-
Notifications
You must be signed in to change notification settings - Fork 332
Meeting 2017 11 17
https://identi.ca/larjona/note/zltO65bpRfWsb-RFNGs43w
We're resuming our monthly community meeting!
We'll meet today Friday 2017/11/17 at 20:00 UTC on the #pump.io channel on the Freenode IRC network, which is also mirrored to the [email protected] jabber/XMPP MUC room.
You're all welcome to join us!
Agenda (editable) is here https://github.com/pump-io/pump.io/wiki/Meeting-2017-11-17
Feel free to add to this before the meeting!
- Status updates from last months
- Pump.io code development
- 5.0.0!!
- ActivityPub implementation
- ButtFlare DNS changes
- [email protected]
- AS1 vocab
- Outbound Webmention
- Other
- Branding
- Community governance and sustainability
- Conservancy membership
- Node status
- Node adoption
- Funding
[21:12:25] <pumabot> #############################################################
[21:12:25] <pumabot> BEGIN LOG
[21:12:25] <pumabot> #############################################################
[21:12:25] <pumabot> Welcome to this month's Pump.io community meeting! Everyone is welcome to participate.
[21:12:25] <pumabot> This meeting is being logged and it will be posted on the wiki at https://github.com/e14n/pump.io/wiki/Meeting-2017-11-17. If you would like your nick redacted, please say so, either now or after the meeting.
[21:12:25] <pumabot> Let's start with roll call - who's here?
[21:12:25] -*- pumabot is here
[21:12:28] -*- e_s_p is here
[21:12:30] -*- strugee is here
[21:12:43] <xmpp-pump> [Jan] o/
[21:12:53] <xmpp-pump> [Jan] Jan is here
[21:13:15] <distopico> distopico is here
[21:13:31] <strugee> I pinged cwebber too, in #social
[21:13:37] <e_s_p> Cool
[21:14:21] <dustyweb> beep
[21:14:27] <strugee> pumabot: next agenda item
[21:14:27] <pumabot> TOPIC: Pump.io code development
[21:14:27] <pumabot> * 5.0.0!!
[21:14:27] <pumabot> * ActivityPub implementation
[21:14:27] <pumabot> * ButtFlare DNS changes
[21:14:27] <pumabot> * [email protected]
[21:14:27] <pumabot> * AS1 vocab
[21:14:27] <pumabot> * Outbound Webmention
[21:14:28] <pumabot> * Other
[21:14:33] <e_s_p> Sweet
[21:14:35] <strugee> woot
[21:14:38] <e_s_p> ha ha buttflare
[21:14:44] <strugee> oh my god
[21:14:49] <strugee> it happened again
[21:14:52] <e_s_p> Cloud to Butt!
[21:15:01] <xmpp-pump> [Jan] hm, 5.0.0!? :D
[21:15:05] <strugee> yes!! apparently it edits text fields too though?? yikes
[21:15:17] <strugee> anyway lol
[21:15:31] <e_s_p> OK let's do this
[21:15:41] <xmpp-pump> [Jan] dangerous extension xD
[21:15:47] <strugee> I don't know why 5.0.0 is on the agenda, that was a month and a half ago lol
[21:15:48] <strugee> but woot
[21:15:49] <e_s_p> strugee: can you tell us about 5.0.0
[21:15:53] <strugee> sure
[21:15:55] <e_s_p> OK, let's move on
[21:16:08] <strugee> yeah so ActivityPub
[21:16:14] <e_s_p> OK
[21:16:24] <xmpp-pump> [Jan] *_*
[21:16:36] <strugee> currently I'm about ready to ship AS2 representations
[21:16:44] <e_s_p> At the edge, correct?
[21:16:44] <strugee> BUT
[21:16:48] <strugee> yes, exactly
[21:16:51] <strugee> lemme paste the PR
[21:16:55] <e_s_p> Incoming and Outgoing?
[21:17:27] <strugee> outbound but once we've figured out that, inbound shouldn't be too hard
[21:17:32] <e_s_p> OK
[21:17:43] <xmpp-pump> [Jan] future is now =)
[21:17:43] <strugee> though I was planning to only accept AS2 on ActivityPub routes
[21:17:48] -*- dustyweb \o/
[21:17:53] <e_s_p> Fine
[21:17:59] <e_s_p> Can you paste the PR?
