►
From YouTube: Jenkins Governance Meeting July 25, 2022
Description
Jenkins governance meeting July 25, 2022 with topics including:
* Migration to Jakarta mail API (several plugins must upgrade together)
* Blue ocean admonition for user handbook and tutorials
* Embeddable build status plugin issue resolved
* Vendors site development discussion on community.jenkins.io
* Content security policy progress for Jenkins core
* GitHub comment ops to label pull requests, request reviewers, and more
A
Well,
welcome
everyone.
This
is
July
25th
2022,
it's
Jenkins
governance.
Meeting
topics
for
today
include
news
action
items,
blue
ocean
admonition,
embeddable
build
status,
plug-in
from
last
meeting,
CDF
updates.
If
Oleg
joins
us
and
forum
and
Community
topics,
if
Gavin's
available
any
other
topics
that
need
to
go
on
the
agenda.
A
Okay,
then,
let's
go
back
to
the
the
top
of
the
agenda.
So
by
way
of
news,
the
next
long-term
support
release
release
candidate
is
due
out
on
Wednesday,
with
release
two
weeks
afterwards,
thanks
to
Alex
Brandis,
as
our
release
lead
he's
been
the
release
lead
for
the
last
two
long-term
support
releases.
Thanks
very
much,
we've
got
an
upcoming
conference,
the
the
Southern
California
Linux
Expo
in
Los
Angeles
at
the
end
of
this
week,
kosuke
will
be
speaking
and
Alyssa
and
I
are
also
speaking.
Basil
had
noted
that
Jakarta
mail
migration
is
in
progress
Basel.
B
So
if
you
want
to
pull
up,
for
example,
the
mailer
plugins
release
notes,
you
should
be
able
to
see
the
messaging
that
we
put
in
place.
If
you,
if
you
see
that
section
that
says
related
plug-in
releases,
it's
a
little
bit
further
down,
but
that
that
gives
you
an
example
of
you
know.
These
three
plugins
need
to
all
be
upgraded
at
the
same
time.
B
There's
a
there's,
some
additional,
for
example,
I
fixed
up
the
saml
plug-in
and
a
mail
Watcher
plug-in,
but
those
are
installed
on.
You
know
two
percent
of
installations,
so
they're
they're,
not
as
as
common
the
one.
The
one
thing
that
I
would
want
to
note
in
this
meeting
is
that
the
disk
usage
plug-in
is
kind
of
in
a
in
an
odd
state,
so
I
didn't
touch
it,
but
that
one
could
use
a
volunteer.
B
If,
if
someone
is,
if
someone
cares
about
using
this
plug-in,
the
reason
I
didn't
update,
it
was
that
releases
are
currently
blocked,
because
there
is
there's
a
security
vulnerability
that
is
on
the
main
branch
that
has
not
been
released.
So
the
security
team
blocked
future
releases
to
prevent
that
vulnerability
from
ever
being
released
in
the
first
place.
So
someone
so
basically
fixing
this
plug-in
up
is
is
more
involved
than
you
know,
just
submitting
a
pull
request
or
adopting
it.
There's
some
there's
some
additional
catch-up
work.
B
That
needs
to
be
done,
which
I
didn't
volunteer
myself
to
do.
But
if
anyone
is
interested
in
using
this
plug-in,
it
I
don't
think
it's
going
to
work
with
the
Jakarta
mail,
migration
and
I.
Don't
think
any
changes
can
be
made
to
it
until
these
security
issues
are
dealt
with
so
that
that
would
be
a
great
example
for
someone
to
volunteer
and
pick
this
up
if
they're,
using
this
but
other
than
that,
I
think
we're
in
good
shape
with
this
migration.
So.
A
B
Don't
know
what
the
vulnerability
is
on
the
main
branch,
so
it
might
be
a
very
simple
one
like
reverting
one
commit,
but
it
might
so
it
might
be
a
complicated
one.
I,
don't
I,
don't
have
access
to
the
security
tickets,
so
I
didn't
I,
wasn't
able
to
to
read
it.
There's
a
link
to
the
ticket,
which
is
private,
so
I
think
whoever
whoever
wants
to
take
this
on
might
might
benefit
from
being
able
to
read
that
ticket
so
that
they
know
what
they're
dealing
with.
A
Got
it
well
and
that
that
knowledge
should
probably
then
informed,
do
I
want
to
adopt
it
or
not,
because
if
I'm,
not
an
active
user
of
it,
then
adopting
it
and
saying
I'm
going
to
pick
up
a
security
fix,
maybe
more
than
they're
ready
to
do
thanks
good
guidance,
buzzle
anything
else,
nah
all
right!
Thank
you!
A
So
action
items
we've
got
a
bunch
that
I
have
to
sadly
report
I've
made
no
progress
on
and
it'll
probably
be
that
way
for
at
least
another
two
or
three
weeks.
Just
for
all
the
things
I've
got
to
do
so
patience
with
me
now
this
one,
the
last
one
that
we
had
put
on
last
week,
Gavin
Mogan
created
a
proposal
to
hire
a
writer
I
think
we
may
have
a
solution
here
that
may
address
it.
I
was
hoping
to
have
Gavin
here,
but
I
wanted
to
highlight
this
at
least
to
show
people.
A
A
Oh,
this
thing,
that's
described
in
lots
of
places
is
not
getting
more
enhancements,
certain
fixes
are
being
applied
and
security
fixes
are
being
applied
when,
when
selected,
so
what
Kevin
has
done
is
he's
created
a
standard
admonition
to
put
on
the
page,
and
it
says
this
kind
of
thing
here,
an
infobloc
that
says
blue
ocean
is
not
receiving
further
functionality
updates.
It
will
continue
to
provide
pipeline
visualization,
but
will
not
be
enhanced
further.
