►
From YouTube: Jenkins Governance Meeting, Jan 13, 2021
Description
Recording of the regular Jenkins Governance meeting. We discussed the recent news, upcoming events, and key priorities for 2021: contributor onboarding, security, etc.. Agenda and meeting notes: https://docs.google.com/document/d/11Nr8QpqYgBiZjORplL_3Zkwys2qK1vEvK-NYyYa4rzg/edit#heading=h.v4sls9rnbtoa
A
Hello,
this
is
the
regular
jenkins
governance
meeting.
Today
is
january
13th
we
had
a
break
during
the
new
year
and
christmas
holidays,
but
now
we're
back
and
there's
a
number
of
topics
we
have
to
discuss
today
and
just
second
touch.
I'm
asking.
A
Okay,
do
you
see
it?
Yes,
so
yeah
we
have
a
few
news
and
we
have
planning
for
2021,
mostly
defining
key
priorities
and
other
things
we
started
doing
that
for
the
new
year,
blog
post,
but
yeah.
This
is
a
good
place
where
we
can
discuss
what
else
we
would
like
to
see
happening
next
year
and
what
would
be
the
priorities
for
the
governance
board?
A
In
addition,
yeah
for
the
information
I
dumped
feedback,
we've
got
hearing
directions
about
what
would
be
the
priorities
for
the
board,
etc.
So
you
can
take
a
look.
This
feedback
has
been
filtered,
so
there
are
no
sticker
requests
but
general.
There
is
some
summary,
and
yet
people
will
mostly.
A
Okay,
so
let's
go
to
news
one,
fresh
news:
that
today
we
had
a
security
release.
The
security
release
involves
multiple
fixes
in
the
jenkins
core,
including
xss,
and
whether
it's
a
civilization,
error,
potential,
fast
traversal
and
access
to
files.
So
if
you
use
jenkins,
please
update
this
video
and
we
have
cs
and
weekly
released.
So
all
the
packages
are
available
now.
A
Other
news
is
that
we
have
fosdom
as
usual,
so
this
year,
for
them
will
be
virtual
and
we
will
have
a
jenkins
developer
stand
there
and
at
the
cicd
room
we
will
have
a
talk
by
victor
martinez
jenkins
and
probably
there
will
be
more
talks
at
the
conference.
So
please
check
agenda
and
yeah.
If
you
are
interested
to
participate
just
to
buy
the
jenkins
booth,
it
will
happen
on
the
weekend
and
we
will
definitely
have
someone
available.
B
A
A
C
B
A
A
We
have
a
few
topics
in
the
message
about
the
governance
meeting.
I
wanted
to
specifically
talk
about
the
contributor
onboarding
and
security,
but
yeah.
This
is
a
place
where
you
can
discuss
other
topics.
If
you
have
anything
in
mind
because
we
still
have
documentation,
we
still
have
events.
We
need
to
organize
and
other
things,
so
we
can
just
discuss
what
would
be
the
priorities
and.
A
Why
I
put
contributor
onboarding
to
the
list
is
mostly
because
of
this
graph.
We
discussed
a
few
times
before,
but
yeah
this
year.
When
the
covert
situation
started,
we
have
seen
quite
significant
deep
in
terms
of
company
contributors
and
in
june
we
sent
a
request
to
the
linux
foundation
to
verify
whether
this
data
is
actual
and
my
understanding
that,
yes,
it's
actual
so
how
it
gets
generated.
A
A
B
A
A
A
A
What
it
means
that
we
should
definitely
work
on
improving
contributions
and
seeking
contributors,
and,
of
course,
it's
also
related
to
jenkins
promotion,
especially
for
modern
platforms,
because
the
adopters
hackers
are
the
common
persons
who
contribute
better.
A
Yeah
yeah
it's
a
case
and
what
it
means
for
us
that
we
should
do
better
outreach
to
users
for
different
platforms
and
and
yeah,
of
course,
with
alsace
offerings.
Now
the
situation
becomes
more
complicated
in
terms
of
attracting
contributors.
It's
not
a
surprise.
We've
been
discussing
that
at
the
contributor
summits
before
but
yeah.
We
still
should
work
in,
because
jenkins
is
used
in
so
many
areas
and
yeah.
A
B
Yeah,
I've
I've
definitely
seen
companies
that
previously
were
not
doing
any
continuous
integration
looking
towards
it.