[21:18:03] <strugee> https://github.com/pump-io/pump.io/pull/1483/files#diff-4e8b28a0f7943cb0fe11996dd13fd7df is the actual changes
[21:18:06] <pumabot> ActivityStreams 2.0 by strugee · Pull Request #1483 · pump-io/pump.io · GitHub
[21:18:40] <strugee> so maybeAS2() basically just returns a mangled object if the consumer negotiated AS2
[21:19:00] <strugee> so the syntax is all right according to the AS2 core spec
[21:19:01] <strugee> BUT
[21:19:09] <strugee> it doesn't specify anything about vocabulary
[21:19:20] <strugee> https://www.w3.org/TR/activitystreams-core/#activitystreams-1.0a is what I'm referring to FWIW
[21:19:21] <pumabot> Activity Streams 2.0
[21:19:30] <e_s_p> I'm looking at this
[21:19:32] <e_s_p> https://github.com/pump-io/pump.io/pull/1483#issuecomment-342046659
[21:19:33] <pumabot> ActivityStreams 2.0 by strugee · Pull Request #1483 · pump-io/pump.io · GitHub
[21:19:43] <e_s_p> Is that what we're discussing?
[21:19:47] <strugee> e_s_p: yeah
[21:19:50] <e_s_p> OK
[21:20:06] <e_s_p> So most of these, there's no actual handling of those verbs in the code
[21:20:12] <strugee> so where that comes from is I read through all the legacy AS1 vocabulary and looked for AS2 equivalents
[21:20:29] <e_s_p> Right I recognize it
[21:20:39] <strugee> lol sorry
[21:20:49] <strugee> so what I'm worried about isn't handling in the code, it's consumers being confused by vocabulary they don't understand
[21:20:53] <e_s_p> So I think anything that was in the old vocabulary that we didn't specifically handle, we ignore
[21:20:59] <strugee> or expect
[21:21:17] <strugee> define "ignore"
[21:22:06] <e_s_p> Well, I doubt that there are any in any of our DBs
[21:22:11] <e_s_p> But if there are, just throw them away
[21:22:27] <e_s_p> Or put them in their own namespace, like AS1:install
[21:22:47] <strugee> hm okay
[21:22:59] <e_s_p> I think it's the ones with actually apply*() methods on Activity that matter
[21:23:14] <e_s_p> Follow, stop-following, Favorite, Like, Post, ...
[21:23:31] <strugee> wait I think we're talking across each other
[21:23:47] <strugee> I'm not worried about internal side effect handling or whatever, that all stays the same
[21:24:22] <strugee> the problem is, if there is one of these in a DB (which we don't have any metrics on), what do we do when a consumer requests an AS2 representation
[21:24:33] <strugee> I guess just put them in an extension context, right?
[21:25:10] <e_s_p> That's what I was thinking
[21:25:15] <strugee> seems like we shouldn't push for this to be a vocabulary in the SocialCG or whatever since I assume most of these were dropped due to lack of implementation evidence
[21:25:18] <strugee> yeah okay
[21:25:20] <e_s_p> I'm bummed about group, that's the only one I think we needed
[21:25:30] <e_s_p> Yes exactly
[21:25:31] <dustyweb> group?
[21:25:40] <dustyweb> as in a collection of users?
[21:25:42] <e_s_p> Implementation in pump.io was one of the big inputs to the vocabulary cleanup
[21:25:49] <dustyweb> you could just use Collection
[21:25:55] <dustyweb> that's what I do
[21:25:56] <strugee> well but groups in pump.io were always semi-busted IIRC
[21:26:03] <e_s_p> that's probably fair
[21:26:03] <strugee> we have a bug open about making them work
[21:26:08] <e_s_p> strugee: yep
[21:26:13] <dustyweb> e_s_p: the AP document even has language about delivering to collections
[21:26:18] <e_s_p> dustyweb: that's probably fine
[21:26:27] <e_s_p> But there are two different kinds of group
[21:26:34] <strugee> https://github.com/pump-io/pump.io/issues/299
[21:26:34] <pumabot> Groups · Issue #299 · pump-io/pump.io · GitHub
[21:26:36] <puckipedia> so one question: it seems you're using @id and @type in the AS2 representation, and also I don't think there's a @context?
[21:26:43] <e_s_p> One that is an address list, managed solely by a person
[21:26:45] <dustyweb> a wild puckipedia has appeared
[21:26:57] <e_s_p> And the other is a group that people can join and leave at will
[21:27:00] <strugee> haha dustyweb they joined directly before you
[21:27:10] <e_s_p> strugee: so, what's the question here?
