Skip to main content

2016-08-25: General discussion

Time: 14:00 UTC

Hangout link: https://hangouts.google.com/call/v5olhwzpfzgzpoq5i3wthjpqpie

Attendees

Jonathan Helmus, Filipe, Michael Sarahan, John Kirkham, Jake VanderPlas, Eric Dill, Ray Donnelly , Phil Elson

Standing items

  • How many repos? 1035
  • How many contributors? 212 (with a few bots)
  • New core devs?

Notes

  • Invite Peter M. Landwehr (pmlandwehr) to be involved with review of staged-recipes. Should we give these type of people a title, Filipe will reach out to.

  • Governing Open Source Projects at Scale: Lessons from Wikipedia's Growing Pains | Staurt Geiger https://www.youtube.com/watch?v=ZSQJYEVcMWM&index=89&list=PLYx7XA2nY5Gf37zYZMw6OqGFRPjB1jCy6

  • Enhancement proposal document, Jonathan has notes will write these up later today.

  • Governance document - help is welcomed. Also "whos who" or "about" page. https://conda-forge.github.io/#about

    *   This page could be expanded, should mentioned these meeting.

  • Removing items from agenda

    *   Prioritize items on agenda which we should/must talk about.
    • Cross link items to GitHub issues/discussions

  • Status page: https://conda-forge.github.io/status/

    *   Linked to "status" repo:  [](https://github.com/conda-forge/status)[https://github.com/conda-forge/status](https://github.com/conda-forge/status)

  • conda-forge code of conduct - Filipe still workin on

  • Many groups working on new build systems: Filipe, Phil, Continuum

    *   Continuum's  plan would allow others to add build workers, perhaps conda-forge could  use these in addition to the CI services, especially for long builds
    • Organize new meeting to discuss this topic

  • Open sourcing Anaconda Build, should we push to get this released?

    *   Would be helpful to have our own build system rather than being dependent on CI systems.

  • Travis CI can increase time if we reduce concurrency

    *   Can we switch between longer time and concurrency?  How much work is this?
    • Probably not going to take offer at the moment
    • Better to find trusted hardware somewhere
    • Vagrant for OS X builds, can we look into this

  • Security

    *   If user changes name and someone takes old name can be a security issue:  [](https://groups.google.com/forum/#)[https://groups.google.com/forum/#](https://groups.google.com/forum/#%21topic/rustlang-security-announcements/BK_3gbXhSn4)[!topic/rustlang-security-announcements/BK_3gbXhSn4](https://groups.google.com/forum/#%21topic/rustlang-security-announcements/BK_3gbXhSn4)
    • Can be solved by using unique user ID rather than GitHub username
    • Want tokens for Anaconda.org which allow writing to a single package (Phil will push Continuum on this) rather than globally.

  • Metadata unification

    *   Should conda-forge include additional metadata which would make it easier for Continuum to re-use recipes

    • Should this be required or optional?

          *   Required would likely reduce number of contributors

      • Will require time/work to add these to all current packages

      • Add to linter and conda skeleton

        *   Make linter have "warnings" not hard fails

      • Many of these seem redundant, can we re-use existing metadata?

    • License file should likely be required

          *   Legal vs. suggested

Agenda

  • Marking agenda items as done.

  • Share status page. :) Also figure out how to direct notifications effectively.

  • Enhancement proposal document update.

  • conda-forge code of conduct doc: https://docs.google.com/document/d/10dxX0Zse0Rx1HqsxC73Wfsghmy5m8PP8cHuBIOhWKpc/edit

  • Mention Travis-CI offer for more CI time.

  • We could look at increasing your build time to 180 mins, but we may need to decrease your default concurrency from 5 jobs to 3 as you will be using multiple VMs for a long period at a time.

  • Mention/Discuss Travis Oliphant's comment regarding open sourcing Anaconda Build CI.

  • Security

  • Feedstocks philosophy: Explicit vs implicit / reproducible vs redundant

  • Metadata unification with Continuum - are we OK with adding some fields to about section to match Anaconda standard?

  • Including license file

  • Many recipes don't include the license file.

  • Almost every license has some terms about making the license available.

  • Should we just start requiring this field.

  • Note some developers are not including the license file either.

  • In some cases it has been a struggle to get them to.

  • CUDA/cuDNN update

  • Improving infrastructure

    *   Better workflows with staged-recipes

            *   Fast finish AppVeyor on merge ( [conda forge/staged recipes#1142](https://github.com/conda-forge/staged-recipes/pull/1142) )
    *   Drop Travis CI matrix ( [conda forge/staged recipes#1234](https://github.com/conda-forge/staged-recipes/pull/1234) )
    *   Use CircleCI for feedstock generation ( [conda forge/staged recipes#916](https://github.com/conda-forge/staged-recipes/issues/916) )
    *   Keeping recipes out of PRs ( [conda forge/staged recipes#942](https://github.com/conda-forge/staged-recipes/issues/942) )
    *   Bank work in partial conversion ( [conda forge/staged recipes#915](https://github.com/conda-forge/staged-recipes/issues/915) )

  • Notifications (how do we stay on top of them)

  • MSYS2

    *   Available on defaults - was in conda 4.1.7, but that was pulled.  Coming in 4.1.8.
    • Discussing Ray Donnelly's work on MSYS2 packages and how we want to use and integrate these into conda-forge.
    • Some use cases to consider OpenBLAS, FFTW, build tools, others?

