2021-06-16 conda-forge core meeting

Zoom link What time is the meeting in my time zone last weeks meeting

Attendees

  • Jannis Leidel (Anaconda/Conda)

  • Matt B

Agenda

Standing items

  • [x] intros for new folks on the call

    • MattiP from PyPy

  • [x] (CJ) budget

    • current approvals?

    • Whenever updated numbers land, please screenshare and show the budget.

      • Link is in Keybase (numfocus_spreadsheets.txt)

  • [x] open votes

From previous meeting(s)

  • [ ] (JK) OSU OpenPOWER Survey

    • have until july 31

    • should bump this item to next meeting as a reminder

Your new() agenda items

  • [x] (MRB) legal meeting todos

    • file-type scanning

      • use the linux file command

      • add an ok list?

    • todos

      • [ ] do this on quetz and discuss next time

    • increased automation

      • staged recipes prob not

      • new maintainers maybe?

        • add a new add maintainer command to make a PR with CI skip

      • better python version testing

  • [x] (CHL) response to CVE-2021-29921 (leading zeros being parsed as octal)

    • Anaconda received request to patch Python 3.8 for this CVE: https://github.com/ContinuumIO/anaconda-issues/issues/12459

    • Rated critical by NVD; CPython decided not to patch due to breaking documented API (leading zeros are expected)

    • Ubuntu patched: https://changelogs.ubuntu.com/changelogs/pool/main/p/python3.8/python3.8_3.8.6-1ubuntu0.3/changelog

      • open ticket about docs being wrong: https://bugs.launchpad.net/ubuntu/+source/python3.8/+bug/1931296

    • RedHat noted issue, not taken action: https://bugzilla.redhat.com/show_bug.cgi?id=1957458

    • Consensus is to respect upstream decision to not patch

    • todos

      • [ ] matt B to send python 3.9.5 PR and try and fix jinja2

      • [ ] Anaconda to reach out to CPython devs to ask if they’ll reconsider patching 3.8

  • [x] (MattiP) PyPy now has a win64 3.7 version, can we roll out feedstocks?

    • [ ] wait for https://github.com/regro/cf-scripts/pull/1405

    • [ ] send a PR to https://github.com/conda-forge/pypy-meta-feedstock

    • [ ] send a PR to conda-forge-pinning.

  • [x] (jaimergp) Introduce new role at Quansight and community involvement

  • [x] (MRB) gpu stuff w/ quantsight updates?

  • [ ] (MRB) any CDN outage todo items for conda-forge?

    • [ ] TODO: Cheng to set up @anaconda-infrastructure handle (or similar) to bump the right people/teams in Anaconda

Pushed to next meeting

Active votes

Subteam updates

Bot

ARM

POWER

CUDA

Docs

staged-recipes

website

security+systems

CI infrastructure

Compiler upgrade

CFEP updates

Open PRs

  • cfep-04 X11 and CDT policy

    • INACTIVE - Merge in with some inactive-esque status?

    • Needs new champion. Thanks for your work on this pkgw! Has unaddressed comments from pkgw as from Jan 10, 2020 Solved: Let’s defer and keep the “mixed model” we have now.

  • cfep-06 Staged-recipes review lifecycle

    • INACTIVE - Merge in with some inactive-esque status?

    • Lingering comment from @saraedum. @jakirkham, can you reply? Has unadressed comment from @saraedum from Jan 8, 2020

    • (MRB) The stalebot has solved the worst of the issues here. I think we could defer this one permanently. Solved: defer in favor of the stale bot for now.

  • cfep-15 Feedstock statuses, unmaintained

    • INACTIVE - Merge in with some inactive-esque status?

    • Needs another review. Has unaddressed updates from pkgw as of Jan 11, 2020 Pending: re-pinged pkgw for a second review.

  • cfep-12 Removing packages that violate the terms of the source package

    • Stalled since May 26, 2020

    • Active debate about moving to “broken” vs deleting from conda-forge channel

    • Active vote, ends on 2020-03-11

    • What were the results of the vote?

    • Did we hear back from NumFOCUS? they did the legal seminar which is recorded

  • cfep-17 Handling pin backports and dependency rebuilds

    • Stalled debate about implementation details between Isuru, CJ and Matt

    • UPDATE 2020-07-22: We in principle have agreement to render the extra pinnings needed directly in the feedstock on a temporary basis (i.e., until the migration has ended).

  • cfep-19 Pinning epochs

    • Stalled since July

  • cfep-20 Package split

    • No updates for ~1 month

Discussion

Check in on previous action items

Copy previous action items from last meeting agenda.