[21:27:20] <strugee> e_s_p: I think we answered it
[21:27:28] <strugee> use an extension context for legacy verbs
[21:27:37] <e_s_p> I think we should just make a bogus namespace http://pump.io/as1/weneverthoughtwedneedthis# and stick stuff in there if we have to
[21:27:38] <pumabot> Page not found · GitHub Pages
[21:27:40] <distopico> Sould be search for A1, parse and update, if AS1 not found, search for AS2
[21:27:46] <dustyweb> lol
[21:27:47] <strugee> puckipedia: there _should_ be an @context
[21:27:48] <distopico> *should
[21:27:49] <strugee> leave a comment
[21:28:07] <strugee> haha sounds great
[21:28:07] <e_s_p> Oh and comment -> note, yes
[21:28:45] <strugee> great
[21:28:59] <dustyweb> btw one note is that if you want Mastodon and some other applications' interop, you should add HTTP Signatures support, but you probably don't need to do that immediately if you're mostly focusing on AP basics for now (it's not required in AP proper, but is non-normatively converting on that authentication mechanism for between servers)
[21:29:07] <dustyweb> just putting it out there.
[21:29:19] <puckipedia> dustyweb: well, afaict, it's read-only for now :P
[21:29:21] <strugee> yep
[21:29:27] <dustyweb> aha :)
[21:30:05] <e_s_p> this is first step
[21:30:05] <strugee> dustyweb: what I'd like to do is stick with the current authentication until AP stabilizes and then change auth schemes
[21:30:06] <xmpp-pump> [Jan] for your eyes only =)
[21:30:10] <strugee> otherwise there's too many moving parts
[21:30:11] <e_s_p> OK, anything else needed here?
[21:30:23] <e_s_p> strugee: are you going to do an implementation report for WG?
[21:30:26] <strugee> nah, I think we're good
[21:30:28] <strugee> e_s_p: yep
[21:30:46] <e_s_p> OK, can we move on?
[21:30:59] <e_s_p> What's this web mention thing?
[21:30:59] <strugee> I'll probably do an AS2 impl report when that PR lands, and then an AP report when I write that bit
[21:31:02] <dustyweb> strugee: sure
[21:31:09] <strugee> yeah let's move on
[21:31:12] <strugee> so Webmention
[21:31:13] <e_s_p> strugee: well, we need AP implementation reports so
[21:31:15] <e_s_p> Yeah
[21:31:30] <e_s_p> What's up with that
[21:31:39] <e_s_p> Is that going into pump.io itself or into a bridge?
[21:31:48] <strugee> I had mentioned to Tantek months ago offhand that we might be able to send outbound Webmentions
[21:31:50] <e_s_p> And if it's not a bridge, please explain
[21:31:53] <e_s_p> !!!!!!!!!!!!!!
[21:31:58] <strugee> there's no code for this atm, wanted your input
[21:32:07] <strugee> (and made that clear to Tantek lol)
[21:32:08] <e_s_p> OK, my input is don't put it into pump.io
[21:32:15] <strugee> so here's my reasoning
[21:32:16] <e_s_p> It'd be great to have a bridge, though
[21:32:24] <e_s_p> It'd be great for all different kinds of AP servers
[21:32:32] <strugee> it's super easy
[21:32:46] <strugee> it doesn't require any changes to the database, API, or anything
[21:32:48] <e_s_p> That way lies madness
[21:32:53] <distopico> Webmentions looks easy to implement
[21:32:57] <strugee> it's basically just a bonus side effect of accepting inbound activities
[21:32:59] <e_s_p> They do, don't they?
[21:33:01] <puckipedia> I should add Webmention into Kroeg tbh, lol
[21:33:03] <strugee> no
[21:33:05] <e_s_p> Please don't do this
[21:33:17] <strugee> I won't if you say so :)
[21:33:28] <e_s_p> I have really, really strong distaste for doing multiple protocols
[21:33:34] <e_s_p> A bridge would work great
[21:33:49] <strugee> I would never suggest _accepting_ inbound Webmentions because that requires figuring out how to represent it in the API, etc.
[21:34:18] <e_s_p> How about this
[21:34:29] <e_s_p> Let's commit to trying to build a bridge to send Webmentions
[21:34:39] <e_s_p> If we get it up and it doesn't work, we'll put it in core
[21:34:41] <e_s_p> Sound fair?
[21:34:44] <strugee> sure
[21:34:56] <strugee> I don't have strong feelings on this to be clear, I just thought it would be nice
[21:35:05] <e_s_p> I have really strong opinions on this!
