-
Notifications
You must be signed in to change notification settings - Fork 333
Meeting 2016 06 24
Friday 2016/06/24 at 20:00 UTC https://pumpit.info/pumpio/note/_MLQ1pNlQrG8t2xFxylzMQ
Feel free to add to this before the meeting!
- Conservancy Application: Please go here https://github.com/e14n/pump.io/wiki/Conservancy-application and review, particularly please fill in your name, contact and involvement in question 24 (Community members).
- Pump.io code development
- Release of 1.0, and Roadmap
- Release procedure (e.g. signing?)
- Anti-XSS
- View partials (if we have time)
- Community governance and sustainability
- Node adoption (sponsoring, administering)
- Adoption of non-node related websites (e.g. OpenFarmGame, ih8.it)
- Governance (non-profit status/application)
- Funding
- Other stuff
[22:05:33] <larjona> #############################################################
[22:05:33] <larjona> BEGIN LOG
[22:05:33] <larjona> #############################################################
[22:05:51] <JanKusanagi> o/
[22:05:52] <larjona> Dear all, welcome to this pump.io community meeting!
[22:06:14] <larjona> agenda is here: https://github.com/e14n/pump.io/wiki/Meeting-2016-06-24
[22:06:17] <larjona> first, round call
[22:06:24] <larjona> Please say hello!
[22:06:25] -*- larjona here
[22:06:34] <strugee> here!
[22:06:36] <JanKusanagi> hello!
[22:06:36] <kete> hello
[22:06:46] -*- strugee is reading the backlog for today at the same time
[22:07:13] -*- mrvdb waves
[22:07:17] <larjona> I couldn't send email reminder to Evan, I hope he can attend
[22:07:36] <strugee> me too
[22:07:54] <larjona> If anybody wants their nick redacted in the logs, just say here or direct message to me.
[22:08:47] -*- larjona sends quick mail to evan now...
[22:08:48] <JanKusanagi> hi NSA o/
[22:09:51] <larjona> ok, let's wait one more minute, and then we'll continue
[22:10:10] <strugee> sounds good
[22:10:44] <JanKusanagi> yep
[22:11:27] <larjona> ok, I put the first topic about Conservancy application
[22:11:36] <larjona> because it's almosd done IMO,
[22:11:40] <larjona> it just need review
[22:11:41] <larjona> https://github.com/e14n/pump.io/wiki/Conservancy-application
[22:11:58] <larjona> and that the active (or past) community members fill in their involvement in question 24
[22:12:40] <strugee> I just put my name in question 24 (and I'm reading through the rest)
[22:13:07] <larjona> My proposal is to leave this weekend for community review/completion, and then, send to Evan so he reviews himself and sends to Conservancy, not later than the end of the month.
[22:13:11] <JanKusanagi> I added myself earlier, too
[22:13:24] <JanKusanagi> that sounds good
[22:13:26] <strugee> most of it looks pretty good, I see a small problem with the license question
[22:13:32] <strugee> (mostly mentioning as a note to self kinda thing)
[22:13:35] <strugee> larjona: sounds good
[22:13:47] <larjona> strugee: which problem about license?
[22:14:52] <strugee> we ship some JS libs in-repo which aren't Apache 2.0
[22:14:54] <strugee> I'll fix it late
[22:14:55] <strugee> r
[22:15:10] <larjona> ah, ok. Thanks!
[22:15:24] <strugee> sure!
[22:15:56] <larjona> Anything else about this topic? Will you have time to review this weekend?
[22:16:06] <strugee> yeah
[22:16:08] <strugee> I will
[22:16:16] <larjona> Fine.
[22:16:19] <larjona> So, next topic
[22:16:28] <strugee> I'm adding a note that it's inaccurate, so we don't send it even if I forget :)
[22:16:34] <larjona> thanks
[22:16:40] <larjona> Pump.io code development
[22:16:40] <larjona> Release of 1.0, and Roadmap
[22:16:40] <larjona> Release procedure (e.g. signing?)
[22:16:40] <larjona> Anti-XSS
[22:16:40] <larjona> View partials (if we have time)
[22:16:48] <larjona> strugee: your turn!