So
I
think
there
is
still
an
opportunity
for
us
to
have
new
people
arriving
even
with
the
increased
competition
from
sas
providers
and
others
yeah.
But
it's
we
need
to.
We
need
to
actively
work
to
onboard
contributors.
A
Eric
and
here
come
events
and
other
activities
so
again,
yeah
you
can
participate
in
hacktoberfest
octoberfest
helps
here,
no
doubt
getting
individual
contributors.
I
believe
it
helps
less
with
company
contributions,
though
particular
initiatives
could
help
as
well.
So,
for
example,
targeting
custom
platforms
is
one
of
the
areas
which
we
discussed
before
multiple
times
and
yeah.
I
think
you
should
do
between
that.
A
E
An
opportunity
just
to
focus
on
that.
I
think
it's
I
think
the
corona
problematic
is,
for
instance,
in
germany.
Nobody
has
really
time
for
anything
for
his
free
time.
So
in
my
spare
time
I
need
to
care
for
the
children
more.
So
maybe
this
is
also
a
problem.
I
don't
know
if
others
also
have
the
same
problems.
C
Yeah,
it's
definitely
this
a
thing.
E
D
A
Yep
well,
any
contributor
has
full
freedom
to
do
but
yeah
what
it
means
that,
for
example,
you're
a
student
on
the
lockdown,
then
you
can
go,
participate
photographers
cool,
but
yeah.
B
So,
but
that
is
a
good
observation
that
the
the
what
looks
like
the
average
number
of
individual
contributors
is
roughly
the
same
from
2019
to
2020.,
but
there
is
a
there
is
an
observable
difference
between
contributing
companies.
So
do
we
need
to
consider
a
way
to
reach
out
to
companies
to
encourage
them
to
motivate
their?
I
don't
know
how
we
do
that
even,
but
I
think
oh,
like
I
think
that
was
part
of
your
point-
was
that
it's
not
it's
individual
developers
were
relatively
flat,
but
companies
are
the
thing.
That's
down.
A
Yeah
so,
firstly,
it's
two
workshop
for
contributions,
because
we
know
that
for
many
plugins,
basically
contributions
and
get
stuck
and
providing
timely
feedback
assist
with
getting
changes
in
is
one
of
the
the
opportunities
to
onboard
and
retain
contributors.
So
this
one
area
and
secondary
again
focusing
on
cases
which
are
important
for
bigger
contributors.
A
A
And
I
think
we
can
just
dump
it
here
in
the
meeting.
C
Okay
about
what
we
could
do,
because
I
have
some
ideas
in
regards
to
corporate
outreach,
because
we've
seen
this,
you
know
in
other
open
source
projects
and
and
I've
seen
sort
of
ways.
They've
worked
on
that
that
I
think
I
could
apply
here
as.
A
A
Anyway,
you
should
keep
doing
all
the
things
so,
but
the
company
contributors
are
important.
At
some
point.
We
had
a
discussion
at
the
the
small
contributor
summit.
How
do
we
increase
company
contributions?
I
can
also
pull
the
meeting
funds
but
yeah.
E
And
do
you
do
you
have
already
an
idea
how
to
proceed
on
that
topic,
because
something
that
we
did
in
the
past
was
to
identify
key
areas
that
third
company
want
to
promote
and
maybe
trying
to
find
a
way
to
promote
those
areas.
So,
for
instance,
I
know
that
rudolph
is
interested
with
the
jenkins
communities
operator
and
the
second
company.
I
can't
remember
the
name
as
well,
so
maybe
this
is
the
kind
of
initiatives
where
we
can
help.
A
D
We
can,
we
can
also
fix
the
the
blog
sharing
thing,
because
right
now
I
realized
I
haven't
been
reading
the
blog
because
we're
no
longer
posting
to
twitter.
I
realized
that,
like
early
last
year,
but
at
least
then
it
would
encourage
people
to
post,
because
then
they
can
get
a
bit
of
traffic.
A
D
A
A
A
Again,
it's
yeah
something
for
us
to
consider
contributing
has
been
always
on
our
list
and
yeah.
I
think
that
this
is
just
important
to
keep
doing
things
and
expand.
B
B
I
was
thinking
advocacy
now
it
reaches
the
place,
but
just
so
people
here
are
aware.
I
think
we
should
do
a
contributor
summit
in
the
what
northern
hemisphere
we
might
call
the
spring
fosdum
you
know,
february
or
march,
that
kind
of
time.