[21:35:10] <strugee> lol I see :P
[21:35:17] <e_s_p> ;-)
[21:35:39] <xmpp-pump> [Jan] strugee might get a horse head on his bed tomorrow...
[21:35:41] <e_s_p> I am just super averse to doing things lots of different ways in pump.io
[21:35:44] <distopico> How does it benefit the user webmentions?
[21:35:44] <strugee> I guess we could have the bridge just use the realtime API? or just poll I guess, maybe the delay doesn't matter
[21:36:06] <e_s_p> I understand the sentiment but I'd be concerned that one extra protocol becomes 3 extra protocols and then we have a huge mess
[21:36:08] <strugee> e_s_p: yeah me too. would reject patches to land anything more complex than this
[21:36:19] <strugee> distopico: interop with the IndieWeb
[21:36:21] <strugee> https://indieweb.org
[21:36:22] <pumabot> IndieWeb
[21:36:29] <e_s_p> strugee: I'd think the bridge would just follow you
[21:36:50] <strugee> e_s_p: ah yeah that'd work
[21:37:29] <e_s_p> Log into webmention.pub, tell it to follow you, maybe have some settings for what kind of stuff should be passed through WM (I'd think public only by default)
[21:37:39] <distopico> The bridge adds complexity to teh user and to the sysadmin
[21:37:46] <e_s_p> Sorry what
[21:37:57] <strugee> distopico: if you set up your own bridge
[21:38:19] <distopico> yes, but teh brisges not has much documentations
[21:38:22] <e_s_p> The bridge model lets lots of people build their own parts of the ecosystem
[21:38:26] <distopico> only experiments
[21:38:29] <strugee> we could run a public one on e.g. webmention.pub
[21:38:29] <e_s_p> Instead of having everything in one place
[21:38:36] <xmpp-pump> [Jan] and the "non-bridge" adds bloat, so... =)
[21:38:43] <distopico> is like the plugins, in lib/app.js
[21:38:52] <strugee> lol plugins
[21:38:55] <strugee> there be grues
[21:38:58] <e_s_p> Yeah booo
[21:39:09] <xmpp-pump> [Jan] distopico, if there's not enought documentation, the solution is fixing the documentation, don't you think? :D
[21:39:19] <e_s_p> Or adopting the code
[21:39:36] <e_s_p> I'd love people to take over some of the bridges, most of them are down now IIRC
[21:39:42] <strugee> I think we could actually make an almost stateless Webmention bridge, that'd be neat
[21:39:43] <distopico> Si los puentes estuvieran bien documentados, seria mejor.
[21:39:54] <distopico> sorry in english
[21:39:56] <distopico> If the bridges were well documented, it would be better.
[21:40:05] <e_s_p> distopico: agreed
[21:40:14] <strugee> yeah e_s_p a bunch of the nodes' domains are almost expired
[21:40:22] <e_s_p> strugee: yeah, I'm on it!
[21:40:25] <xmpp-pump> [Jan] so the solution is fixing the docs, not dropping the bridges =)
[21:40:39] <strugee> e_s_p: I can send you some EvanCoin and a list of things that needs to be done for all of them
[21:40:47] <e_s_p> strugee: deal
[21:40:49] <xmpp-pump> [Jan] microca.st _is_ expired I think
[21:40:53] <e_s_p> OK, let's keep going
[21:41:04] <strugee> yeah
[21:41:07] <strugee> ummm
[21:41:09] <e_s_p> Unfortunately I have to break soon
[21:41:14] <strugee> that's fine
[21:41:27] <strugee> I think the rest of the things on that list I can spend EvanCoin on
[21:41:33] <strugee> pumabot: next topic
[21:41:42] <strugee> well that was dramatic
[21:41:55] <strugee> TOPIC: branding
[21:42:05] <strugee> brought this up at the last meeting but since e_s_p wasn't there
[21:42:12] <e_s_p> So I read this
[21:42:14] <e_s_p> All great!
[21:42:17] <strugee> https://github.com/pump-io/pump-io.github.io/issues/19
[21:42:17] <pumabot> Refresh website branding · Issue #19 · pump-io/pump-io.github.io · GitHub
[21:42:21] <strugee> ah wonderful! sounds good
[21:42:25] <strugee> if I ever find time lol
[21:42:31] <e_s_p> I think the only thing I'd add is that pump.io is pretty slim
[21:42:36] <e_s_p> And it runs pretty fast
[21:42:57] <strugee> ooo, yes. that's definitely good
[21:43:01] <e_s_p> I'd love to actually benchmark different social network apps
[21:43:04] <e_s_p> And compare them
[21:43:10] <strugee> dunno if we should fold that in with "admin experience"?
