
be
stuck.
They'll
have
to
do
the
HTML
unit,
three
transition,
in
addition
to
everything
else
that
they've,
that
might
have
been
on
their
list,
so
some
urgent
security
fix
or
whatever
could
be
blocked
simply
because
they
we
we
didn't
get
this
piece
of
debt.
They
didn't
get.
This
piece
of
debt
resolved.
First.
C
The
only
thing
that
well,
you
have
to
imagine
the
spirit,
speaks
that
we're
updating
the
parent
form
would
be
mandatory.
So
for
me
it's
rather
a
minor
risk.
A
C
A
Then
next
item
was
Google
summer
of
code
and
it's
progressing.
We've
got
four
student
four
contributor
projects,
thanks
to
John,
Mark,
Chris,
Stern,
Alyssa,
Tong
and
Bruno
veratchden
they're,
our
organization
admins.
Thanks
to
the
four
Mentor
teams,
each
Mentor
team
has
at
least
two
mentors
involved.
Most
of
them
have
three
and
progress
is
going
forward.
The
next
the
midterm
presentations.
A
Okay,
then,
the
last
item
I
had
on
the
list
was
early
end
of
life
for
Centos
7,
it's
been
announced,
it's
been
declared
it's
now
appearing
in
warnings.
It
will
appear
to
LTS
users,
beginning
with
Wednesdays
2.401.2.
So
if
they're
running
that
old
operating
system,
we're
trying
trying
in
multiple
ways
to
inform
them
that
they
need
to
get
off
that
thing
any
questions
or
concerns
there.