It
definitely
won't
be
before
fosdem
and
it
won't
be
during
fosdem.
A
B
Thinking
contributor
summit,
but
I'm
open
to
input
there,
that's
a
good
question.
I
I
hadn't
thought
of
a
user
summit.
I
was,
I
was
framing
it
more
around
the
kind
of
event
we
did
last
year
at
after
fosdem
in
belgium,
where
it
really
was
developers
and
people
who
were
contributing
to
the
project.
E
I'm
open
to
suggestions.
I
would
also
be
more
interested
for
the
contributor
summit
because
the
first
time,
the
booth,
at
the
first
time
on
our
house,
to
highlight
improvements
in
the
jenkins
project,
or
at
least
things
that
you
that
you
want
to
promote
and
so.
D
E
Terms
of
reaching
to
users,
I
think
the
first
them
will
be
the
good
place,
and
in
this
case
we
are
more
interested
about
how
we
federate
about
all
the
different
initiatives
on
the
jenkins
community.
So
to
me
to
me,
I
would
be
definitely
more
interested
for
a
small
contributor
summit
than
the
user
and
also
the
other
reason
why
it
would
be
easier
is
because,
depending
on
the
technology
that
we
would
use,
I
mean
it's
easier
to
target
a
smaller
audience.
A
So
we
have
some
account.
We
can
support
breakout
sessions
and
other
things
there.
So
yeah
up
to
50
participants
is
what
we
can
easily
host
all
right,
yeah
adapter,
that
you
will
get
more
people
participating
in
the
same
time
zone.
B
Right
and
and
time
zone
is
one
of
the
complicating
factors
there.
So
that's
that's
a
good
thing
to
note
that
I
I
I
think
it
needs
to
be
live
and
therefore
time
zone
is
a
challenge,
but
it's
worth
the
challenge,
because
we
then
have
more
communication.
And,
yes,
I
think
we
should
use
breakout
rooms.
I've
I've
liked
how
they've
worked
in
other
environments,
where
I've
used
them
and
I've
been
impressed
at
how
helpful
that
is
to
do
a
breakout.
E
Room
but
but
something
that
we
also
have
to
keep
in
mind
is
since
not
everybody
will
I
mean,
since
we
are
not
in
the
same
location,
we
don't
have
to
do
the
contributor
summits.
I
mean
the
same
day.
We
could
play
the
contributor
summits
on
different
days
and
say,
let's
say
on
monday:
we
want
to
focus
on
that
area
and
choose
this
area
and
so
on,
and
so
we
have
smaller
periods
where
we
have
to
focus,
and
maybe
it
will
be
easier
for
people
to
participate.
Good,
yeah,
good
suggestion.
B
E
Okay,
thank
you
also
just
for
the
date.
I
would
also
not
suggest
to
use
a
date
close
to
neither
first
them
our
skill,
because
one
of
the
reasons
why
we
did
that
during
first
them
or
any
other
major
event
is
because
everybody
was
there
at
the
same
time.
But
on
the
other
side,
we
already
have
plenty
of
things
to
do
for
first
time
and
other
major
events,
which
means
that
it's
maybe
easier
to
just
find
a
moment
where
it's
more
calm.
B
Agreed,
particularly
since
fosdem,
in
order
to
participate
in
the
stand,
I'm
going
to
be
giving
time
saturday
and
sunday
and
that'll
make
it,
make
it
more
challenging.
For
me
to
say:
let's
do
something
immediately
after
that
yeah
it.
I
will
probably
ask
for
a
little
bit
of
gap
timewise
between
the
fosdem
event
and
when
we
do
this
summit.
A
Okay,
so
other
I
think
we
should
double
down
on
this.
Here
is
jinky
security,
because
yeah
all
the
recent
events
with
solar
winds,
etc.
There
are
much
higher
expectations
from
all
components,
participating
in
software
delivery
cycle,
they've
already
some
questions
coming
about
security,
and
I
think
that
we
should
facilitate
this
discussion
in
the
community
and
to
see
what
we
could
improve.
Actually,
there
is
a
lot
of
improvements
happening.
A
For
example,
last
year
I
published
some
starts
so
were
19
advisories,
almost
200
fixed
vulnerabilities
plus
somewhere,
which
were
firstly
disclosed
and
this
fixed.
So
it's
a
quite
high
number
and
there
were
also
two
improvements.
So
now
many
plugins
have
dependable,
including
automatic
security
scanning.
