18:00:28 #startmeeting 18:00:28 Let the Jenkins meeting commence! 18:00:43 #chair rtyler hare_brain abayer 18:00:43 Current chairs: abayer hare_brain kohsuke rtyler 18:00:50 #info live from JUC 18:01:15 #info https://wiki.jenkins-ci.org/display/JENKINS/Governance+Meeting+Agenda#GovernanceMeetingAgenda-Sep2meeting 18:01:36 Hi all. I'm trying to configure SSH sites in my config.xml, I'm just trying to find a reference for how to do this. Can anyone help me please? 18:01:46 jarden1 Project meeting right now, please wait a bit 18:02:01 #topic Recap last meeting's actions 18:02:06 #chair danielbeck 18:02:06 Current chairs: abayer danielbeck hare_brain kohsuke rtyler 18:02:08 building an install script for a bunch of applications in a svn repo. Is best practice to have the shell script do the svn checkout/update or leave that to jenkins? 18:02:14 Current status is in the agenda 18:02:38 I blogged about the travel grant, we have botbot.me logging, and a partial infra access list in the wiki 18:02:43 at https://wiki.jenkins-ci.org/display/JENKINS/Infrastructure+Admins 18:02:53 Artifactory is still missing, waiting for KK to give me access 18:03:03 Right, my bad 18:03:12 And once the robobutler also joins #jenkins-meeting, we can move there 18:03:23 that's still pending a prod merge by rtyler I think 18:03:24 I need to figure our the right ldapclient command to run 18:03:33 So that's the current status of past actions 18:04:16 I hope Kostya is happy with that infra admin list 18:04:25 #topic LTS RC status check 18:04:33 ogondza? 18:04:38 kohsuke: we are ready 18:04:50 Great 18:04:57 I'll get it going from here after this meeting 18:05:12 cool 18:05:45 #topic LTS baseline selection 18:06:02 Current versions look pretty good 18:06:12 http://jenkins-ci.org/changelog 18:06:13 This is the topic where I wanted to see jglick around 18:06:31 and he's giving a talk now 18:06:40 Which we knew when we discussed this meeting 18:06:45 Not until later, actually 18:06:50 But he's not around, yeah 18:07:21 kohsuke Are there new APIs that could be relevant? Pretty low activity in core lately 18:07:45 something like 1.625 should be safe 18:08:02 1.624 is 4 weeks old 18:08:16 UC pluggability but that's too new 18:08:21 JENKINS-28440 would be nice 18:08:24 JENKINS-28440:Allow to reject specific configurations via REST and CLI (Resolved) https://issues.jenkins-ci.org/browse/JENKINS-28440 18:08:29 and that's in 1.625 18:09:24 but I understand if we want an older release, after the fun that was 1.609.x 18:09:52 probably we could just keep 1.609.4 18:10:10 I don't see much killer-features in newer releases 18:10:16 https://github.com/jenkinsci/jenkins/compare/jenkins-1.624...jenkins-1.625 18:10:18 oleg-nenashev: I don't see good reasons to change the process 18:10:47 danielbeck: I agree with 625, some deadlock fixes as well 18:10:59 well, those would be backported anyway 18:11:22 Any other opinions on which relese to use? 18:11:36 those are amendments of issues that are supposed to be fixed in earlier releases 18:12:23 +1 for 1.625 18:12:25 OK, 1.625 it is? 18:12:39 #agreed next LTS is based on 1.625 18:12:46 we should wait for 1.632 for maximum confusion :-) 18:12:46 oops 18:12:57 I was hoping for an LTS that can support the latest Workflow! 18:13:16 What version does it require nowadays... 18:13:25 1.609.2 on master 18:13:32 yeah, so shouldn't be a problem, autojack 18:13:33 hang on. it has a new feature that, I thought, required a newer than LTS version. 18:13:37 optional feature though... 18:13:40 or else I'm wrong. 18:13:42 https://github.com/jenkinsci/workflow-plugin/blob/master/pom.xml#L31 18:14:03 autojack: I suspect that workflow will need new features in the core soon 18:14:21 autojack: Just a drawback of the new megafeatures 18:14:30 oleg-nenashev are there new APIs between 1.625 and now? 18:14:43 ... and the situation was here for several LTS lines 18:14:59 only https://github.com/jenkinsci/jenkins/pull/1788 18:15:10 danielbeck: ^^ 18:15:18 unrelated to workflow, and too recent 18:15:20 IMO 18:15:21 ok, I can't find jglick's comment from the 1.9 release. 18:15:28 perhaps I'm wrong. 18:15:31 carry on! 18:15:36 Let's stick to 1.625 18:15:45 Shall we move to the next topic 18:15:45 ? 18:15:52 yes 18:15:56 #topic Travel grant program blessing 18:16:03 #info https://wiki.jenkins-ci.org/display/JENKINS/Travel+Grant+Program 18:16:15 I updated this after the feedback from last time 18:16:46 IIRC the changes are to reduce it to $500 so that we can cover more trips and shorter ones 18:17:04 I think it can be blessed as currently written. If there's a minor issue we can always update it, I don't really expect travels this year 18:17:12 +1 to its current form. 18:17:15 Looks good. 18:17:18 The draft was always 500 USD as we discussed during the original discussion 18:17:24 And thanks for incorporating the feedback! 