#jenkins log

18:00:28 <kohsuke> #startmeeting
18:00:28 <robobutler> Let the Jenkins meeting commence!
18:00:43 <kohsuke> #chair rtyler hare_brain abayer
18:00:43 <robobutler> Current chairs: abayer hare_brain kohsuke rtyler
18:00:50 <kohsuke> #info live from JUC
18:01:15 <kohsuke> #info https://wiki.jenkins-ci.org/display/JENKINS/Governance+Meeting+Agenda#GovernanceMeetingAgenda-Sep2meeting
18:01:36 <jarden1> Hi all. I'm trying to configure SSH sites in my config.xml, I'm just trying to find a reference for how to do this. Can anyone help me please?
18:01:46 <danielbeck> jarden1 Project meeting right now, please wait a bit
18:02:01 <kohsuke> #topic Recap last meeting's actions
18:02:06 <kohsuke> #chair danielbeck
18:02:06 <robobutler> Current chairs: abayer danielbeck hare_brain kohsuke rtyler
18:02:08 <tesaf> building an install script for a bunch of applications in a svn repo. Is best practice to have the shell script do the svn checkout/update or leave that to jenkins?
18:02:14 <danielbeck> Current status is in the agenda
18:02:38 <danielbeck> I blogged about the travel grant, we have botbot.me logging, and a partial infra access list in the wiki
18:02:43 <danielbeck> at https://wiki.jenkins-ci.org/display/JENKINS/Infrastructure+Admins
18:02:53 <danielbeck> Artifactory is still missing, waiting for KK to give me access
18:03:03 <kohsuke> Right, my bad
18:03:12 <danielbeck> And once the robobutler also joins #jenkins-meeting, we can move there
18:03:23 <danielbeck> that's still pending a prod merge by rtyler I think
18:03:24 <kohsuke> I need to figure our the right ldapclient command to run
18:03:33 <danielbeck> So that's the current status of past actions
18:04:16 <kohsuke> I hope Kostya is happy with that infra admin list
18:04:25 <kohsuke> #topic LTS RC status check
18:04:33 <danielbeck> ogondza?
18:04:38 <ogondza> kohsuke: we are ready
18:04:50 <kohsuke> Great
18:04:57 <kohsuke> I'll get it going from here after this meeting
18:05:12 <ogondza> cool
18:05:45 <kohsuke> #topic LTS baseline selection
18:06:02 <danielbeck> Current versions look pretty good
18:06:12 <danielbeck> http://jenkins-ci.org/changelog
18:06:13 <kohsuke> This is the topic where I wanted to see jglick around
18:06:31 <danielbeck> and he's giving a talk now
18:06:40 <danielbeck> Which we knew when we discussed this meeting
18:06:45 <kohsuke> Not until later, actually
18:06:50 <kohsuke> But he's not around, yeah
18:07:21 <danielbeck> kohsuke Are there new APIs that could be relevant? Pretty low activity in core lately
18:07:45 <danielbeck> something like 1.625 should be safe
18:08:02 <ogondza> 1.624 is 4 weeks old
18:08:16 <kohsuke> UC pluggability but that's too new
18:08:21 <danielbeck> JENKINS-28440 would be nice
18:08:24 <jenkins-admin> JENKINS-28440:Allow to reject specific configurations via REST and CLI (Resolved) https://issues.jenkins-ci.org/browse/JENKINS-28440
18:08:29 <danielbeck> and that's in 1.625
18:09:24 <danielbeck> but I understand if we want an older release, after the fun that was 1.609.x
18:09:52 <oleg-nenashev> probably we could just keep 1.609.4
18:10:10 <oleg-nenashev> I don't see much killer-features in newer releases
18:10:16 <ogondza> https://github.com/jenkinsci/jenkins/compare/jenkins-1.624...jenkins-1.625
18:10:18 <kohsuke> oleg-nenashev: I don't see good reasons to change the process
18:10:47 <ogondza> danielbeck: I agree with 625, some deadlock fixes as well
18:10:59 <danielbeck> well, those would be backported anyway
18:11:22 <danielbeck> Any other opinions on which relese to use?
18:11:36 <ogondza> those are amendments of issues that are supposed to be fixed in earlier releases
18:12:23 <oleg-nenashev> +1 for 1.625
18:12:25 <kohsuke> OK, 1.625 it is?