We
have
give
up
material,
fancy
bugs
and
other
components.
A
There
so
yeah,
there
are
definitely
opportunities
for
us,
and
I
think
that
we
can
collaborate
tomorrow.
Yeah,
that
is,
security,
team
and
security
team
is
doing
a
great
job
more
members.
They
could
also
help
especially
getting
more
vendors
participating
because,
right
now
we
have
basically
only
two
vendors
represented
the
security
team,
and
there
is
a
lot
more
so
yeah,
I'm
not
sure
what
exactly
they
deliver
in
terms
of
security.
What
service?
But
it's
up
to.
A
Them
and
yeah
so
if
there
are
any
particular
ideas
what
we
could
improve
there,
I'm
happy
to
discuss
that,
but
yeah
it's
one
of
the
topics.
I
really
have
been
planning
to
drink
up
in
the
million
keys.
C
I
could
I
could
offer
some
help
there.
I
have
some
insight
into
scanning
vulnerabilities,
especially
using
github
actions
from
a
previous
life.
E
D
It
yeah,
it's
probably
worth
I
know,
I'm
throwing
into
other
people,
but
it's
probably
worth
putting
up
a
blog
post
about
this,
because
it's
one
thing
for
the
people
who
are
already
involved
to
get
more
involved,
but
this
would
be
a
great
opportunity
for
a
lot
of
people
who
are
not
involved
to
get
involved.
You
know
a
lot
of
there's
a
lot
of
you
know.
New
security
analysts
out
there
that
are
really
excited
for
a
project
to
get
working
on.
A
Yeah
also
another
formula
opportunities,
for
example,
was
somehow
good
and
what
it
means
that
now
we
are
potentially
eligible
to
get
access
to
tooling
proper
infrastructure
initiative
if
needed.
A
Well,
there
are
tools
like
sneak
available
there,
and
also
we
can
probably
even
apply
for
an
audit
program,
though
the
program
doesn't
seem
to
be
related.
You
know,
and
we
can
also
continue
our
certification,
because
even
if
we
have
100
percent,
which
we
have
133
percent
in
jenkins,
now
there
is
still
178
percent
more
we
could
achieve,
and
there
is
a
lot
of
additional
security
practices
which
we
could
adopt
so.
A
So
yeah
all
these
activities,
I'll
say
good
opportunity
for
us.
A
A
Zero
or
five
means
that
you
just
didn't
process
that
actually
but
yeah.
You
can
see
that
there
are
some
requirements
like
using
basically
package
practices,
which
is
slightly
okay
here
or
some
software
delivery
requirements,
protection
from
the
middle
some
additional
requirements
like
security
review
within
the
last
five
years,
yeah.
A
C
A
B
D
D
D
D
E
D
So
but
the
problem
was
that
we
let
everyone
use
different
tools,
which
means
that
you
know
the.
So
there
are
complaints
that
in
the
that
used
to
be
able
to
talk
to
quote
developers
in
irc,
but
now
you
can't
anymore
because
they're
not
there
and
you
know
that's.
The
problem
is
everyone's
in
different
spots,
so
that
nobody's
in
any
spot.
A
C
C
B
D
Yes,
but
I
don't
think
I
mean
yes
in
the
2020
goals
thing.
Yes,
I
don't
think
it's
really
a
short-term
goal,
because
I
it's
gonna
take
a
little
bit
of
time
for
it
to
solidify
a
little
bit.
I
also
kind
of
think.
D
Maybe
we
want
to
look
in
running
jenkins,
home
server,
so
then
that
might
be
willing
to
wait
for
as
well
so
that
you
know
use
your
ldap
credentials
or
whatever
else
you
log
in
and
you
get
access
to
getter
you
get
access
to
all
the
chat
rooms
they're
all
there
easily
searchable.
So
there's
two
things
I
think
it
might
be
worth
deciding,
maybe
not
implementing,
but
deciding
before
we
do
a
demo.
A
So
what
else
do
we
still
have
pending
terminology
cleanup
in
this
situation
significantly
improved
over
the
past
year,
but
I
think
we
should
keep
pushing
that.
A
A
A
A
D
D
A
A
So,
let's
see
but
yeah
any
of
these
radio
improvements
finally
help
our
users,
so
the
new
plugin
site
was
really
well
accepted.
D
C
Could
we
could
we
maybe
start
publishing
those
via
social
media.
D
Which
trend
are
you
for?
