owned this note
owned this note
Published
Linked with GitHub
# 11 Nov 2024
[:movie_camera: Zoom Meeting Room](https://zoom.us/j/91564716663?pwd=R3A2RDFGcU1wTVdoVTErYm1jNzVWdz09) | [:calendar: Shared Calendar](https://jenkins.io/event-calendar/) | [:notes: Meeting notes](https://community.jenkins.io/tag/governance) |
## Attendees 👥
<!-- Handles are GitHub handles -->
* @basil (Basil Crow)
* @MarkEWaite (Mark Waite)
* @NotMyFault (Alexander Brandes)
* @uhafner (Ullrich Hafner)
* @kmartens27 (Kevin Martens)
## Upcoming Calendar 📆
* Election voting in progress, November 1 - 30, 2024
* Email invitations have been sent to all registered voters
* Next weekly release: 2.485, Tuesday November 12, 2024
* Next LTS: 2.479.2, November 27, 2024 - Kris Stern release lead, using [LTS release checklist](https://github.com/jenkins-infra/release/issues/615)
* Release candidate Wednesday November 13, 2024
* Next major events:
* [Jenkins contributor summit](https://community.jenkins.io/t/jenkins-contributor-summit-on-jan-31-2025-call-for-topics-and-ideas/21678) 31 Jan 2025
* Alyssa Tong has the venue for up to 24 participants and is organizing logistics
* Bruno Verachten organizing the [agenda](https://community.jenkins.io/t/jenkins-contributor-summit-on-jan-31-2025-call-for-topics-and-ideas/21678)
* [FOSDEM 2025](https://fosdem.org/2025/) - February 1-2, 2025
* Jenkins requesting a stand
## Agenda
### News
* Jenkins 2.479.x release dates
* 27 Nov 2024 - 2.479.2
* 08 Jan 2025 - 2.479.3 (two week break at end of year)
### Action Items
* Mark announce the reopening of voter registration while voting continues
* Good to welcome more voters
* Announced in [Jenkins user mailing list](https://groups.google.com/g/jenkinsci-users/c/4rQu39sf35M/m/K08zhovEBwAJ) and [Jenkins developer mailing list](https://groups.google.com/g/jenkinsci-dev/c/wJkDfrfOM5s/m/-HnpqJs3CgAJ)
* Basil create the attribution entries for the downloads page
* Jenkins sponsors have changed
* Continues on the to-do list [draft PR](https://github.com/jenkins-infra/jenkins.io/pull/6882)
* Kevin Martens retire the Chinese Jenkins site
* Kevin and Mark will meet with Damien in November
* More work pending
* Basil has lots of experience with redirecting if needed, don't break the URL's
### Community activity
* Jenkins Content Security Policy project
* Adapting plugins to be compatible with a future, broader implementation of content security policy
* Submitting pull requests, releasing plugins, preparing for future enablement in core
* Lots of rapid progress in this stage due to widely used plugins
* Plugins are usually well maintained
* Will change as project moves deeper into the list
* Pace of work will be slower in the coming months
* Some plugins won't be updated (deprecated, etc.)
* Project has been running for 6 weeks - [tracking sheet](https://docs.google.com/spreadsheets/d/1nSx4gQ2YUl-sKdY5u6biXmyDnkQ26wTaMBLSR8gr_-A/edit?usp=sharing) shows great progress
* Yaroslav Afenkin and Shlomo Dahan both planned to work on it until end of calendar year
* Think we may be able to fix most detected violations for plugins above 10k installs
* May have time to resolve some plugins above 1k installs
* Released CSP fixes for Jenkins core and more than 20 plugins
* Run Jenkins ATH with CSP enabled
* Static Analysis of CSP violations across the Jenkins repositories (Daniel Beck's CSP scanner)
* Will continue to deliver more fixes
* Basil runs ATH with CSP violation checking regularly
* Detects regressions reliably
* Static analysis has some false positives and false negatives
* Would want to further refine before it is a part of every build
* If we can reach a point of confidence, can include it in plugin builds
* ATH is sufficient for those plugins covered in ATH
* [October report](https://github.com/ossf/alpha-omega/blob/main/alpha/engagements/2024/Jenkins/update-2024-10.md) submitted to Alpha-Omega by Bruno Verachten
* Also provided a [Jenkins blog post](https://www.jenkins.io/blog/2024/11/01/jenkins-csp-project-update/)
* Spring Security 6.x Upgrade - [mailing list thread](https://groups.google.com/g/jenkinsci-dev/c/gsXAqOQQEPc/m/4fn4Un1iAwAJ)
* Phase 1 - Apache File Upload 2.0 - **done**
* Phase 2 - Require Java 17 in weekly - **done**
* Phase 3 - Upgrade Jetty 10 to Jetty 12 EE 8 - **done**
* Phase 4 - Upgrade Jetty 12 EE 8 to Jetty 12 EE 9 + Spring Security 6.x - **done**
* Jenkins 2.475 (3 Sep 2024) and later
* Jenkins 2.479.1 LTS (30 Oct 2024) - [LTS release checklist](https://github.com/jenkins-infra/release/issues/606)
* Some lockstep plugin updates needed for Spring Security 6.x Upgrade