[22:16:52] <strugee> cool
[22:17:03] <strugee> so I can explain what's going on but mostly those need Evan
[22:17:32] <strugee> the 1.0.0 release is blocked on https://github.com/e14n/pump.io/issues/1169
[22:18:04] <JanKusanagi> oh, my honor
[22:18:06] <strugee> basically the problem is that incoming posts are run through an anti-XSS scrubber
[22:18:46] <strugee> and as it is in master, that scrubber is not aggressive enough (it lets through <style> tags when it shouldn't)
[22:18:52] <JanKusanagi> I mostly agree with XgF there: the cleanup should be a webUI thing, at display time
[22:19:25] <strugee> so there's two ways to solve that: either we include a CSS parser that does anti-XSS on the <style> tags, or we strip <style> tags (which sucks for e.g. Dianara)
[22:19:34] <JanKusanagi> and even then, it's easy to be killing the content, even if in that case it would be only for webUI users
[22:19:47] <strugee> both of which are disruptive enough that I'd like to ask Evan
[22:20:12] <larjona> strugee: you mention in the issue that you sent an email, did you get any answer?
[22:20:12] <strugee> then beyond that (as JanKusanagi just mentioned) there's the question of whether we should be scrubbing incoming posts at all
[22:20:26] <JanKusanagi> I guess the first option sounds like TheRightWay™, but probably a lot harder
[22:20:57] <strugee> I think it's probably a violation of spec, but OTOH AFAICT this is the way Evan intended it to be, spec violation or not
[22:21:00] <strugee> so we need his input
[22:21:04] <strugee> larjona: I didn't
[22:21:40] <strugee> JanKusanagi: in principle it's not that hard but a full-blown CSS parser is quite a bit of code to depend on, especially in a web-facing route
[22:21:40] <larjona> ok, so we can try to gather both you at least (evan and strugee) together in a hacking session to squash this bug and maybe others? Next week?
[22:21:59] <strugee> larjona: yeah mostly I just need to ask him some questions and then I can take it from there
[22:22:23] <strugee> view partials are similar: I just need to ask a couple questions
[22:22:32] <strugee> basically here's what that's about
[22:22:33] <larjona> ok so I'll try to contact him too CC'ing you, and let's hope you can find some time together
[22:22:45] <strugee> oh wait next week doesn't work
[22:23:04] <strugee> I'm on a wilderness trip for several weeks starting Monday
[22:23:13] <strugee> I think I'll just resend my email
[22:23:38] <strugee> anyway so view partials
[22:23:41] <strugee> this has to do with https://github.com/e14n/pump.io/issues/1167
[22:24:08] <JanKusanagi> oh, the infamous Jade thingy
[22:24:11] <larjona> I'm a bit confused. Jade was not for 1.1 version?
[22:25:21] <strugee> larjona: personally I wanted to get it in for 1.0.0 BUT I'm having a really hard time squashing the last few Web UI bugs that it introduced
[22:25:34] <strugee> so I no longer thing 1.0.0 should wait for that
[22:25:51] -*- strugee just adjusted the milestone
[22:26:55] <JanKusanagi> does that change have any apparent improvement for the users?
[22:27:18] <larjona> I think it's important to release 1.0 soon, because later we have summer that may mean lots of time for free software hacking but also may mean lots of time people disconnected. And if we release 1.0 at the time we apply to Conservancy, i guess it's the best thing we can do to show that the project is alive...
[22:27:22] <strugee> not really
[22:27:33] <strugee> ^^^ was for Jan
[22:27:40] <JanKusanagi> I imagined
[22:27:44] <strugee> larjona: sounds good
[22:27:57] <strugee> I agree
[22:27:58] <JanKusanagi> so it's probably best to leave that for post-1.0
[22:28:02] <strugee> yep
[22:28:09] <JanKusanagi> we really need a release out there, and updated servers using it
[22:28:27] <strugee> yes
[22:28:30] <strugee> I agree
[22:28:31] <larjona> ok, so anything else about code development?