18:12:39 <kohsuke> #agreed next LTS is based on 1.625
18:12:46 <danielbeck> we should wait for 1.632 for maximum confusion :-)
18:12:46 <autojack> oops
18:12:57 <autojack> I was hoping for an LTS that can support the latest Workflow!
18:13:16 <kohsuke> What version does it require nowadays...
18:13:25 <danielbeck> 1.609.2 on master
18:13:32 <kohsuke> yeah, so shouldn't be a problem, autojack
18:13:33 <autojack> hang on. it has a new feature that, I thought, required a newer than LTS version.
18:13:37 <autojack> optional feature though...
18:13:40 <autojack> or else I'm wrong.
18:13:42 <danielbeck> https://github.com/jenkinsci/workflow-plugin/blob/master/pom.xml#L31
18:14:03 <oleg-nenashev> autojack: I suspect that workflow will need new features in the core soon
18:14:21 <oleg-nenashev> autojack: Just a drawback of the new megafeatures
18:14:30 <danielbeck> oleg-nenashev are there new APIs between 1.625 and now?
18:14:43 <ogondza> ... and the situation was here for several LTS lines
18:14:59 <oleg-nenashev> only https://github.com/jenkinsci/jenkins/pull/1788
18:15:10 <oleg-nenashev> danielbeck: ^^
18:15:18 <danielbeck> unrelated to workflow, and too recent
18:15:20 <danielbeck> IMO
18:15:21 <autojack> ok, I can't find jglick's comment from the 1.9 release.
18:15:28 <autojack> perhaps I'm wrong.
18:15:31 <autojack> carry on!
18:15:36 <kohsuke> Let's stick to 1.625
18:15:45 <kohsuke> Shall we move to the next topic
18:15:45 <kohsuke> ?
18:15:52 <danielbeck> yes
18:15:56 <kohsuke> #topic Travel grant program blessing
18:16:03 <kohsuke> #info https://wiki.jenkins-ci.org/display/JENKINS/Travel+Grant+Program
18:16:15 <danielbeck> I updated this after the feedback from last time
18:16:46 <kohsuke> IIRC the changes are to reduce it to $500 so that we can cover more trips and shorter ones
18:17:04 <danielbeck> I think it can be blessed as currently written. If there's a minor issue we can always update it, I don't really expect travels this year
18:17:12 <hare_brain> +1 to its current form.
18:17:15 <hare_brain> Looks good.
18:17:18 <danielbeck> The draft was always 500 USD as we discussed during the original discussion
18:17:24 <hare_brain> And thanks for incorporating the feedback!
18:17:42 <kohsuke> +1 too
18:17:50 <oleg-nenashev> +0.5
18:18:57 * oleg-nenashev doubts that 500$ make much difference, but he's OK with it
18:18:57 <kohsuke> #agreed https://wiki.jenkins-ci.org/display/JENKINS/Travel+Grant+Program is blessed as of rev.3
18:19:25 <kohsuke> danielbeck says we should skip the next topic...
18:19:37 <kohsuke> #topic Clarification what requires a CLA and what does not
18:19:47 <danielbeck> It's not clear to me what does.
18:19:55 <danielbeck> We've been accepting PRs of others forever.
18:20:09 <danielbeck> So it's not "getting some code in" that requires that
18:20:27 <oleg-nenashev> IMO: jenkins/core membership, CERT and INFRA teams
18:20:45 <hare_brain> It's supposed to be legal CYA.
18:20:47 <kohsuke> So one would hope that this is in https://wiki.jenkins-ci.org/display/JENKINS/Governance+Document#GovernanceDocument-Core
18:20:57 <kohsuke> CYA?
18:21:02 <autojack> cover your ass
18:21:28 <kohsuke> It's under "Making changes to core" section
18:21:37 <kohsuke> If you’d like to be involved more seriously, consider getting commit access. See the section about becoming a plugin developer for how to get this. In addition, we need to ask you to sign the contributor license agreement (CLA).