[21:43:31] <strugee> I think it'd be better if we kept the list to three things people could know us for
[21:43:35] <e_s_p> Like, if you post an activity to an account with N followers, how long does it take for all the followers to receive the activity?
[21:43:39] <distopico> I can help with the branding, design, but need help with the text
[21:43:58] <e_s_p> I'm still a big fan of the pump symbol as a logo
[21:44:02] <strugee> me too
[21:44:15] <strugee> distopico: yeah, if I can find time this weekend I might draw a mockup and scan it
[21:44:32] <distopico> Promote more third-party applications
[21:44:42] <distopico> not change the logo
[21:44:55] <strugee> e_s_p: benchmarks would be awesome
[21:45:09] <strugee> we've surely gotten faster too cause of all the dependency upgrades
[21:45:38] <e_s_p> Wooo
[21:46:03] <strugee> :-)
[21:46:20] <strugee> okay good to know
[21:46:35] <strugee> let's move on since e_s_p you have to go
[21:46:39] <strugee> TOPIC: Community governance and sustainability
[21:46:43] <e_s_p> So another strength I like is that we build on the Web
[21:46:56] <e_s_p> Like, not with plugins or modules, but with other web sites
[21:47:02] <e_s_p> bridges, apps, etc.
[21:47:13] <strugee> e_s_p: yeah, good point. will include some language about that in the standards item
[21:47:15] <e_s_p> OK, sorry, that's old
[21:47:21] <e_s_p> On this topic!
[21:47:27] <strugee> np
[21:47:44] <strugee> ok so with governance. I don't know what the state is here since larjona isn't here
[21:48:10] <e_s_p> I thought we were doing pretty good
[21:48:14] <strugee> yeah
[21:48:33] <e_s_p> I'd like to figure out a way to turn over all the sites that E14N manages to the pump.io org
[21:48:49] <e_s_p> And then the org can get them adopted by other people
[21:48:55] <strugee> e_s_p: right
[21:48:57] <e_s_p> Or whatever
[21:49:04] <strugee> we don't have funding though
[21:49:11] <e_s_p> Right
[21:49:26] <e_s_p> I guess maybe I could personally donate funds to keep the sites running for a year or something?
[21:49:38] <e_s_p> I mean, it's coming out of my pockets anyway
[21:49:41] <strugee> that would be amazing
[21:49:59] <e_s_p> It'd have to be earmarked
[21:50:07] <strugee> I guess we can set up some way to take donations during that time
[21:50:12] <e_s_p> Right
[21:50:27] <e_s_p> OK, let's put this down as a TODO for me
[21:50:33] <strugee> great
[21:50:34] <distopico> strugee: Which are the most important?
[21:50:50] <strugee> distopico: which whats?
[21:50:51] <e_s_p> My accountant wants me to shut down E14N soon anyway
[21:51:00] <e_s_p> So it'd be good to do that transfer
[21:51:01] <distopico> whats domains
[21:51:04] <strugee> yeah
[21:51:17] <strugee> pumpit.info is the most important since the community account is on there, other than that idk
[21:52:39] <xmpp-pump> [Jan] I'd say microca.st
[21:52:45] <xmpp-pump> [Jan] by a wide margin
[21:52:48] <strugee> okay
[21:52:53] <distopico> fix ssl for https://ofirehose.com/
[21:52:54] <pumabot> Error getting https://ofirehose.com/: Error: certificate has expired
[21:52:55] <e_s_p> OK cool
[21:52:56] <xmpp-pump> [Jan] besides identi.ca of course, which is still up :D
[21:53:08] <strugee> e_s_p: I can send you EvanCoin for that
[21:53:14] <e_s_p> That sounds good
[21:53:17] <e_s_p> Make a list and let's do it
[21:53:19] <strugee> but we need the Conservancy stuff to go through for that to happen right?