[22:28:45] <JanKusanagi> IIRC, several small annoyances have been fixed
[22:28:53] <JanKusanagi> it would be great to have them out there
[22:29:00] <strugee> and in particular I'd feel uncomfortable releasing a Jade-based version without a fair amount of time with it just on master, getting tested
[22:29:11] <JanKusanagi> also true
[22:29:15] <larjona> Fine
[22:29:27] <strugee> so yes, 1.0.0 should not block on utml to Jade
[22:29:36] <strugee> brb
[22:29:50] <larjona> So I would ask people to review the milestones/roadmap both in github and in the conservancy application, and update accordingly
[22:31:10] <larjona> roadmap is question 5 in the application: https://github.com/e14n/pump.io/wiki/Conservancy-application (I filled in from what I remembered because I cannot find the Roadmap page)
[22:31:42] <larjona> ah, roadmap is here: https://github.com/e14n/pump.io/wiki/Roadmap
[22:31:46] <larjona> but it's outdated
[22:32:15] <larjona> and milestones is here: https://github.com/e14n/pump.io/milestones
[22:32:57] <larjona> ok, so if you can help updating the https://github.com/e14n/pump.io/milestones and the wiki page, on Sunday evening I'll update the conservancy question with that info
[22:33:26] <strugee> ok
[22:33:32] <strugee> (I'm back)
[22:33:50] <larjona> We are still in code development part
[22:34:07] <larjona> Anything else?
[22:34:35] <larjona> (shout if I'm going too quickly. It's not because I'm hungry, eh?)
[22:34:38] <strugee> I don't think so
[22:34:45] <strugee> not that I can think of anyway
[22:34:57] <larjona> ok, so next topic
[22:34:58] <larjona> Community governance and sustainability
[22:34:58] <larjona> Node adoption (sponsoring, administering)
[22:34:58] <larjona> Adoption of non-node related websites (e.g. OpenFarmGame, ih8.it)
[22:34:58] <larjona> Governance (non-profit status/application)
[22:34:58] <larjona> Funding
[22:35:04] <strugee> I've worked a little on the Express 2.x to 3.x migration :)
[22:35:10] <strugee> (that's blocked on utml to Jade tho)
[22:36:00] <JanKusanagi> is the node adoption "form" complete?
[22:36:23] <larjona> I don't think so. Let's see
[22:37:26] <larjona> http://lacaja.larjona.net/shared/vSm84lM8lLw6WTX4k44QX_Ezx14RjIqug0xTvehwcKz
[22:38:42] <larjona> I think we cannot do much in these topics either
[22:39:18] <strugee> agreed
[22:39:42] <larjona> So, anything else?
[22:41:01] <JanKusanagi> sorry, I actually meant the document Evan prepared for possible adopters
[22:41:02] -*- strugee shrugs
[22:41:04] <strugee> is the form done?
[22:41:13] <larjona> no, it's not
[22:41:16] <strugee> ^^^ what Jan said
[22:41:27] <strugee> larjona: ok
[22:41:28] <JanKusanagi> I recall seeing a draft for it
[22:41:34] <larjona> ah, Jan, it's not done (public) either
[22:41:41] <JanKusanagi> in a previous meeting where Evan was present
[22:41:46] <larjona> wait
[22:41:55] <JanKusanagi> but I don't recall where it was stored
[22:42:21] <JanKusanagi> if it's not complete, and it's not something we can complete, then it's up to Evan to finish that so interested parties can request adoption
[22:42:49] <JanKusanagi> I remember the part about the symbolic 1$ for domain transfers and such
[22:43:08] <JanKusanagi> it's probably in one of the older logs
[22:43:20] <larjona> That was not a draft, I think, that's what Evan said when first talking about preparing the document
[22:43:51] <larjona> ah, there is the thing about the Openshift account too
[22:44:05] -*- JanKusanagi checks logs
[22:45:42] <JanKusanagi> got it
[22:45:44] <JanKusanagi> https://github.com/e14n/pump-io-purchase-agreement
[22:46:10] <JanKusanagi> via april 15 log: [22:24] <e_s_p> First is that I have a node purchase agreement up here https://github.com/e14n/pump-io-purchase-agreement
[22:46:30] <larjona> ah
[22:47:10] <-> bkuhn es ahora conocido como bkuhnIdle
[22:47:22] <strugee> so does that mean it's... done?
[22:47:32] <JanKusanagi> this meeting https://github.com/e14n/pump.io/wiki/Meeting-2016-04-15 in case anyone wants to read the context of this link
[22:47:40] <JanKusanagi> I don't know, I'm checking it out now
[22:47:55] <JanKusanagi> I barely recall Evan asking for review
[22:48:05] <larjona> Ok, I'll ask Evan about this. Maybe the document is done but he needs to prepare some more burocracy to accept payments etc
[22:48:52] <JanKusanagi> maybe
[22:49:01] <JanKusanagi> from what I read there, the doc seems allright
[22:49:08] <larjona> It's a pity he couldn't attend today, but life happens, I suppose
[22:50:13] <larjona> ok, so anything else? do you want some pizza?