  • Binary data

    *   Do we include it in recipes?
    • What kinds do we allow if any (e.g. icons)?
    • How do we verify the licensing?
    • How do we verify that they are safe?

  • Dev releases: Where do they happen?

    *   Do we do them at conda-forge?

            *   Maybe add a label.

    *   Do we let others do them with a feedstock on their own repo?
    • How do we enforce whatever we decide?

  • Channel mirroring

    *   Can this point be a little bit explained? I thought about this as well and would like to contribute to this point.

            *   Eric Dill has put together a script for copying a package from one channel to another here: [conda forge/conda forge.github.io#134](https://github.com/conda-forge/conda-forge.github.io/pull/134)
    *   I have a really, really crude script that copies all of the packages in one channel to another that I just put at: [](https://gist.github.com/mwcraig/8473cf840f6d29236d6d8af699404555)[https://gist.github.com/mwcraig/8473cf840f6d29236d6d8af699404555](https://gist.github.com/mwcraig/8473cf840f6d29236d6d8af699404555)
    *   conda-build-all can copy from one channel to another: `conda build-all --inspect-channels conda-forge --upload-channels astropy some_packge_recipe` will copy the `some_package`  from the channel conda-forge to  astropy if it can, or build it if it  doesn't exist on conda-forge. Discussion  about what the desired  behavior should be has started at: [SciTools/conda build all#46](https://github.com/SciTools/conda-build-all/issues/46)

  • Feedstock history

    *   Is it sacred?

    • Do we rebase/force push?

          *   If so, under what conditions?

      • How do we avoid multiple people doing this simultaneously?

                *   I don't think you can.

        *   IMHO,  if it's just one author in staged recipes, sure.  If feedstock, no  force push - only to PRs to feedstock.  If people don't mind merge PRs,  it sure is a lot simpler to not rebase.  I have messed up rebasing a few  times recently... =(

  • Continuum metadata request: can we add these to linter?

    *   example metadata: [](https://github.com/ContinuumIO/anaconda-recipes/blob/master/anaconda-build/meta.yaml#L36-L44)[https://github.com/ContinuumIO/anaconda-recipes/blob/master/anaconda-build/meta.yaml#L36-L44](https://github.com/ContinuumIO/anaconda-recipes/blob/master/anaconda-build/meta.yaml#L36-L44)
    • Also, distinguish summary (limit of 77 or 80 chars) from description (unlimited)
    • Anaconda verify: would be nice to meet in the middle, rather than diverge. conda-build may integrate anaconda-verify, would be nice if conda-forge added metadata here.

  • Drop numpy 1.10 and reduce our build matrix. (Numba now works with numpy 1.11.)

  • Signing packages

    *   Should be easy to do. ( [](http://conda.pydata.org/docs/signed-packages.html)[http://conda.pydata.org/docs/signed-packages.html](http://conda.pydata.org/docs/signed-packages.html) )
    • There has been some interest previously.

  • HTTPError: 503 Server Error: Service Unavailable: Back-end server is at capacity for url...

    *   Seems we are regularly running into this issue under normal usage conditions.
    • Had discussed previously caching packages on AppVeyor and trying to reuse those to start.
    • Maybe we need to consider caching on all CIs.
    • Building our own Miniconda-like self-extracting scripts with packages via constructor.
    • There have been improvements on Continuum's side that should help this. In short, repodata (the package index for a given channel) was being generated for each anaconda.org query. This was unnecessarily high cost, and some caching schemes have been implemented.

  • Handling removal of unpinned/improperly pinned packages.

    *   Has been done manually thus far.

  • Not currently buildable packages

    *   In particular open source code that is out of scope for CIs.

    • Examples include Qt4, Qt5, possibly PyQt4, possibly PyQt5, gcc, VTK, etc.

    • How do we indicate they are built manually?

    • Are we ok with uploading non-built binaries?

    • When do we determine something is ok to be built manually?

    • What procedures should people follow for building manually?

          *   Use a standard build docker image, VM, or vagrant file

      • Sign package?

      • Implement reproducible builds where feasible (linux)

                *   [](https://reproducible-builds.org/)[https://reproducible-builds.org/](https://reproducible-builds.org/)

      • What changes do we need to make in conda-smithy elsewhere?

    • What other build infrastructure could we utilize?

          *   Would  be nice to provide some volunteer builder abstraction, so that we could  have an elastic worker farm that would be somewhat resilient.
      • Standardizing build images is probably (relatively) easy - how to orchestrate, though?

  • Staged Releases

  • Windows BLAS Solutions

    *   Still don't have a BLAS for Windows yet need something.

    • Don't build a BLAS

          *   NumPy has a small subset of BLAS functionality.

      • Not sure what to do with SciPy (unable to find Windows wheels for them either).

      • Build OpenBLAS with C support only.

        *   Will be pretty slow.

      • Should work on all Pythons.

      • Build OpenBLAS with MinGW compilers.

        *   Works with Python 2.7 and 3.4.

      • Won't work with Python 3.5?

      • Reuse something like R's BLAS.

        *   Is there a package for something like this?

      • Will it have the same issues with Python 3.5?

      • ATLAS?