►
From YouTube: 2021 04 23 Platform SIG
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Remember
we
live
by
the
jenkins
code
of
conduct
as
we're
in
meetings
be
good
to
each
other,
so
topics
I
had
on
the
agenda
included
open
action
items
java
11
as
default
in
all
our
images
and,
let's
see
we've
typically
talked
coordinating
proposed.
Docker
changes
would
love
to
have
further
conversation
there
securing
the
delivery
pipeline
gareth.
Would
you
be
okay
if
I
put
that
one
earlier
in
the
agenda
so
that
we
could
absolutely
be
sure
we
get
to
it
okay
and
security
scanning?
A
A
Okay,
super
all
right,
so
action
action
item
review
then
oh
gareth,
I
assume
none
from
you
other
than
the
one
that
you're
already
on
great
okay,
so
the
jep
I
still
have
not
opened
it.
I
can
t
the
draft
is
there
and
encourage
people
to
give
feedback
on
it?
The
concept
seems
to
be
holding,
and
alex
mentioned
it
in
in
a
pr
review
to
a
particular
person,
and
I
was
delighted
that
that
person
said
yes,
they
were
interested
in
being
a
code
owner,
so
it
was
sounded
very
promising.
A
A
A
B
Yeah
sure
so
the
the
particular
piece
that
I've
been
looking
at
is
yes,
if
there
is,
I
suppose
it's
the
refinement
to
enhancements
around
229
to
allow
automatic
semantic
versioning
to
trigger
with
jx
release
version.
B
I'm
sorry.
So
what
we
have
is
jx
release
version
is
available
as
a
github
action
that
can
be
run
to
determine
the
next
version
based
on
your
conventional
commits
history
and
then
reset
the
version
into
the
plugin
before
updating
or
for
deploying,
and
then
update
the
tag
to
point
to
the
right
place
and
it
seems
to
it
seems
to
be
a
nice
kind
of
replaceable
piece
inside
that
yep
329.
B
So
it
seems
to
work
quite
nicely.
The
next
step
that
we're
really
hoping
to
do
is
to
try
this
out
with
a
a
multi-branch
plug-in.
I
don't
mean
that
the
multi-branch
pipeline
piece,
I
mean
a
sort
of
a
a
plug-in
that
needs
to
maintain
multiple
branches.
At
the
same
time,
just
like
fox
writing
in
there.
A
So
so
the
the
intent
here
for
gareth
and
and
for
me,
he
and
I
are
going
to
work
together
on
this
one.
Is
we
intend
next
week
to
take
one
specific
plugin
in
this
case
the
elastic
access
plugin?
I
know
you're
all
deeply
committed
users
of
the
elastic
access
plus
plugin
and
you're
one
of
the
300
users
in
the
world
who
use
it,
but
since
you're,
probably
not,
I
happen
to
maintain
it
and
it's
a
convenient
place
to
do
these
kind
of
experiments
with
relatively
low
damage
potential.
A
I'm
not
going
to
hurt
anybody,
it's
not
like.
If
I
did
this
to
the
git
plug-in
and
suddenly
people
became
outraged,
so
access
plug-in
will
release
two
versions.
Our
hope
is
to
release
two
versions
or
more
next
week
as
a
test,
and
it
will
have
switched
to
continuous
delivery
using
jeff
229.
With
these
extensions
that
gareth
has
performed
and
and
automatic
semantic
versioning.
A
A
A
Yeah
well
and
and
part
of
the
experiment
here
right,
I
I
transitioned
the
platform
laboratory
to
jep229
and
it
was
a
good
experiment
and
it's
been
successful,
but
I
find
it
hard
to
read
the
version
numbers
and
I
and
I've
heard
others
in
the
community
comment
that
they
find
the
version
numbers
hard
hard
to
use.
So
this
is
an
attempt
to
refine
that
and
see.
Could
we
use
more
commonly
used
version
numbers
and
still
have
fully
automatic
releases.
C
Interested
in
this,
I
I
switched
token
macro
over
to
jeff
229
I
haven't
done,
there
hasn't
been
any
pr's
or
anything
for
a
release.
So
I
I'm
hoping
this
stuff
comes
in
pretty
quick,
so
I
can
use
it
there.
That
would
be
really
nice.
A
Oh,
oh
right
because
you
see,
I
can't
switch
platform
labeler,
because
once
I've
delivered
a
release,
there's
no
going
back,
but
you
haven't
yet
delivered
a
release,
so
this
could
potentially
help
token
macro
cool,
okay,
good.
All
right,
so
keep
alex
informed
of
progress
because,
again
token
macro
is
one
of
those
that's
only
installed
in
260
000
jenkins
installations
worldwide
right,
so
only
only
every
jenkins
installation
out
there
has
token
macro
so.
A
A
Okay,
next
topic
was
java
java
11,
as
default
in
all
our
images.
A
So
the
crucial
question
for
me
there
is
the
jenkins
jenkins,
colon,
lts
and
docker
image
today
is
delivering
is
delivering
java
8,
but
the
day
will
come.
The
request
had
been
made
previously
by
daniel
beck
and
others.
Please
do
those
kind
of
changes
on
on
elt
on
major
lts.ones
and
we've
already
done
the
baseline
selection.
I
don't
think
we're
going
to
fit
for
june.
So
the
rough
rough
idea
make
this
transition
in
september.
