7 June 2019




  1. making the most of William's limited time

    1. [limited] remaining in Milestone 1 (API keys & audit log)

    2. getting reviews faster
      1. a thumbs-up from Dustin or Ernest is sufficient to approve. They are the accepting parties.
      2. during Eastern business hours, please "blow [Ernest] up" - if you're waiting for a review, ping but not via GitHub notifications. IRC or Slack.

    3. tight scope of work
      1. Sumana trying to get volunteers to do stuff that is more ancillary
      2. TODO: Sumana will schedule weekly 15 min triage, to ask "how urgent is this" & make delegating to volunteers easier

  2. availability, especially Nicole's schedule for the next few months (discussion redacted for privacy)

  3. first a11y and i18n steps

    1. Accessibility (estimate: 2 weeks for Trail of Bits; ? for Nicole):
      1. Nicole: who has volunteered to help?
        1. just Matthias.
      2. Can we get the audit now so we can parallelize/speed Nicole's work?
        1. There's a case for Nicole to get started. Works well for William.
        2. If we're talking about running an audit, need to do that across codebase, split up front/back. Nicole could set up time with the relevant person to .... who will it be? William?
          1. TODO - William to confirm with his internal PM that it's ok to switch tasks now and do the initial a11y audit right away
      3. some existing research on finding issues & adding a11y checks to CI: https://github.com/SolutionGuidance/psm/issues/415

    2. Localization/internationalisation (estimate: 3 weeks for Trail of Bits, ? for Nicole):
      1. changing hardcoded strings to localizable: bunch of tedious labelling work. Who can/wants to do it?
        1. Nicole could do some on templates while ToB does on views.... could split it up
        2. William has experience localizing C programs. Prework: ID and build tables of strings that need parameterizing. ID where they are. Makes job easier.
        3. Nicole: has experience with this on dayjob. We ID strings that need localizing & provide context. A small description of string that needs translating. Useful to ensure quality of translation. The verb "complete" - could be a status or action! In French, that's different verb vs adjective. "this is a COMPLETE BUTTON and when you press it, foo happens." In some translation software, you can add screenshots, which is also useful.

          1. TODO: Sumana to start planning coordinating volunteer effort on this
  4. making the most of volunteer help (Duo, Mathias, TUF crew at NYU)

    1. Duo & py_webauthn.

      1. Testing?
      2. TODO: Sumana to ask them for recovery code work!!!
      3. TODO: Sumana to ask them to offer their eyes on the existing PR -- point out things they like/don't like about how William is using their library
      4. user testing, possible documentation....
        1. TODO: Nicole to reach out to some users to get direct UX feedback. Maybe they could help facilitate/participate
    2. Mattias [address] https://github.com/JazzBrotha is a front end developer working at axesslab.com <http://axesslab.com>. Axesslab pay their employees to work on any open source project for up to 10 hours per month, and Mattias is interested in using that time to help us! :D (as of a year ago.) Already did a light audit: https://wiki.python.org/psf/PackagingWG?action=AttachFile&do=get&target=May-2018-Warehouse-accessibility-audit-Mattias-JazzBrotha May2018WarehouseaccessibilityauditMattiasJazzBrotha.pdf which Nicole turned into https://github.com/pypa/warehouse/labels/accessibility

      1. Ask for more auditing and recommendation work?
        1. TODO: Sumana to ask Mattias to become part of this miniteam! ask re availability! Help with PR review would be great!
    3. Trishank, Justin, Lukas Puehringer... (multi-factor auth & TUF)

      1. create architectural plan? prework for the upcoming Facebook-funded work????
        1. BUT some of this will come down to the results of the RFP process.
      2. TODO: Ernest or Dustin to talk with Filippo re Golang experience
      3. TODO: Sumana to ask them for opinions on threat model/needs discussion/how much security do we need here? GitHub issues

Any other general updates?

Unavailability between now & end of August: [availability details redacted]

PackagingWG/2019-06-07-Warehouse (last edited 2019-06-10 15:29:51 by SumanaHarihareswara)

Unable to view page? See the FrontPage for instructions.