A
Others
are
welcome
to
comment
on
the
poll
request
encouraged
to
do
so
just
wanted
to
be
sure,
you're
aware
now
what
this
this
standard
text
or
some
variant
of
it
will
appear
on
most
of
the
blue
ocean
Pages
like
right
now.
It
appears
on
creating
a
pipeline
and
on
dashboard
and
on
activity
View,
so
that
users
who
are
reading
will
see
that
status
as
they're
working
through
their
reading
any
comments
or
concerns
there.
B
A
I
I
agree
with
that.
Now
I,
like
I,
did
like
the
doc's
office
hours,
Asia
segment
said
hey.
Could
we
refine
the
message
so
that,
when
we're
talking
about
pipeline
editor,
we
don't
we
don't
do
as
much
to
mention
stage
view,
but
we
mentioned
specifics
for
pipeline
editor
and
that's
that's
something
that
will
work
with
Kevin
on
separately.
It's
it's
I,
think
it's
an
interesting
idea
of.
Are
there
variations?
We
should
use
for
each
of
those
pages.
That
will
make
the
message
clearer
great
if
nothing
else,
on
Blue
Ocean.
A
Let's
go
on
to
the
next
topic,
then.
Last
last
time
we
met,
we
had
an
item.
An
action
item
raised
that
the
embeddable
build
status,
plug-in
bundles
of
was
bundling
a
proprietary
font
and
as
it's
a
proprietary
font,
it's
not
allowed
to
be
redistributed,
and
so
it
was
violating
the
Jenkins
terms
for
Jenkins
plugins
and
so
what
we
did
two
weeks
ago,
we
said
we'll
set
a
two-week
clock.
A
If
no
one
adopts
the
plug-in
within
two
weeks,
we
will
cease
distribution
of
that
plug-in
because
it's
violating
the
terms
and
in
the
in
that
intervening
two
weeks
it's
been
adopted
and
a
release
has
been
delivered.
That
removes
the
proprietary
font,
thanks
special
thanks
to
Basel
for
highlighting
how
to
do
that
change.
It
was
actually
a
very
simple
change,
based
on
his
guidance
and
the
plugin.
Now
has
a
few
more
tests,
thanks
to
his
guidance,
so
release
is
done.
B
A
Yeah-
and
in
this
case
I
admit
it
was-
it
was
guided
self-interest
I
didn't
want
the
infra
team
to
waste
the
time,
removing
it,
and
so
that's
a
that's,
a
terrible
reason
to
do
it,
but
it
was
cheaper
to
to
adopt
it
than
it
was
to
go
through
the
process
of
removing
it
from
all
the
infrastructure,
all
right
and
oleg's,
not
here
so
I'm
going
to
drop
the
updates
from
CDF
and
forums
and
Community
topics.
I
had
two
or
three
topics
that
I
thought
might
be
worthwhile,
even
without
Gavin
here.
A
A
That
is
a
place
where
companies
that
provide
support
services
or
sell
products
based
on
Jenkins
or
Etc
could
do
Place
their
information
so
that
others
can
find
it
right
now.
What
we
have
is
an
outdated
wiki
page
that
points
to
vendors
that
are
absolutely
no
longer
active.
So
here's
what
his
current
prototype
looks
like
and
what
you
see
is:
we've
got
two
vendors,
a
hypothetical
vendor
here
that
he
created
and
a
less
hypothetical
vendor
here
that
I've
created
some
rough
data.
A
For
now
the
data
is
not
correct
on
these,
but
the
the
the
sampling
is
intended
or
the
the
layout
is
an
idea,
and
what
this
gives
then
is
a
link
here
to
more
information
about
the
vendor
and
a
link
to
their
support
site
or
a
link
to
their
website,
the
idea
being
okay.
This
way
this
is
much
better
than
let's
do.
The
search
for
Jenkins
commercial
vendors
on
the
Wiki
page.
C
A
A
Any
company
that
would
like
to
place
themselves
there
we
would
encourage
them
to
submit
some
sample
data,
so
we
can
test
drive
it
because
that
way,
we
we
get
a
sense
right
now.
My
my
my
scope
is
limited
because
I
don't
know
all
the
companies
that
are
providing
products
and
so
I
provided
data.
But
if
you
are
aware
of
someone
that
would
be
willing
to
provide
data,
the
data
format
is
actually
quite
simple:
it's
a
little
yaml
file,
and
so
so
it's
you
can
see
the
yaml
file
that
I
provided
is
someplace
further
down
here.
C
C
A
Exactly
and
I
and
I
think
that
is,
that
is
very
well
aligned
with
what
Gavin's
looking
for
what
what
what
started
his
conversation
about.
This
was
hey.
We
get
people
who
ask
questions
on
community.jenkins.io
that
are
well
beyond
what,
if
a
person
who's
doing
this
for
nothing
would
do,
but
if
we
could
Point
them
to
Consultants
or
to
organizations
that
offer
services
for
for
fee,
they
may
be
able
to
get
the
answer
they
need
and
the
community
can
benefit
overall,
because
we're
not
just
having
people
expect
commercial
grade.
Support
from
a
bunch
of
volunteers.
C
C
A
A
A
So
so
just
be
aware
of
that,
it's
no
no
action
required
yet
from
plug-in
maintainers,
because
it's
most
important
that
we
get
core
ready,
first
and
so
Daniel
Beck
who's,
doing
much
of
the
work
and
vodac
philanier,
the
the
security
officer
are
both
making
people
aware
without
telling
any
of
the
plug-in
maintainers.
Oh,
you
must
do
something
right
now.
It
is
just
in
core
and
it's
intentionally
being
done
in
a
way
that
should
be
kept.
100
compatible.