[21:53:28] <strugee> to hold funds
[21:54:00] <e_s_p> I thought it was done
[21:54:00] <strugee> distopico: we have a bunch of work that needs to happen on ofirehose, I'll discuss it with you after we're done
[21:54:09] <strugee> not last I heard
[21:54:12] <e_s_p> OK
[21:54:20] <strugee> we got accepted but have some stuff to iron out I think
[21:54:21] <e_s_p> Let's ask larjona then
[21:54:27] <strugee> yeah I'll coordinate with her
[21:54:41] <e_s_p> OK, so I think we're at the end of our agenda
[21:54:46] <strugee> yep
[21:54:50] <e_s_p> I'm excited to see so much happening
[21:54:53] <strugee> me too!
[21:55:06] <e_s_p> One thing I'd like to do is get all the E14N servers up on Docker so they're easier to manage
[21:55:18] <strugee> yeah a Docker image landed, I can prioritize figuring out publishing
[21:55:27] <e_s_p> Is it on docker hub?
[21:55:46] <strugee> not yet because we need to set up some infra
[21:55:59] <e_s_p> Right
[21:56:04] <e_s_p> Not much though!
[21:56:11] <e_s_p> Actually, why any?
[21:56:13] <strugee> probably just a cronjob will be good enough
[21:56:15] <e_s_p> Docker will auto-build it
[21:56:24] <e_s_p> Or travis CI
[21:56:26] <strugee> https://github.com/pump-io/pump.io/issues/1418
[21:56:28] <pumabot> Publish the Docker image to Docker Hub · Issue #1418 · pump-io/pump.io · GitHub
[21:56:38] <strugee> ooo yeah Travis is a really good idea
[21:56:43] <strugee> I completely forgot they did cronjobs
[21:56:45] <larjona> Omg I had a problem with telephones at home, got stuck dealing with ISP and totally forgot the meeting
[21:56:47] <larjona> Sorry
[21:56:51] <strugee> larjona: np!
[21:56:57] <xmpp-pump> [Jan] =)
[21:57:14] <e_s_p> I think just publish a new docker image on successful test of a tagged commit from Travis CI
[21:57:25] <xmpp-pump> [Jan] dealing with Spanish ISPs... I sympathize
[21:57:32] <e_s_p> As long as you push tags in order it works great
[21:57:41] <strugee> e_s_p: the reason we need infra is because with a Docker image we're not just responsible for shipping pump.io fixes, we're also responsible for the underlying libraries and Node.js binary
[21:57:53] <larjona> I'll catch up with backlog later, will try to follow now
[21:57:55] <e_s_p> And?
[21:58:07] <strugee> so we need a cronjob to autopublish images whenever an underlying library publishes a security fix
[21:58:24] <e_s_p> Or we can push a new tagged version
[21:58:25] <strugee> a library or Node.js itself
[21:58:55] <strugee> what, a new tag with no changes?
[21:58:57] <distopico> strugee: for nodejs binary nvm?
[21:59:05] <e_s_p> Well, changes to package.json or package-lock.json
[21:59:23] <strugee> e_s_p: no no I'm not talking about npm dependencies, we already cover those with security releases
[21:59:34] <strugee> I'm talking about C libraries shipped by Alpine Linux
[21:59:46] <distopico> nvm install lts
[21:59:49] <strugee> the actual node binary, its dependencies, etc.
[22:00:09] <e_s_p> So basically there's a FROM node:8-alpine at the top?
[22:00:16] <strugee> e_s_p: yeah
[22:00:30] <strugee> so the problem is, we ship a Docker image build with a particular Node version
[22:00:34] <distopico> https://github.com/creationix/nvm
[22:00:35] <e_s_p> Right
[22:00:35] <pumabot> GitHub - creationix/nvm: Node Version Manager - Simple bash script to manage multiple active node.js versions
[22:00:46] <e_s_p> Yeah nvm is great
[22:00:49] <distopico> with nvm tou cant install node8 in debian 6 XD
[22:00:58] <e_s_p> Not sure it's important for this Docker conversation though
[22:00:59] <distopico> you can
[22:01:12] <strugee> Node publishes a security release. Alpine ships the new release in repos. our Docker image ships the vulnerable Node.js binary because Docker images are immutable.
