18:00:28 <kohsuke> #startmeeting 18:00:28 <robobutler> Let the Jenkins meeting commence! 18:00:43 <kohsuke> #chair rtyler hare_brain abayer 18:00:43 <robobutler> Current chairs: abayer hare_brain kohsuke rtyler 18:00:50 <kohsuke> #info live from JUC 18:01:15 <kohsuke> #info https://wiki.jenkins-ci.org/display/JENKINS/Governance+Meeting+Agenda#GovernanceMeetingAgenda-Sep2meeting 18:01:36 <jarden1> Hi all. I'm trying to configure SSH sites in my config.xml, I'm just trying to find a reference for how to do this. Can anyone help me please? 18:01:46 <danielbeck> jarden1 Project meeting right now, please wait a bit 18:02:01 <kohsuke> #topic Recap last meeting's actions 18:02:06 <kohsuke> #chair danielbeck 18:02:06 <robobutler> Current chairs: abayer danielbeck hare_brain kohsuke rtyler 18:02:08 <tesaf> building an install script for a bunch of applications in a svn repo. Is best practice to have the shell script do the svn checkout/update or leave that to jenkins? 18:02:14 <danielbeck> Current status is in the agenda 18:02:38 <danielbeck> I blogged about the travel grant, we have botbot.me logging, and a partial infra access list in the wiki 18:02:43 <danielbeck> at https://wiki.jenkins-ci.org/display/JENKINS/Infrastructure+Admins 18:02:53 <danielbeck> Artifactory is still missing, waiting for KK to give me access 18:03:03 <kohsuke> Right, my bad 18:03:12 <danielbeck> And once the robobutler also joins #jenkins-meeting, we can move there 18:03:23 <danielbeck> that's still pending a prod merge by rtyler I think 18:03:24 <kohsuke> I need to figure our the right ldapclient command to run 18:03:33 <danielbeck> So that's the current status of past actions 18:04:16 <kohsuke> I hope Kostya is happy with that infra admin list 18:04:25 <kohsuke> #topic LTS RC status check 18:04:33 <danielbeck> ogondza? 18:04:38 <ogondza> kohsuke: we are ready 18:04:50 <kohsuke> Great 18:04:57 <kohsuke> I'll get it going from here after this meeting 18:05:12 <ogondza> cool 18:05:45 <kohsuke> #topic LTS baseline selection 18:06:02 <danielbeck> Current versions look pretty good 18:06:12 <danielbeck> http://jenkins-ci.org/changelog 18:06:13 <kohsuke> This is the topic where I wanted to see jglick around 18:06:31 <danielbeck> and he's giving a talk now 18:06:40 <danielbeck> Which we knew when we discussed this meeting 18:06:45 <kohsuke> Not until later, actually 18:06:50 <kohsuke> But he's not around, yeah 18:07:21 <danielbeck> kohsuke Are there new APIs that could be relevant? Pretty low activity in core lately 18:07:45 <danielbeck> something like 1.625 should be safe 18:08:02 <ogondza> 1.624 is 4 weeks old 18:08:16 <kohsuke> UC pluggability but that's too new 18:08:21 <danielbeck> JENKINS-28440 would be nice 18:08:24 <jenkins-admin> JENKINS-28440:Allow to reject specific configurations via REST and CLI (Resolved) https://issues.jenkins-ci.org/browse/JENKINS-28440 18:08:29 <danielbeck> and that's in 1.625 18:09:24 <danielbeck> but I understand if we want an older release, after the fun that was 1.609.x 18:09:52 <oleg-nenashev> probably we could just keep 1.609.4 18:10:10 <oleg-nenashev> I don't see much killer-features in newer releases 18:10:16 <ogondza> https://github.com/jenkinsci/jenkins/compare/jenkins-1.624...jenkins-1.625 18:10:18 <kohsuke> oleg-nenashev: I don't see good reasons to change the process 18:10:47 <ogondza> danielbeck: I agree with 625, some deadlock fixes as well 18:10:59 <danielbeck> well, those would be backported anyway 18:11:22 <danielbeck> Any other opinions on which relese to use? 18:11:36 <ogondza> those are amendments of issues that are supposed to be fixed in earlier releases 18:12:23 <oleg-nenashev> +1 for 1.625 18:12:25 <kohsuke> OK, 1.625 it is? 18:12:39 <kohsuke> #agreed next LTS is based on 1.625 18:12:46 <danielbeck> we should wait for 1.632 for maximum confusion :-) 18:12:46 <autojack> oops 18:12:57 <autojack> I was hoping for an LTS that can support the latest Workflow! 