This meeting:
➤ Is for core developers, initiative contributors, the Drupal Association and anyone interested in the initiative.
➤ Usually happens every other Tuesday at 1700 UTC.
➤ Is done over chat.
➤ Happens in threads, which you can follow to be notified of new replies even if you don’t comment in the thread. You may also join the meeting later and participate asynchronously!
➤ Has a public agenda anyone can add to
➤ *Transcript will be exported and posted* to the agenda issue. For anonymous comments, start with a :bust_in_silhouette: emoji. To take a comment or thread off the record, start with a :no_entry_sign: emoji.

Transcript

0️⃣ Who is here today? Comment in the thread below to introduce yourself and tell us why you are joining us.

TravisCarden Travis Carden from Acquia, Composer Stager guy. 🙂
drumm :wave:
drumm @effulgentsia I can do the server-side points, let me know when I should take a block of numbers
effulgentsia Go for it, you've got dibs on 4️⃣ 🙂
drumm All set now
longwave :wave: Dave, core committer
dts Had a conflict this morning. Checking backscroll now.

1️⃣ Do you have any topics to propose for the meeting today? Feel free to propose them in this thread, and then I will give them their own unique threads for discussion. Conversation moving slow? Go ahead and open your own thread in the next numeric order.

2️⃣ From @xjm: What is the status of the remaining client-side blockers? I know the composer-stager governance issue has been RTBC and awaiting signoff a long time. What about the status of PHP-TUF, the integration, and the core modules and changes? What are the major blockers (and if the info's available, their sprint point sizing and approximate % done, and your best guess how many more sprints they'll take)?

xjm @tedbow 🙂
tedbow I have just assigned #3370270: [PP-1] Add php-tuf/composer-integration to core dependencies to @phenaproxima. He is working on testing instructions to put in the summary. But right now is work on related problem since we are just now able to test with non-prod TUF metadata on drupal.org
tedbow I just switched #3346707: Add Alpha level Experimental Package Manager module to needs review
tedbow I am working on the conversion of the core module for #3253158: Add Alpha level Experimental Update Manager module. We have a conversion script but it has just been running on package_manger only for a while. So small issues come up when we haven’t run it for a while.this merge request will have both package_manager and auto_updates

3️⃣ There's been some recent discussion on #3364565: [policy, no patch] Make PHP's OpenSSL extension a requirement for installing and using Package Manager (and therefore, Automatic Updates and Project Browser) (thanks, @catch, @Warped, @longwave, @xjm, @dts, @drumm). When I get a chance (hopefully today or tomorrow), I'll respond to some of the points that were brought up there.

4️⃣ rugged - We have a new blocking issue https://gitlab.com/rugged/rugged/-/issues/147, the rugged issue queue could use some triage to make sure we’ve clearly identified the known blockers

effulgentsia @phenaproxima: Not sure if you can help with ^, but pinging you because at the very least you should know about it.
phenaproxima I think I discovered that one, @effulgentsia :joy:
drumm @phenaproxima can you triage this as necessary or nice to have? https://gitlab.com/rugged/rugged/-/issues/126
phenaproxima @drumm That is probably necessary.
phenaproxima Because @ergonlogic is correct, if we don’t say what the size of targets.json is, the default limit, which I believe is 100,000 bytes, will apply.
phenaproxima (Granted, it’s unlikely to be 100,000 bytes, so it might be more of a nice to have :thinking_face: )
phenaproxima I’d say it should not be considered a blocker.
drumm Added the BUG label for now, @ergonlogic let me know if there’s a better label or organization for launch blocking issues
phenaproxima Just to be clear - NOT, in my view, a launch blocker. 🙂
drumm Ah, backing that out, I misread
drumm So https://gitlab.com/rugged/rugged/-/issues/147 is the one priority for rugged, as far as I know
phenaproxima Yeah, that one is definitely a blocker.

5️⃣ Server-side for contrib - re-inited the proof-of-concept TUF repository to work around the rugged issue above ^. We’re rebuilding this to fix some shortcuts taken in rushing through the proof-of-concept. The next step is https://gitlab.com/drupal-infrastructure/package-signing/drupal-rugged/-..., I think we may be toward the “end” for this on staging, but I’m sure we’ll discover more

6️⃣ Server-side for core - no progress to report, once the contrib instance is set up, we’ll set up another rugged stack and begin work

effulgentsia @drumm: I know estimates are hard, but do you have a sense of how much work is involved in doing this once you start? Is it still feasible for this to be done by 10.2's alpha (in 4 weeks) or beta (in 6 weeks), considering it hasn't started yet? Or would it be better for us to plan the initiative based on this not getting done by then?
drumm I’m hoping it’ll be straightforward, maybe a week or so. It shouldn’t be stress testing Rugged any more than before. Will be a bit of back & forth with our Tag1 contractors to get everything set up, so maybe a week from when I start, if things go well.

7️⃣ Security review - I am not personally aware of any progress

8️⃣ Core reviews of the module - @tedbow, @phenaproxima, and I will work on updating relevant issue summaries  to help facilitate this. Depending on reviewer preference, code review can be done by either reviewing the core MR or the code in the contrib module: they're 99% the same, and the core MR is automatically generated from the contrib module. However, testing is easier done with the contrib module, since otherwise it's a chicken and egg problem of applying a core MR to have a core codebase that has AU in it but then using it to update to a version of core that doesn't yet have AU in it. Separately, per 6️⃣ above, TUF integration can be tested for updating a contrib module, but TUF integration can't be tested yet for updating core, since the Rugged instance for signing core hasn't been built yet. (edited) 

Participants:

xjm, tedbow, effulgentsia, phenaproxima, drumm

Comments

hestenet created an issue. See original summary.

hestenet credited drumm.

hestenet credited effulgentsia.

hestenet credited phenaproxima.

hestenet credited tedbow.

hestenet credited xjm.

hestenet’s picture

hestenet
He/Him
Location Portland, OR 🇺🇸
commented
Issue summary: View changes
xjm’s picture

xjm
she/her
Primary language English
commented

Amending attribution.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.