[22:01:19] <strugee> distopico: nvm is nice but doesn't solve this problem
[22:01:33] <strugee> unless you're suggesting running nvm install 8 any time a container boots which I think is untenable
[22:01:48] <e_s_p> strugee: so we push a 5.0.3 and travis-ci builds a new version from the updated node:8-alpine
[22:02:26] <strugee> well but then we need something to notify us about Alpine security releases
[22:02:30] <distopico> you can run nvm install lts``
[22:02:33] <e_s_p> And it gets tagged in Docker Hub as pump-io/pump.io:latest and pump-io/pump.io:5.0.3 and pump-io/pump.io:5.0 and pump-io/pump.io:5
[22:02:48] <strugee> we're getting down into the weeds, this doesn't actually matter that much
[22:02:57] <e_s_p> No, it kind of doesn't
[22:03:13] <e_s_p> I don't think Alpine and Node publish security alerts so often that this can't be done manually at first
[22:03:13] <strugee> let's just leave it at, I have a plan to ship this, it'll be fine
[22:03:19] <e_s_p> Like it's not several times a day
[22:03:53] <e_s_p> But there are probably tools to re-build dependent Docker images when the upstream image changes
[22:04:01] <strugee> yeah Node itself is relatively easy, it's just that I don't want to keep track of all the random C libraries that are installed with it
[22:04:08] <e_s_p> Of course not
[22:04:13] <strugee> I looked for some and there aren't any that don't cost money
[22:04:21] <e_s_p> I mean, what really matters is that node:8-alpine has changed
[22:04:42] <strugee> exactly. so the plan was:
[22:04:43] <strugee> > So the rough plan is to regenerate Docker images on a cronjob and diff them with the old one. If there's a difference, they'll be published. We'll also provide nightly builds for git master users.
[22:04:50] <e_s_p> OK
[22:04:56] <strugee> ok cool
[22:05:03] <e_s_p> You're worrying about something literally nobody else who uses Docker worries about, though
[22:05:22] <e_s_p> Push on successful test on Travis CI and most of this goes away
[22:05:27] <strugee> http://lmgtfy.com/?q=docker+insecurity
[22:05:27] <pumabot> LMGTFY
[22:05:45] <strugee> ;)
[22:05:49] <strugee> I'm awful
[22:05:51] <distopico> constinous delivery for pump docker images?
[22:05:52] <e_s_p> Right
[22:06:01] <strugee> e_s_p: don't want to keep you past time btw
[22:06:03] <e_s_p> distopico: yes
[22:06:09] <e_s_p> I'm happy to stay to argue
[22:06:14] <strugee> hahaha
[22:06:24] <e_s_p> I'll talk to you soon
[22:06:28] <strugee> yeah sounds good
[22:06:46] <strugee> alright if we don't have any other business I'd like to end this meeting?
[22:06:52] <strugee> distopico: I can discuss ofirehose with you too
[22:07:18] <strugee> also, agenda items for me:
[22:07:26] <xmpp-pump> [Jan] you're the chair, or the table, or something =)
[22:07:34] <strugee> 1. spend some MONEY and by money I mean EvanCoin
[22:07:36] <distopico> Yes, i have time
[22:07:51] <strugee> 2. work out Docker image publishing
[22:08:01] <strugee> 3. ship AS2, etc.
[22:08:14] <strugee> alright I guess since no one else piped up we're done
[22:08:16] <strugee> thanks all!
[22:08:23] <larjona> Thanks
[22:08:27] <distopico> thanks
[22:08:28] <detrout> I accidentally made it and have a small question.
[22:08:32] <xmpp-pump> [Jan] \o/
[22:08:33] <strugee> detrout: sure!
[22:08:44] <xmpp-pump> [Jan] oh
[22:08:53] <xmpp-pump> [Jan] just in the nick of time!
[22:08:54] <detrout> Is there an official pump account or email list one can sign up to, to be notified when there are updates to pump?
[22:09:07] <strugee> lol
[22:09:08] <strugee> well
[22:09:11] <xmpp-pump> [Jan] there used to be
[22:09:11] <jxself> I would like one of those. I missed the latest release.
[22:09:12] <detrout> I think I manage to see strugee occasionally mention it
[22:09:18] <xmpp-pump> [Jan] we'll get it back
[22:09:23] <strugee> in theory you can follow [email protected]
[22:09:27] <strugee> but that's been down for a while
[22:09:36] <strugee> I can set up an announce list if that would be helpful
[22:09:44] <jxself> I would find it helpful.
[22:09:51] <strugee> great
[22:09:55] <detrout> I think it'd be helpful too
[22:09:55] <jxself> GitHub also provides an atom/RSS interface.
[22:09:59] <strugee> so 4. set up announce list
[22:10:06] <jxself> Which could be used with an RSS-to-email thing.
[22:10:09] <detrout> Thank you
[22:10:22] <strugee> I don't know if they do RSS for GitHub Releases but they do provide a JSON API
[22:10:38] <jxself> Yes, they have one. I was using it to monitor a project. Just a moment...