18:13:16 <kohsuke> What version does it require nowadays... 18:13:25 <danielbeck> 1.609.2 on master 18:13:32 <kohsuke> yeah, so shouldn't be a problem, autojack 18:13:33 <autojack> hang on. it has a new feature that, I thought, required a newer than LTS version. 18:13:37 <autojack> optional feature though... 18:13:40 <autojack> or else I'm wrong. 18:13:42 <danielbeck> https://github.com/jenkinsci/workflow-plugin/blob/master/pom.xml#L31 18:14:03 <oleg-nenashev> autojack: I suspect that workflow will need new features in the core soon 18:14:21 <oleg-nenashev> autojack: Just a drawback of the new megafeatures 18:14:30 <danielbeck> oleg-nenashev are there new APIs between 1.625 and now? 18:14:43 <ogondza> ... and the situation was here for several LTS lines 18:14:59 <oleg-nenashev> only https://github.com/jenkinsci/jenkins/pull/1788 18:15:10 <oleg-nenashev> danielbeck: ^^ 18:15:18 <danielbeck> unrelated to workflow, and too recent 18:15:20 <danielbeck> IMO 18:15:21 <autojack> ok, I can't find jglick's comment from the 1.9 release. 18:15:28 <autojack> perhaps I'm wrong. 18:15:31 <autojack> carry on! 18:15:36 <kohsuke> Let's stick to 1.625 18:15:45 <kohsuke> Shall we move to the next topic 18:15:45 <kohsuke> ? 18:15:52 <danielbeck> yes 18:15:56 <kohsuke> #topic Travel grant program blessing 18:16:03 <kohsuke> #info https://wiki.jenkins-ci.org/display/JENKINS/Travel+Grant+Program 18:16:15 <danielbeck> I updated this after the feedback from last time 18:16:46 <kohsuke> IIRC the changes are to reduce it to $500 so that we can cover more trips and shorter ones 18:17:04 <danielbeck> I think it can be blessed as currently written. If there's a minor issue we can always update it, I don't really expect travels this year 18:17:12 <hare_brain> +1 to its current form. 18:17:15 <hare_brain> Looks good. 18:17:18 <danielbeck> The draft was always 500 USD as we discussed during the original discussion 18:17:24 <hare_brain> And thanks for incorporating the feedback! 18:17:42 <kohsuke> +1 too 18:17:50 <oleg-nenashev> +0.5 18:18:57 * oleg-nenashev doubts that 500$ make much difference, but he's OK with it 18:18:57 <kohsuke> #agreed https://wiki.jenkins-ci.org/display/JENKINS/Travel+Grant+Program is blessed as of rev.3 18:19:25 <kohsuke> danielbeck says we should skip the next topic... 18:19:37 <kohsuke> #topic Clarification what requires a CLA and what does not 18:19:47 <danielbeck> It's not clear to me what does. 18:19:55 <danielbeck> We've been accepting PRs of others forever. 18:20:09 <danielbeck> So it's not "getting some code in" that requires that 18:20:27 <oleg-nenashev> IMO: jenkins/core membership, CERT and INFRA teams 18:20:45 <hare_brain> It's supposed to be legal CYA. 18:20:47 <kohsuke> So one would hope that this is in https://wiki.jenkins-ci.org/display/JENKINS/Governance+Document#GovernanceDocument-Core 18:20:57 <kohsuke> CYA? 18:21:02 <autojack> cover your ass 18:21:28 <kohsuke> It's under "Making changes to core" section 18:21:37 <kohsuke> If you’d like to be involved more seriously, consider getting commit access. See the section about becoming a plugin developer for how to get this. In addition, we need to ask you to sign the contributor license agreement (CLA). 