* LDAP plugin lockstep upgrade as noted in [2.475 changelog](https://www.jenkins.io/changelog/2.475/), LDAP plugin changelog, and [community.jenkins.io post](https://community.jenkins.io/t/tricky-to-upgrade-beyond-2-474-if-you-use-the-ldap-plugin-needs-docs-on-the-procedure/19808)
* CAS plugin lockstep upgrade as noted in [2.475 changelog](https://www.jenkins.io/changelog/2.475/) and
* Reverse Proxy Auth plugin lockstep upgrade as noted in [2.479.1 upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.479/#upgrade-spring-security-spring-framework-and-servlet-containers) and
* Windows Negotiate SSO plugin lockstep upgrade as noted in [2.479.1 upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.479/#upgrade-spring-security-spring-framework-and-servlet-containers)
* EnvInject plugin specific issue
* Documentation update on the Env Inject plugin in the [LTS upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.479/#require-java-17)
* Much larger project to make a larger fix
* Multiple duplicates of this issue, likely more once Java 17 is required in LTS
* Redirect people to that comment
* One plugin still with a known issue - Jira integration plugin (not "Jira plugin")
* Build failure results analyzer known failure
* Requires a lockstep upgrade in a relatively minor feature of the plugin (released a few weeks ago)
x-and-5-3-x)
* [TechStrong TV episode with Jenkins maintainers](https://techstrong.tv/videos/cd-pipeline/behind-the-code-jenkins-updrages-challenges-and-evolution-the-cd-pipeline-ep15)
* Alan Shimel and Lori Lorusso hosts
* Basil Crow
* Damien Duportal
* Kris Stern
* Mark Waite
* [Contributor Spotlight](https://contributors.jenkins.io/)
* 12 months of contributor spotlights completed, more to come
* Recently published: [Jesse Glick](https://contributors.jenkins.io/pages/contributors/jesse-glick/)
### Governance Topics
* $9000 available for Jenkins project at Software in the Public Interest
* Approved last meeting that funds will be used as travel reimbursement for Jenkins Contributor Summit and FOSDEM
* Mark Waite propose prioritized list of attendees to fund for travel
* Governance board and Jenkins officer election in progress - [Election Calendar](https://www.jenkins.io/project/election-walkthrough/)
* Blog posts
* [Voter registration](https://www.jenkins.io/blog/2024/09/25/board-officer-election-announcement/) - 26 Sep 2024
* [Candidate statements](https://www.jenkins.io/blog/2024/10/03/jenkins-election-candidates/) - 3 Oct 2024
* Voter registration
* 74 voters [registered](https://community.jenkins.io/g/election-voter-2024) as of 31 Oct 2024
* Proposed to reopen voter registration while voting continues
* Mark Waite submit blog post announcing the reopening of voter registration
* Mark Waite send announcement email to [Jenkins user mailing list](https://groups.google.com/group/jenkinsci-users/topics) and [Jenkins developer mailing list](https://groups.google.com/group/jenkinsci-dev/topics)
* Mark Waite and Basil Crow continue to review and process new registrations and invite newly registered voters to the polls
* Email invitation sent 4 Oct 2024 to all registered voters
* Voting progress report - 74 registered voters
* 36 votes cast for governance board
* 33 votes cast for release officer
* Governance board term ends in December for Alex and Ulli
* Governance board positions are available for election for the term 2024/12/03 - 2026/12/02
* 6 candidates nominated and confirmed for 3 positions on the governance board
* Alex Earl
* Alexander Brandes
* Kris Stern
* Oleg Nenashev
* Stefan Spieker
* Valentin Delaye
* 2 candidates nominated and confirmed for Release Officer
* Alex Earl
* Tim Jacomb
* 1 candidate nominated and confirmed for other officer positions
* Alyssa Tong - Events Officer
* Damien Duportal - Infrastructure Officer
* Kevin Martens - Docuemntation Officer
* Wadeck Follonier - Security Officer
* Cloud expenses and plans
* Azure (CDF paid)
* July: $4,571
* August: $4,552
* September: $3,910
* October: $4,200
* Azure Sponsorship (Microsoft Credits) - $33k remaining, donation ends May 2025
* July: $10k
* August: $10.5k
* September: $10.3k
* October: $12.9k
* DigitalOcean - Remaining $15k (~5k consumed) until 02 January 2025
* July: $176.01
* August $200.08
* September: $158
* October $196
* AWS:
* CloudBees:
* June: $5,862
* July: $6.5k
* August: $6.3k
* September: $6.3k
* October: $6.4k
* Sponsored account
* October: $178
* Global Status:
* Credits left: $59,800 until 31 January 2025
* Credits left: $60k until 31 July 2025
* Moving ci.jenkins.io to AWS sponsored account
* Likely $10k per month Nov 2024 - Jan 2025
Sign in with Wallet
