Skip to main content

conda-forge core meeting 2023-01-25

Add new agenda items under the Your __new__() agenda items heading

last weeks meeting What time is the meeting in my time zone Meeting info:

Attendees

NameInitialsGitHub IDAffiliation
Jaime Rodríguez-GuerraJRGjaimergpQuansight / cf
John KirkhamJKjakirkhamNVIDIA / cf
Dave ClementsDPCtnabtafAnaconda
Cheng H. LeeCHLchenghleeAnaconda / cf
Jannis LeidelJLjezdezAnaconda / cf

9 people total

Standing items

  • intros for new folks on the call

  • open votes

From previous meeting(s)

Active votes

Your new() agenda items

  • (JRG) GSoC applications: my ideas
  • (JRG) NumFOCUS SDG for opt-in CI
    • Small Development Grant
    • https://numfocus.org/programs/small-development-grants
    • Applications start ... soon (Feb 15?)
    • Build access control for CI.
    • They have cycles and out of cycle grant submission.
      • out of cycle are less likely to be approved.
      • This is not urgent.
    • Larger issue
      • Do we need to vote on approving grant submissions?
      • Feeling is no. We notify this group so we don't collide and to see if there are objections, but no formal vote.
    • Aligning on Travis?
  • (JRG) Certificates for signed installers
    • Miniforge
    • Sign installers that miniforge produces.
    • Have a certificate from NumFOCUS for apple, but not windows
    • https://github.com/conda-forge/miniforge/issues/201
    • Talking to Steve Dower @ Microsoft ( https://github.com/zooba ) for advice
    • Could do this for the whole community (?) (see point by Jannis below)
    • Need to look up if an EV cert is required and possibly other things (e.g., timestamping)
    • Concern about security/access to tokens/passwords on CI by non-core
      • Disolve miniforge team?
      • Promote them to core?
      • Some other way to do signing that avoids this issue?
      • ???
      • JRG: Minimized in a way with AzureSignTool, which relies on an Azure Vault instead of passing raw certificates.
      • CHL: Can get Anaconda supply chain security team to take a look, since that's work we are doing anyways.
  • (JL) Conda Installer Team
    • future conda community governance team to handle underlying code/proceses to build conda installers
    • interest into joining miniforge and mambaforge into the team/repo?
    • still in the aligning/team charter writing phase
  • (DPC) conda-forge tutorial proposal accepted at PyCon US 2023
    • Schedule is not published yet.
    • One output is updated docs for conda-forge/staged-recipes
    • (JRG) Could create an element room for tutorial q&a
    • FF: Seek help from the community. Tweet about possible help room for participants
  • (JK) OpenSSL
    • TensorFlow was a blocker. Has already been rebuilt.
    • Couple others with unknown status.
    • With Ruby you need a current version of Ruby
    • Same with NodeJS.
    • Is this done enough?
    • We talked about it in this call. There was no opposition. In fact there was outright support for closing it!
    • so: Yes let's close.
    • Who will do this? JRG will do this.

Pushed to next meeting

CFEPs

  • cfep-12 Removing packages that violate the terms of the source package
    • Stalled since May 26, 2020
    • Active debate about moving to "broken" vs deleting from conda-forge channel
    • Active vote, ends on 2020-03-11
    • What were the results of the vote?
    • Did we hear back from NumFOCUS? they did the legal seminar which is recorded
    • And, see above too.