18:21:45 <kohsuke> That's the mode under which I'm operating
18:21:49 <kohsuke> Core commit access = requires CLA
18:22:03 <danielbeck> okay. And it's a prerequisite for SECURITY as well
18:22:12 <kohsuke> CERT commits to core (albeit in a protected repository) hence the same thing applies
18:22:21 <oleg-nenashev> ...and INFRA
18:22:33 <danielbeck> well, INFRA access requires rtyler to like you :-)
18:22:34 <oleg-nenashev> ... because it also influences the security
18:22:46 <danielbeck> CLA is copyright assignment
18:22:52 <kohsuke> I don't think we required CLA for INFRA
18:23:17 <kohsuke> but that has higher bar to entry and people we trust tend to be people who have been working in core
18:23:20 <oleg-nenashev> kohsuke: Obviously, it's required for JIRA admin rights (SECURITY access)
18:23:36 <danielbeck> well, no. Because you can read this without contributing
18:23:51 <danielbeck> THere's the CVE guy who has access there but he doesn't commit things
18:23:55 <danielbeck> -> no CLA
18:24:21 <danielbeck> but we generally don't give access to that without giving access to jenkins-cert repos because why would we?
18:24:22 <kohsuke> oleg-nenashev: as danielbeck says, CLA is to cover contributions, so it's orthogonal to trust levels, at least technically
18:24:44 <danielbeck> So the explanation works for me. Thanks.
18:25:00 <kohsuke> danielbeck: what clarification would be needed here?
18:25:00 <oleg-nenashev> If it's ortogonal, then OK
18:25:28 <danielbeck> kohsuke Me being able to read, probably. Or making it explicit that CERT is about core commit access for fixed. I'll figure it out and do it myself.
18:25:31 <oleg-nenashev> I'm mostly aware about unrequired permissions than about such paperwork
18:25:44 <kohsuke> maybe https://github.com/jenkinsci/infra-cla README should be updated?
18:25:54 <kohsuke> OK
18:25:56 <danielbeck> kohsuke Yep, you want PRs now
18:26:02 <danielbeck> but that's a different thing again
18:26:06 <danielbeck> I can do this
18:26:09 <kohsuke> Great
18:26:22 <danielbeck> moving on…
18:26:24 <kohsuke> #topic CERT Team membership request for Oleg Nenashev, Olivier Lamy and valentina armenise
18:26:32 <oleg-nenashev> kohsuke, danielbeck: Do we have an NDA for the security stuff doc? ICLA does not cover it at all
18:26:58 <oleg-nenashev> it was for the previos topic, but can be postponed
18:27:05 <danielbeck> Let's do CERT
18:27:15 <kohsuke> We don't have any paperwork for that, but we sure hope you don't shout our unpatched vulnerabilities from rooftop!
18:27:16 <danielbeck> we're at the experts booth and it's weird to send people away :(
18:27:24 <kohsuke> Indeed :-)
18:27:25 <oleg-nenashev> Here I just ask for the CERT membership for 3 contributors
18:27:35 <danielbeck> I think all of them should be approved
18:27:44 <kohsuke> oleg-nenashev has been around here very long
18:27:53 <danielbeck> So has olamy
18:28:02 <kohsuke> olamy has been around long, too, and he has done Maven plugin work
18:28:02 <oleg-nenashev> Crap
18:28:09 <oleg-nenashev> Vincent Latomber
18:28:14 <kohsuke> What's his interest in CERT? Is he going to spend time on it?
18:28:29 <oleg-nenashev> *Latombe. My bad, it was a typo in the Governance meeting agenda
18:28:35 <danielbeck> oleg-nenashev To clarify, VIncent and not Olivier?
18:28:43 <oleg-nenashev> Yes, Vincent
18:28:46 <danielbeck> okay
18:28:48 <kohsuke> OK, so no Olivier
18:28:59 <kohsuke> vlatombe has been around for some time, too. He's been doing literate plugin and others
18:29:13 <danielbeck> can we just ask whether someone objects?
18:29:23 <danielbeck> To any of Oleg, Vincent, Valentina?
18:29:47 <ogondza> no, +1 to more eyeballs
18:29:57 <batmat> +1
18:30:00 <kohsuke> varmenise is relatively new to the Jenkins community but she works for CloudBees and she's been working on Jenkins in the context of our products
18:30:02 <hare_brain> Who is Valentina?
18:30:24 <danielbeck> (and would undermine her job if she compromised the security project)
18:30:30 <kohsuke> https://github.com/varmenise
18:30:54 <hare_brain> I don't know her, but I'm fine with a circle of trust model.
18:31:21 <kohsuke> #agreed add oleg-nenashev vlatombe and varmenise to CERT
18:31:26 <kohsuke> #topic next meeting
18:31:41 <kohsuke> Next meeting is Sep 16th same time
18:31:52 <kohsuke> I think that's it for today! Back to JUC...
18:31:59 <kohsuke> #endmeeting