[22:10:39] <strugee> I've used that before to notify me about other projects' releases; will probably use it to set up a list
[22:10:41] <distopico> a email list could be great
[22:11:19] <detrout> I suspect an announce email list is probably the most reliable and simplest to use option
[22:11:19] <strugee> someone told me about http://librelist.com/ a long time ago, seems nice
[22:11:19] <pumabot> Librelist: Welcome to librelist.com
[22:11:24] <jxself> https://github.com/pump-io/pump.io/releases.atom
[22:11:46] <strugee> ah thx jxself! that's helpful
[22:11:59] <detrout> oh nice
[22:12:38] <detrout> Do you want a list or should I just make my own atom to email gateway?
[22:12:51] <xmpp-pump> [Jan] also, there's this if anyone's interested http://pump.io/blog/index.rss
[22:13:12] <strugee> detrout: I don't care
[22:13:20] <jxself> Although I don't think every release gets a blog post.
[22:13:34] <strugee> jxself: I think I missed a blog post once
[22:13:42] <strugee> oh actually subsequent betas don't
[22:13:48] <strugee> so yeah
[22:14:11] <strugee> detrout: sounds like both you and jxself would get use out of an email list so I can just go ahead and run that
[22:14:17] <detrout> Ok thank you
[22:14:20] <xmpp-pump> [Jan] still, as an additional info source =)
[22:14:21] <strugee> np!
[22:14:24] <jxself> Thank you, good sir.
[22:14:29] <strugee> :-)
[22:14:56] <detrout> FWIW it might help listing the blog, the releases.atom feed, and the email list on in the project readme
[22:15:29] <jxself> That does seem a good idea.
[22:15:45] <strugee> detrout: yeah the README is trash honestly, I started cleaning it up the other day
[22:15:58] <strugee> https://github.com/pump-io/pump.io/pull/1496
[22:15:59] <pumabot> [WIP] Move docs to ReadTheDocs by strugee · Pull Request #1496 · pump-io/pump.io · GitHub
[22:16:04] <detrout> Yeah I just scrolled through it, and it does seem too long
[22:16:29] <strugee> it's awful
[22:16:47] <strugee> the problem is that it's grown organically over the years and never really been reorganized
[22:16:51] <detrout> Yep
[22:16:56] <strugee> and predates ReadTheDocs so
[22:17:15] <strugee> lol
[22:17:16] <strugee> rip
[22:17:30] <detrout> the readme probably should be a brief statment about what the project is and then links to more details elsewhere
[22:17:36] <distopico> Looks like a documentation of npm library xD
[22:18:31] <strugee> yeah
[22:20:19] <detrout> I don't have a lot of time but if you want fresh eyes to read the docs and perhaps make modest changes I can probably manage to help
[22:20:44] <detrout> (reading something you know a lot about can be tough)
[22:20:50] <strugee> detrout: for sure
[22:21:04] <strugee> I'll leave a note on the issue tracker to ping you when we're done
[22:21:09] <detrout> Ok
[22:21:13] <strugee> dunno when that will be though - I also don't have a lot of free time :'D
[22:21:21] <detrout> I know the feeling
[22:21:34] <detrout> Ah is there a "clean up the docs issue"?
[22:21:53] <detrout> I can just go add myself to the notifications
[22:22:03] <strugee> yep
[22:22:19] <strugee> https://github.com/pump-io/pump.io/issues/1276
[22:22:19] <pumabot> Improve README · Issue #1276 · pump-io/pump.io · GitHub
[22:22:39] <detrout> I subscribed to it
[22:22:42] <strugee> awesome
[22:22:55] <strugee> okay
[22:22:57] <strugee> any other business?
[22:23:26] <detrout> That's all I had
[22:23:31] <strugee> cool
[22:23:34] <strugee> going once?
[22:23:44] <strugee> going twice?
[22:24:02] <strugee> SOLD
[22:24:08] <strugee> thanks all!
[22:24:10] <strugee> pumabot: end meeting
[22:24:10] <pumabot> Thank you all for attending! Logs will be posted on the wiki shortly at https://github.com/e14n/pump.io/wiki/Meeting-2017-11-17.
[22:24:10] <pumabot> Also, special thanks to strugee for chairing!
[22:24:10] <pumabot> See you next month!
[22:24:10] <pumabot> #############################################################
[22:24:10] <pumabot> END LOG
[22:24:10] <pumabot> #############################################################