This meeting

Last meeting

2 meetings ago

Move to Issue Tracker

2020-11-18

  • [ ] (IF/MRB/MV) intel oneAPI

    • todo

      • [ ] (Nikolay) licensing for opencl_rt

      • [ ] (Nikolay) intelmpi ABI compat w/ mpich

      • [ ] (MRB/IF) figure out how exactly to package C/C++ compilers

      • [ ] (MRB/IF) think about fortran ABI

      • [x] (MRB) make conda-forge compilers room (add people including keith)

  • [ ] (MB) asking core members to move to “emeritus” status

    • [ ] TODO: Eric to set up quarterly check-in for all core members to see if they’re interested in remaining “active” or if they want to move to emeritus

      • Remove emeritus folks from having access to various credentials (api tokens, twitter password, etc.)? This would require a change to the governance doc.

2020-11-11

  • TODO: Think about bringing in JOSS to provide context around how we might best write papers

2020-11-03

  • TODO: Check on Forrest Watters permissions for core

  • [x] (FF) Outreachy would cost 6500 USD.

    • Next steps: write abstract and vote on spending of funds.

2020-10-28 2020-10-21

  • [ ] (Marius?) Python 2.7 migration

    • ( ) [ ] make a hint

    • ( ) [ ] make an announcement

    • ( ) [ ] make the hint a lint

2020-10-07

  • [ ] Make sure to add the NVBug info to the cudatoolkit package that conda-forge makes (if we make one)

2020-09-09

  • [ ] (ED) Update governance docs with similar voting model as what got put into conda-tools (+3 with no -1 is a pass)

  • [ ] (SC) Write jinja template to turn institutional partners yaml into a website https://github.com/conda-forge/conda-forge.github.io/blob/master/src/inst_partners.yaml

  • [ ] (SC) Document what needs to be done to create an OVH account and get access

2020-08-26 Docker hub

  • [ ] (JK) Check in on Azure build workers to see if they have the docker hub limitation.

  • [ ] (JK) work with dockerhub to see if we can get OSS status

    • [ ] Check in again at some point. We haven’t heard back as of 2020-09-23

OVH

  • [ ] Shout-out on twitter at some point. “Thanks forOVHCloud for providing a VM”, etc. (maybe after we ship qt on windows with it?)

  • [ ] Figure out how to communicate breaking changes to users. Likely should open up an issue immediately for futher discussion. Ping @kkraus, plus capture notes from further up in these meeting notes

  • [ ] John K. will update the cuda toolkit feedstock on the git repo to note the NVBug link to the internal NVIDIA issue tracker

  • [ ] Jonathan will update docs to note that some non-exhaustive list of packages (like cuda-toolkit, MKL, etc.)

  • [ ] Jonathan will review this PR

  • [ ] (Kale) schedule conda working group

  • [ ] cfep-10 next steps: CJ to call a vote for feedback

  • [ ] cfep-06 next steps: Ask staged recipes team to champion this CFEP and move it forward

  • [ ] jakirkham & CJ-wright to sync on adding CUDA to the migration bot

  • [ ] (Eric) Scheduling Anaconda <-> conda-forge sync on anaconda.org requirements gathering

    • Will try and get this scheduled in the next month.

  • [ ] (Anthony) Reach out to NumFocus to figure out legal ramifications of not including licenses in files.

  • [ ] (Eric) check internally for funding levels for hotels & flying folks from the community in?

  • [ ] (Eric) Figure out finances of conda-forge to support themselves?

  • [ ] (jjhelmus) Open up CFEP for which python’s we’re going to support

  • [ ] (jakirkham) write a blog post on CUDA stuff we discussed today

  • [ ] (jakirkham) update docs on how to add CUDA support to feedstocks

  • [ ] (jakirkham) will open an issue on conda-smithy to investigate Drone issues. (ping the aarch team)

    • https://github.com/conda-forge/conda-forge.github.io/issues/954

  • [ ] (ED) Who we are page? Some combination of a FAQ and a who is everyone. FAQ things like:

    • who’s the POC for CF <> Anaconda, CF <> NumFocus, CF <> Azure

    • who’s the POC for the various subteams?

    • Informal information: roles, day jobs, bios, the whole nine yards, why you’re here, etc.

    • Public or internal? I don’t really care either way. Anyone feel strongly one way or the other?

    • opt-in to public bios

    • software carpentry has a large number of instructors and has https://carpentries.org/instructors

    • some concern about “yet another place to keep stuff up to date”

  • [ ] (ED) document strategies for reproducible environments using conda-forge

  • [ ] (UK) Static libraries stuff

    • [ ] Add linting hints to builds to find them

    • [x] Recommend how to package them -> CFEP-18

    • [x] We should write docs saying we don’t provide support and this is a bad idea. -> CFEP-18