18:21:45 <kohsuke> That's the mode under which I'm operating 18:21:49 <kohsuke> Core commit access = requires CLA 18:22:03 <danielbeck> okay. And it's a prerequisite for SECURITY as well 18:22:12 <kohsuke> CERT commits to core (albeit in a protected repository) hence the same thing applies 18:22:21 <oleg-nenashev> ...and INFRA 18:22:33 <danielbeck> well, INFRA access requires rtyler to like you :-) 18:22:34 <oleg-nenashev> ... because it also influences the security 18:22:46 <danielbeck> CLA is copyright assignment 18:22:52 <kohsuke> I don't think we required CLA for INFRA 18:23:17 <kohsuke> but that has higher bar to entry and people we trust tend to be people who have been working in core 18:23:20 <oleg-nenashev> kohsuke: Obviously, it's required for JIRA admin rights (SECURITY access) 18:23:36 <danielbeck> well, no. Because you can read this without contributing 18:23:51 <danielbeck> THere's the CVE guy who has access there but he doesn't commit things 18:23:55 <danielbeck> -> no CLA 18:24:21 <danielbeck> but we generally don't give access to that without giving access to jenkins-cert repos because why would we? 18:24:22 <kohsuke> oleg-nenashev: as danielbeck says, CLA is to cover contributions, so it's orthogonal to trust levels, at least technically 18:24:44 <danielbeck> So the explanation works for me. Thanks. 18:25:00 <kohsuke> danielbeck: what clarification would be needed here? 18:25:00 <oleg-nenashev> If it's ortogonal, then OK 18:25:28 <danielbeck> kohsuke Me being able to read, probably. Or making it explicit that CERT is about core commit access for fixed. I'll figure it out and do it myself. 18:25:31 <oleg-nenashev> I'm mostly aware about unrequired permissions than about such paperwork 18:25:44 <kohsuke> maybe https://github.com/jenkinsci/infra-cla README should be updated? 18:25:54 <kohsuke> OK 18:25:56 <danielbeck> kohsuke Yep, you want PRs now 18:26:02 <danielbeck> but that's a different thing again 18:26:06 <danielbeck> I can do this 18:26:09 <kohsuke> Great 18:26:22 <danielbeck> moving on… 18:26:24 <kohsuke> #topic CERT Team membership request for Oleg Nenashev, Olivier Lamy and valentina armenise 18:26:32 <oleg-nenashev> kohsuke, danielbeck: Do we have an NDA for the security stuff doc? ICLA does not cover it at all 18:26:58 <oleg-nenashev> it was for the previos topic, but can be postponed 18:27:05 <danielbeck> Let's do CERT 18:27:15 <kohsuke> We don't have any paperwork for that, but we sure hope you don't shout our unpatched vulnerabilities from rooftop! 18:27:16 <danielbeck> we're at the experts booth and it's weird to send people away :( 18:27:24 <kohsuke> Indeed :-) 18:27:25 <oleg-nenashev> Here I just ask for the CERT membership for 3 contributors 18:27:35 <danielbeck> I think all of them should be approved 18:27:44 <kohsuke> oleg-nenashev has been around here very long 18:27:53 <danielbeck> So has olamy 18:28:02 <kohsuke> olamy has been around long, too, and he has done Maven plugin work 18:28:02 <oleg-nenashev> Crap 18:28:09 <oleg-nenashev> Vincent Latomber 18:28:14 <kohsuke> What's his interest in CERT? Is he going to spend time on it? 18:28:29 <oleg-nenashev> *Latombe. My bad, it was a typo in the Governance meeting agenda 18:28:35 <danielbeck> oleg-nenashev To clarify, VIncent and not Olivier? 18:28:43 <oleg-nenashev> Yes, Vincent 18:28:46 <danielbeck> okay 18:28:48 <kohsuke> OK, so no Olivier 18:28:59 <kohsuke> vlatombe has been around for some time, too. He's been doing literate plugin and others 18:29:13 <danielbeck> can we just ask whether someone objects? 18:29:23 <danielbeck> To any of Oleg, Vincent, Valentina? 18:29:47 <ogondza> no, +1 to more eyeballs 18:29:57 <batmat> +1 18:30:00 <kohsuke> varmenise is relatively new to the Jenkins community but she works for CloudBees and she's been working on Jenkins in the context of our products 18:30:02 <hare_brain> Who is Valentina? 18:30:24 <danielbeck> (and would undermine her job if she compromised the security project) 18:30:30 <kohsuke> https://github.com/varmenise 18:30:54 <hare_brain> I don't know her, but I'm fine with a circle of trust model. 18:31:21 <kohsuke> #agreed add oleg-nenashev vlatombe and varmenise to CERT 18:31:26 <kohsuke> #topic next meeting 18:31:41 <kohsuke> Next meeting is Sep 16th same time 18:31:52 <kohsuke> I think that's it for today! Back to JUC... 18:31:59 <kohsuke> #endmeeting