18:17:42 +1 too 18:17:50 +0.5 18:18:57 * oleg-nenashev doubts that 500$ make much difference, but he's OK with it 18:18:57 #agreed https://wiki.jenkins-ci.org/display/JENKINS/Travel+Grant+Program is blessed as of rev.3 18:19:25 danielbeck says we should skip the next topic... 18:19:37 #topic Clarification what requires a CLA and what does not 18:19:47 It's not clear to me what does. 18:19:55 We've been accepting PRs of others forever. 18:20:09 So it's not "getting some code in" that requires that 18:20:27 IMO: jenkins/core membership, CERT and INFRA teams 18:20:45 It's supposed to be legal CYA. 18:20:47 So one would hope that this is in https://wiki.jenkins-ci.org/display/JENKINS/Governance+Document#GovernanceDocument-Core 18:20:57 CYA? 18:21:02 cover your ass 18:21:28 It's under "Making changes to core" section 18:21:37 If you’d like to be involved more seriously, consider getting commit access. See the section about becoming a plugin developer for how to get this. In addition, we need to ask you to sign the contributor license agreement (CLA). 18:21:45 That's the mode under which I'm operating 18:21:49 Core commit access = requires CLA 18:22:03 okay. And it's a prerequisite for SECURITY as well 18:22:12 CERT commits to core (albeit in a protected repository) hence the same thing applies 18:22:21 ...and INFRA 18:22:33 well, INFRA access requires rtyler to like you :-) 18:22:34 ... because it also influences the security 18:22:46 CLA is copyright assignment 18:22:52 I don't think we required CLA for INFRA 18:23:17 but that has higher bar to entry and people we trust tend to be people who have been working in core 18:23:20 kohsuke: Obviously, it's required for JIRA admin rights (SECURITY access) 18:23:36 well, no. Because you can read this without contributing 18:23:51 THere's the CVE guy who has access there but he doesn't commit things 18:23:55 -> no CLA 18:24:21 but we generally don't give access to that without giving access to jenkins-cert repos because why would we? 18:24:22 oleg-nenashev: as danielbeck says, CLA is to cover contributions, so it's orthogonal to trust levels, at least technically 18:24:44 So the explanation works for me. Thanks. 18:25:00 danielbeck: what clarification would be needed here? 18:25:00 If it's ortogonal, then OK 18:25:28 kohsuke Me being able to read, probably. Or making it explicit that CERT is about core commit access for fixed. I'll figure it out and do it myself. 18:25:31 I'm mostly aware about unrequired permissions than about such paperwork 18:25:44 maybe https://github.com/jenkinsci/infra-cla README should be updated? 18:25:54 OK 18:25:56 kohsuke Yep, you want PRs now 18:26:02 but that's a different thing again 18:26:06 I can do this 18:26:09 Great 18:26:22 moving on… 18:26:24 #topic CERT Team membership request for Oleg Nenashev, Olivier Lamy and valentina armenise 18:26:32 kohsuke, danielbeck: Do we have an NDA for the security stuff doc? ICLA does not cover it at all 18:26:58 it was for the previos topic, but can be postponed 18:27:05 Let's do CERT 18:27:15 We don't have any paperwork for that, but we sure hope you don't shout our unpatched vulnerabilities from rooftop! 18:27:16 we're at the experts booth and it's weird to send people away :( 18:27:24 Indeed :-) 18:27:25 Here I just ask for the CERT membership for 3 contributors 18:27:35 I think all of them should be approved 18:27:44 oleg-nenashev has been around here very long 18:27:53 So has olamy 18:28:02 olamy has been around long, too, and he has done Maven plugin work 18:28:02 Crap 18:28:09 Vincent Latomber 18:28:14 What's his interest in CERT? Is he going to spend time on it? 18:28:29 *Latombe. My bad, it was a typo in the Governance meeting agenda 18:28:35 oleg-nenashev To clarify, VIncent and not Olivier? 18:28:43 Yes, Vincent 18:28:46 okay 18:28:48 OK, so no Olivier 18:28:59 vlatombe has been around for some time, too. He's been doing literate plugin and others 18:29:13 can we just ask whether someone objects? 18:29:23 To any of Oleg, Vincent, Valentina? 18:29:47 no, +1 to more eyeballs 18:29:57 +1 18:30:00 varmenise is relatively new to the Jenkins community but she works for CloudBees and she's been working on Jenkins in the context of our products 18:30:02 Who is Valentina? 18:30:24 (and would undermine her job if she compromised the security project) 18:30:30 https://github.com/varmenise 18:30:54 I don't know her, but I'm fine with a circle of trust model. 18:31:21 #agreed add oleg-nenashev vlatombe and varmenise to CERT 18:31:26 #topic next meeting 18:31:41 Next meeting is Sep 16th same time 18:31:52 I think that's it for today! Back to JUC... 18:31:59 #endmeeting