[22:50:18] <larjona> I have one supersize
[22:51:12] <JanKusanagi> hmmm, pizzaaaa
[22:51:25] <JanKusanagi> no topics left? :D
[22:51:31] <larjona> no
[22:51:37] <larjona> ..---'"""""""`---..
[22:51:37] <larjona> .-'' ...... ``-.
[22:51:37] <larjona> _.-' .--'" _
""-.._
-.
[22:51:37] <larjona> ,' .-' * .-"
~ .-. ,
-. `.
[22:51:37] <larjona> ,' .' ~
.-' " : : ~
-. `.
[22:51:37] <larjona> ,' .' " " ____ ._. /. '
.
.
[22:51:37] <larjona> ,' .- .--. * || , ."
. " // "
. `.
[22:51:37] <larjona> ,' .' : .' || """| |"' ~ _ // , *
.
.
[22:51:37] <larjona> / .' ~ : ,'
, ~ |' " '-' * (C) ."". "
. \
[22:51:37] <larjona> / '
' * ~ . " * : . ~ . \
[22:51:37] <larjona> / ' // * , ,-. ~ _ , .',' ' " `.' (0) . \
[22:51:37] <larjona> / . // (c) : : (o) .'.' , ~ \ * *. \
[22:51:37] <larjona> / . , // , `.__, " ' .--. \ ~ ===== " . \
[22:51:37] <larjona> / ' " ____ , " *
.
}) _ " ~ . . \
[22:51:37] <larjona> . ' " , ~ _ * ----' ~ , .'`, ; (O) . ,-. " .
[22:51:37] <larjona> ' ' _ . (o) ~ * " (D)
"
" * | | . .
[22:51:37] <larjona> j . (c) *
.
. " .- . ~ , * . '._ .' | |
[22:51:37] <larjona> | | "
.' " // .' : " ' ~ //
""" *| |
[22:51:37] <larjona> | | " . // ~ ' , ~ , ====" (c) // ~ . " | |
[22:51:37] <larjona> | | ~ ,' .-. ~ , _
...' (@) ~
* (C) | |
[22:51:37] <larjona> | |* || | |_ " (0) " __ ,""-. .--. " _ ' | |
[22:51:37] <larjona> | | , || '. ,' ~ __..--"' , ' .' " ' . ()) \ ~ | |
[22:51:37] <larjona> | | ~
""" __,..--'"' , '_,'
. * `--" . " \ | |
[22:51:37] <larjona> '
" __...--'' __ *
.' ~ " .--. , \ ' |
[22:51:37] <larjona>
..
--''' ..---'' .' /_.. " . *.
. . '
[22:51:37] <larjona> __,..--''' _ " , / ---"" ~ .
.
. ~ .'`, ; " . .
[22:51:37] <larjona> __..---'' , " (O) , / . (Q)
.
."
* . ,
[22:51:37] <larjona> ,..--''' . * ~ || * ~ / " * , ~ ` ~ , (O) ' .
[22:51:37] <larjona> | | , (@) " " || .-. ' / _ ~ " || . * " ' .
[22:51:37] <larjona> ' ' " ~ . .--. |j : : / /~ (O) || " . _ * /. " ' ,
[22:51:37] <larjona> .
_____
. ` .__,/ / .-. || ,--. (@) // . /
[22:51:37] <larjona>
. ----- * .'`, ; " / / " : : ' .' // . ,'
[22:51:37] <larjona>
. . ~
"* ~ / /, ~ .__, , : ,'
" .' /
[22:51:37] <larjona> .
, (c) ' . / / * ~ '
' * _.' ,'
[22:51:37] <larjona> `. . * . (C) / / " (o) \ , * ~ _.-" ,'
[22:51:37] <larjona> . `. " // . / ,._ , \ (O) * _.-" _.'
[22:51:37] <larjona>
.
. , // / , ``-.._ * ` " __.-"' _.-'
[22:51:37] <larjona>
._
. . " /._ "
--....--"" _,.-'
[22:51:37] <larjona>
.
-._ / `--..___ ___..--'
[22:51:37] <larjona>
-._
, `'"""""''
[22:51:37] <larjona> `-.'
[22:52:38] <larjona> ok thanks everybody for coming
[22:53:00] <larjona> #############################################################
[22:53:00] <larjona> END LOG
[22:53:00] <larjona> #############################################################
The next Pump.io Community Meeting will be, hopefully, on Friday 2016/07/15 at 20:00 UTC