conda-forge core meeting 2023-01-25¶
Add new agenda items under the Your __new__() agenda items
heading
last weeks meeting What time is the meeting in my time zone Meeting info:
To join the video meeting, click this link: https://zoom.us/j/9138593505?pwd=SWh3dE1IK05LV01Qa0FJZ1ZpMzJLZz09
Otherwise, to join by phone, dial +1 347-384-8597 and enter this PIN: 828 997 153#
To view more phone numbers, click this link: https://tel.meet/ijv-qsvm-tvn?hs=5
Attendees¶
Name |
Initials |
GitHub ID |
Affiliation |
---|---|---|---|
Jaime Rodríguez-Guerra |
JRG |
jaimergp |
Quansight / cf |
John Kirkham |
JK |
jakirkham |
NVIDIA / cf |
Dave Clements |
DPC |
tnabtaf |
Anaconda |
Cheng H. Lee |
CHL |
chenghlee |
Anaconda / cf |
Jannis Leidel |
JL |
jezdez |
Anaconda / cf |
9 people total
Standing items¶
[ ] intros for new folks on the call
[ ] open votes
From previous meeting(s)¶
[ ] (MRB) updates on bots and secrets
we’ve centralized most of what we use in 1password
i’ve removed some of the keybase files that are old or misleading
we use github apps for everything where we can
will develop notes
[X] (HV) OpenSSL 3: https://github.com/conda-forge/conda-forge-pinning-feedstock/issues/3838
JRG: Decision was made to close the migration.
Active votes¶
Your new() agenda items¶
[x] (JRG) GSoC applications: my ideas
Application time is open.
For CZI grant building infrastructure
Using Docusaurs web site
Use this momemtum to refactor conda-forge website?
Example:
https://czi-cf-docs.netlify.app
https://github.com/quansight-labs/czi-cf-docs
No pushback at all.
[x] (JRG) NumFOCUS SDG for opt-in CI
Small Development Grant
https://numfocus.org/programs/small-development-grants
Applications start … soon (Feb 15?)
Build access control for CI.
They have cycles and out of cycle grant submission.
out of cycle are less likely to be approved.
This is not urgent.
Larger issue
Do we need to vote on approving grant submissions?
Feeling is no. We notify this group so we don’t collide and to see if there are objections, but no formal vote.
Aligning on Travis?
Travis has been a little unstable lately.
https://github.com/conda-forge/conda-forge.github.io/issues/1875
Could make travis opt in.
Requires access controls.
[x] (JRG) Certificates for signed installers
Miniforge
Sign installers that miniforge produces.
Have a certificate from NumFOCUS for apple, but not windows
https://github.com/conda-forge/miniforge/issues/201
Talking to Steve Dower @ Microsoft ( https://github.com/zooba ) for advice
Could do this for the whole community (?) (see point by Jannis below)
Need to look up if an EV cert is required and possibly other things (e.g., timestamping)
Concern about security/access to tokens/passwords on CI by non-core
Disolve miniforge team?
Promote them to core?
Some other way to do signing that avoids this issue?
???
JRG: Minimized in a way with AzureSignTool, which relies on an Azure Vault instead of passing raw certificates.
CHL: Can get Anaconda supply chain security team to take a look, since that’s work we are doing anyways.
[x] (JL) Conda Installer Team
[ ] future conda community governance team to handle underlying code/proceses to build conda installers
[ ] interest into joining miniforge and mambaforge into the team/repo?
[ ] still in the aligning/team charter writing phase
[x] (DPC) conda-forge tutorial proposal accepted at PyCon US 2023
Schedule is not published yet.
One output is updated docs for conda-forge/staged-recipes
(JRG) Could create an element room for tutorial q&a
FF: Seek help from the community. Tweet about possible help room for participants
[x] (JK) OpenSSL
TensorFlow was a blocker. Has already been rebuilt.
Couple others with unknown status.
With Ruby you need a current version of Ruby
Same with NodeJS.
Is this done enough?
We talked about it in this call. There was no opposition. In fact there was outright support for closing it!
so: Yes let’s close.
Who will do this? JRG will do this.
Pushed to next meeting¶
CFEPs¶
cfep-12 Removing packages that violate the terms of the source package
Stalled since May 26, 2020
Active debate about moving to “broken” vs deleting from conda-forge channel
Active vote, ends on 2020-03-11
What were the results of the vote?
Did we hear back from NumFOCUS? they did the legal seminar which is recorded
And, see above too.