A
A
C
C
So
I
think
it's
fine
if
we
do
some
announcements
ahead
of
time
and
so
forth,
and
just
let
people
know
that
that's
coming
that
you
know
in
september
time
frame
if
they
pull
the
lts
image,
it's
going
to
be
java
11
going
forward.
I
don't
know
if
we
even
stop
publishing
the
java
8
images
or
stop
updating.
That's
a
maybe
a
second
part
of
the
discussion.
A
Well
well
so
this
one,
if
we
replace
jenkins
jenkins
colon
lts,
that
would
mean
we
stop
that
one
would
no
longer
be
java
8
and
I
would
not
create
new
images
that
are
dedicated
to
java
8,
at
least
not
from
my
personal
taste.
So
but
that's
a
good
topic
for
transition
described
in
the
jab.
C
Planning
on
doing
like
changing
the
published
location
of
the
java,
8
images
to
be
like
jdk8,
like
we
have
for
jdk
11
right
now,
but
yeah.
A
Okay,
next
topic
then
proposed
docker
changes
and
we've
got
several
there,
so
I
am
feeling
completely
behind
on
docker
image.
Maintenance
are
others.
Can
others
give
me
a
hint
on
how
we're
doing
there
gareth?
I
know
you've
made
significant
progress
in
using
docker
images
more
consistently
in
jenkins
infra.
A
I
don't
think,
though,
that
that's
touched
the
docker
delivery
that
we're
doing
the
image
delivery
that
we're
doing
to
create
the
base
images.
Am
I
correct
there
that
your
work
has
been
around.
B
We've
been
looking
at
better
ways
of
customizing
the
controller
image
to
contain
the
plugins
that
you
need
so
that
they're
not
downloaded
each
time
on
on
pod
restart.
That's
the
main
reason.
B
Yeah,
there's
a
a
bit
of
an
issue
with
the
current
helm
chart
in
that
in
the
kind
of
default
way
that
you
add
plugins
to
it,
they're
downloaded
on
startup
they
do
get.
There
is
a
way
of
caching
them
onto
a
system
volume,
but
there
is
also
a
possibility
that
when
a
pottery
starts,
it's
going
to
download
a
newer
image,
a
newer
version
of
a
plug-in
that
you're
not
expecting.
A
B
And
you
may
run
into
possible
issues
because
of
that,
certainly
with
the
what
we
had
one
with
the
ec2
plug-in,
where
it
was
a
minor
release,
but
actually
it
was
removing
configuration
and
the
pod
was
only
start
properly.
B
C
I
think
my
my
kind
of
next
thing
that
I
want
to
look
at
is
getting
all
the
multi-arc
stuff
in,
because
I
would
really
like
to
use
official
like
arm
64
and
images
and
so
forth.
So
I'm
going
to
probably
be
looking
at
jim
crowley's
stuff
and
see
if
I
can
move
it
along.
A
C
Local
jenkins
instance
and
connect
it
to
those
like
that's
390x
and
rpc
agents
like
you
do
so
I
may
be
pinging
you
first
up
for
for
ideas
and
so
forth,
because
I
know
you
have
an
awesome
setup
with
for
your
testing.
A
A
A
Okay
next
topic
is
just
a
status
report
on
security
scanning
of
binaries
and
images.
So
oleg
is
is
leading.
An
effort
now
is
discussing
with
lfx
security,
lfx
security,
so
lfx
being
the
linux
foundation.
They
have
a
project
called
lfx
security
that
offers
scanning
of
open
source
projects
with
what
is,
at
its
back
end
a
sneak
instance
so
and
right
now,
the
noise
level,
because
sneak
doesn't
understand
jenkins
dependencies.
A
The
noise
level
is
unacceptably
high.
He's
working
with
trying
to
see
are
there
ways
we
could
help
that
or
improve
that
or
work
with
sneak
directly
to
to
get
that
better?
It's
it's
still
an
ongoing
ongoing
investigation,
nothing
to
announce
nothing
to
share
now
in
terms
of
there
is
the
code
ql
work,
that's
not
really
images
and
binaries
that's
scanning
of
source
code,
that
prototype
is
available
and
or
is,
is
running
on
some
jenkins
repositories.
C
C
It
would
be
great
to
make
it
part
of
the
irc
bot,
but
at
the
same
time
it
does
require
a
little
bit
of
human
checking,
because
sometimes
there
are
false
positives
and
things
like
that.
So
it's
it's
awesome
because
it
it
picks
up
a
lot
of
the
things
that
I
normally
have
to
look
for
in
the
hosting
process
for
security
things.
A
Good
okay,
so
just
the
fact
that
you've
been
using
a
local
copy
is
already
encouraging
that
that
says,
as
we
as
we're
transitioning
away
from
putting
the
so
much
burden
on
you
for
hosting
requests
that
others
are
picking
it
up.
They'll
likely
need
to
know
how
you
do
that
and
what
the
techniques
are
very
good.
A
Well
that
that
one
at
least
would
let
us
that
has
the
I
assume
what
they're
doing
is
something
like
onshore
does
or
or
others
where
they
they
look
for
vulnerabilities
in
the
base
operating
system
image,
in
addition
to
looking
for
known
cves
on
the
product,
that's
on
it.
So
in
this
case,
looking
for
known
vulnerabilities,
because
we
failed
to
update
an
alpine
image
or
something
like
that
right,
okay,
good
anything
else,
there.