This
is
just
a
search
trend
right.
I'm
talking
about
so
google
every
month
sends
us
a
report
to
say
what
your
top
search.
D
E
D
D
D
C
Yeah,
I
think
it
would
be
beneficial
to
maybe
once
a
month
or
or
something
I'll
I'll
get
an
email
drafted
up
to
send
to
the
advocacy
and
outreach
just
get
every.
So,
let's
see
everybody's
thoughts.
E
It
might
be
upfront
now.
I
would
be
curious
to
know
to
have
the
visualization
of
what's
the
top
10
plugins,
that
people
are
looking
for
information.
What's
the
top
10
plugins
of
what
people
are
contributing
and
what's
the
top
10
plugin
that
people
are
using
well,
I've
been
studying
over
the
past
months.
D
The
sad
thing
right
now
is,
if
you
look
at
the
trending
graph,
all
the
api
ones
are
the
ones
of
the
top
users,
because
every
plug-in
or
a
bunch
of
them
install
them.
So
it's
not
very
useful
data,
but
I'll
think
about
it.
The
other
way
is
is
to
know
which
plugins
are
worth
contributing
to.
You
know
it'd
be
nice
to
see
which
ones
are
having
been
updated
in
a
while
in
a
public
list,
so
people
can
be
like.
Oh,
I
want
to
maintain
this.
D
D
Yep
and
we
can
improve
the
categories
and
tagging
support
right
now.
It's
pretty.
A
D
A
And
yeah,
so
by
this
time
we
can
start
the
discussion
about
priorities
on
the
mailing
list
to
see
what
would
be
the
user
feedback
and
probably
try
to
visualize
that.
But
we
can
almost
approach
this,
maybe
late
in
february.
B
E
I
mean
it
would
be
better
if
we
have
it
later
or
before
this
time,
because
seven
o'clock
here
is
the
time
when
I'm
bringing
kids
to
bed
and
yeah
seems
exactly
the
same
for
me.
Okay
then
find
another
time,
maybe
two
hours
before
or
two
hours
after
it
would
be
fine
for
me.
So
just
seven
is
a
little
bit
hard.
D
C
E
But
later
would
for
me
later
it's
easier,
because
once
everybody's
sleeping
this
is
normally
my
working
time
when.
F
B
C
B
B
B
D
It
was
something
that
came
up
on
the
board
mailing
list
earlier,
and
I
was
just
thinking
about
you
know
when
people
do
donate
what
we
do
for
them,
and
I
was
wondering
if
there's
a
list
of
you
know
like
some
some
like,
if
you
do
like
a
patron
or
something
some
people
have
like
a
little
icon
on
the
bottom
of
their
page.
It
says
these
are
all
the
donators.
A
D
Yeah,
because
I
was
thinking
about
you
know
like
this
donations
is
always
a
good
way
to
get
people
to
be
like
you
want
some
marketing
to
people
who
use
the
product.
You
know
having
jenkins
at
sponsors
with
a
list
of
all
the
people
that
sponsor
in
whatever
way
they
sponsor
could
be
in,
for
it
could
be
other
things
you
know,
and
then
people
would
be
able
to
be.
Like
oh
look,
they
were
friends
of
jenkins.
We
should
give
them
more
money,
because
jenkins
is
awesome.
A
Yeah,
to
be
honest,
I'm
a
bit
concerned
about
it
because
the
most
precious
thing
people
can
donate
is
their
time.
Yes,
it's
not
money.
D
E
D
E
D
A
A
So,
let's
definitely
keep
it
in
mind
and
if
you
want
to
propose
a
new
page,
just
do
that.
Yeah,
because
exactly
olivia
had
the
idea
about
the
workings
interest
on
search
so
that
we
could
have
at
least.
E
These
small
details,
I
open,
I
opened
an
issue
on
jenkins
on
the
github
issues
and
foreign
repository.
E
It
was
just
like
we
have
quite
a
lot
of
infrastructure
sponsors
and
it's
easier
when
we
can
say
if
you
sponsor
the
projects,
how
we
can
put
your
logo
here
and
in
fact
we
have
a
lot
of
sponsors
and
yeah.
I
think
that
would
be
nice
to
to
island
to
highlight
their
contribution.
A
Okay,
so
any
improvements:
how
much
appreciated.
A
We
are
over
time,
okay,
so
then
thanks
everyone
and
yeah.
Thanks
for
your
ideas,
let's
keep
working.