Differences between revisions 1 and 2
Revision 1 as of 2019-06-07 19:07:48
Size: 4474
Editor: SumanaHarihareswara
Comment: initial notes from meeting
Revision 2 as of 2019-06-07 19:11:43
Size: 4649
Editor: SumanaHarihareswara
Comment: formatting mostly
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
Attendees:
'''Attendees:'''
Line 9: Line 10:
Agenda: '''Agenda''':
Line 11: Line 12:
 1. making the most of William's limited time  1. '''making the most of William's limited time'''
Line 17: Line 18:
   3. Sumana trying to get volunteers to do stuff that ancillary    3. Sumana trying to get volunteers to do stuff that is more ancillary
Line 19: Line 20:
 1. availability, especially Nicole's schedule for the next few months (discussion redacted for privacy)
 1. first a11y and i18n steps		  1. '''availability''', especially Nicole's schedule for the next few months (discussion redacted for privacy)
 1. '''first a11y and i18n steps'''
Line 27: Line 28:
     5. TODO - Wiliam to confirm it's ok to switch tasks now      5. TODO - Wiliam to confirm with his internal PM that it's ok to switch tasks now and do the initial a11y audit right away
Line 34: Line 35:
     5. TODO: Sumana to start figuring out volunteer effort on this
 1. making the most of volunteer help (Duo, Mathias, TUF)		      5. TODO: Sumana to start planning coordinating volunteer effort on this
 1. '''making the most of volunteer help''' (Duo, Mathias, TUF crew at NYU)
Line 48: Line 49:
   3. TODO: Ernest or Dustin to talk with Filippo
   3. Ask them for opinions on threat model/needs discussion/how much security do we need here? GitHub issues		    3. TODO: Ernest or Dustin to talk with Filippo re Golang experience
   3. TODO: Sumana to ask them for opinions on threat model/needs discussion/how much security do we need here? GitHub issues
Line 51: Line 52:
Any other general updates? '''Any other general updates?'''
Line 56: Line 57:
 * How close are we to merging WebAuthn?  * How close are we to merging !WebAuthn?
Line 60: Line 61:
Unavailability between now & end of August:

[availability details redacted]		 Unavailability between now & end of August: [availability details redacted]

7 June 2019

Attendees:

  • William
  • Dustin
  • Nicole
  • Ernest
  • Sumana

Agenda:

  1. making the most of William's limited time

    1. [limited] remaining in Milestone 1 (API keys & audit log)

    2. getting reviews faster
      1. a thumbs-up from Dustin or Ernest is sufficient to approve. They are the accepting parties.

      2. during Eastern business hours, please "blow [Ernest] up" - if you're waiting for a review, ping but not via GitHub notifications. IRC or Slack.

    3. tight scope of work
      1. Sumana trying to get volunteers to do stuff that is more ancillary

      2. TODO: will schedule weekly 15 min triage, to ask "how urgent is this" & make delegating to volunteers easier

  2. availability, especially Nicole's schedule for the next few months (discussion redacted for privacy)

  3. first a11y and i18n steps

    1. Accessibility (estimate: 2 weeks for Trail of Bits; ? for Nicole):
      1. Nicole: who has volunteered to help?
        1. just Matthias.
      2. Can we get the audit now so we can parallelize/speed Nicole's work?
        1. There's a case for Nicole to get started. Works well for William.
        2. If we're talking about running an audit, need to do that across codebase, split up front/back. Nicole could set up time with the relevant person to .... who will it be? William?
          1. TODO - Wiliam to confirm with his internal PM that it's ok to switch tasks now and do the initial a11y audit right away

      3. some existing research on finding issues & adding a11y checks to CI: https://github.com/SolutionGuidance/psm/issues/415

    2. Localization/internationalisation (estimate: 3 weeks for Trail of Bits, ? for Nicole):
      1. changing hardcoded strings to localizable: bunch of tedious labelling work. Who can/wants to do it?
        1. Nicole could do some on templates while ToB does on views.... could split it up
        2. William has experience localizing C programs. Prework: ID and build tables of strings that need parameterizing. ID where they are. Makes job easier.

        3. Nicole: has experience with this on dayjob. We ID strings that need localizing & provide context. A small description of string that needs translating. Useful to ensure quality of translation. The verb "complete" - could be a status or action! In French, that's different verb vs adjective. "this is a COMPLETE BUTTON and when you press it, foo happens." In some translation software, you can add screenshots, which is also useful.

          1. TODO: Sumana to start planning coordinating volunteer effort on this

  4. making the most of volunteer help (Duo, Mathias, TUF crew at NYU)

    1. Duo & py_webauthn.

      1. Testing?
      2. Recovery code work!!!
      3. offer their eyes on the existing PR -- point out things they like/don't like about how William is using their library
      4. user testing, possible documentation....
        1. TODO: Nicole to reach out to some users to get direct UX feedback. Maybe they could help facilitate/participate

    2. Mattias [address] https://github.com/JazzBrotha is a front end developer working at axesslab.com <http://axesslab.com>. Axesslab pay their employees to work on any open source project for up to 10 hours per month, and Mattias is interested in using that time to help us! :D (as of a year ago.) Already did a light audit: https://wiki.python.org/psf/PackagingWG?action=AttachFile&do=get&target=May-2018-Warehouse-accessibility-audit-Mattias-JazzBrotha which Nicole turned into https://github.com/pypa/warehouse/labels/accessibility

      1. Ask for more auditing and recommendation work?
        1. TODO: Sumana to ask Mattias to become part of this miniteam! ask re availability! Help with PR review would be great!

    3. Trishank, Justin, Lukas Puehringer... (multi-factor auth & TUF)

      1. create architectural plan? prework for the upcoming Facebook-funded work????
        1. BUT some of this will come down to the results of the RFP process.
      2. TODO: Ernest or Dustin to talk with Filippo re Golang experience

      3. TODO: Sumana to ask them for opinions on threat model/needs discussion/how much security do we need here? GitHub issues

Any other general updates?

Unavailability between now & end of August: [availability details redacted]

PackagingWG/2019-06-07-Warehouse (last edited 2019-06-10 15:29:51 by SumanaHarihareswara)

Unable to view page? See the FrontPage for instructions.