7 June 2019

'''Attendees:'''
	* William
	* Dustin
	* Nicole
	* Ernest
	* Sumana

'''TODOs''':
 *William to confirm with his internal PM that it's ok to switch tasks now and do the initial a11y audit right away
 *Nicole to reach out to some users to get direct UX feedback. Maybe Duo could help facilitate/participate
 *Ernest or Dustin to talk with Filippo re Golang experience
 *Sumana will schedule weekly 15 min triage, to ask "how urgent is this" & make delegating to volunteers easier
 *Sumana to start planning coordinating volunteer effort on the finding & labelling of currently-hardcoded strings
 *Sumana to ask Duo for recovery code work
 *Sumana to ask Duo to offer their eyes on the existing PR -- point out things they like/don't like about how William is using their library
 *Sumana to ask the NYU crew for opinions on threat model/needs discussion/how much security do we need here? GitHub issues
 *Sumana to ask Mattias to become part of this miniteam! ask re availability! Help with PR review would be great!
 *Sumana to start !WebAuthn rollout prep, "how to test this" documentation


'''Agenda''':

	1. '''making the most of William's limited time'''
		2. [limited] remaining in Milestone 1 (API keys & audit log)
		2. getting reviews faster
			3. a thumbs-up from Dustin or Ernest is sufficient to approve. They are the accepting parties.
			3. during Eastern business hours, please "blow [Ernest] up" - if you're waiting for a review, ping but not via GitHub notifications. IRC or Slack.
		2. tight scope of work
			3. Sumana trying to get volunteers to do stuff that is more ancillary
			3. TODO: Sumana will schedule weekly 15 min triage, to ask "how urgent is this" & make delegating to volunteers easier
	1. '''availability''', especially Nicole's schedule for the next few months (discussion redacted for privacy)
	1. '''first a11y and i18n steps'''
		2. Accessibility (estimate: 2 weeks for Trail of Bits; ? for Nicole):
			3. Nicole: who has volunteered to help?
				4. just Matthias.
			3. Can we get the audit now so we can parallelize/speed Nicole's work?
				4. There's a case for Nicole to get started.  Works well for William.
				4. If we're talking about running an audit, need to do that across codebase, split up front/back. Nicole could set up time with the relevant person to .... who will it be? William?
					5. TODO - William to confirm with his internal PM that it's ok to switch tasks now and do the initial a11y audit right away
			3. some existing research on finding issues & adding a11y checks to CI: https://github.com/SolutionGuidance/psm/issues/415
		2. Localization/internationalisation (estimate: 3 weeks for Trail of Bits, ? for Nicole):
			3. changing hardcoded strings to localizable: bunch of tedious labelling work. Who can/wants to do it?
				4. Nicole could do some on templates while ToB does on views.... could split it up
				4. William has experience localizing C programs. Prework: ID and build tables of strings that need parameterizing. ID where they are. Makes job easier.
				4. Nicole: has experience with this on dayjob. We ID strings that need localizing & provide context. A small description of string that needs translating. Useful to ensure quality of translation. The verb "complete" - could be a status or action! In French, that's different verb vs adjective. "this is a COMPLETE BUTTON and when you press it, foo happens." In some translation software, you can add screenshots, which is also useful.
					5. TODO: Sumana to start planning coordinating volunteer effort on this 
	1.  '''making the most of volunteer help''' (Duo, Mathias, TUF crew at NYU)
		2. Duo & py_webauthn.
			3. Testing?
			3. TODO: Sumana to ask them for recovery code work!!!
			3. TODO: Sumana to ask them to offer their eyes on the existing PR -- point out things they like/don't like about how William is using their library
			3. user testing, possible documentation....
				4. TODO: Nicole to reach out to some users to get direct UX feedback. Maybe they could help facilitate/participate
		2. Mattias [address] https://github.com/JazzBrotha is a front end developer working at axesslab.com  <http://axesslab.com>. Axesslab pay their employees to work on any  open source project for up to 10 hours per month, and Mattias is interested in using that time to help us! :D (as of a year ago.) Already did a light audit: https://wiki.python.org/psf/PackagingWG?action=AttachFile&do=get&target=May-2018-Warehouse-accessibility-audit-Mattias-JazzBrotha [[attachment:May2018WarehouseaccessibilityauditMattiasJazzBrotha.pdf]] which Nicole turned into https://github.com/pypa/warehouse/labels/accessibility
			3. Ask for more auditing and recommendation work?
				4. TODO: Sumana to ask Mattias to become part of this miniteam! ask re availability! Help with PR review would be great!
		2. Trishank, Justin, Lukas Puehringer... (multi-factor auth & TUF)
			3. create architectural plan? prework for the upcoming Facebook-funded work????
				4. BUT some of this will come down to the results of the RFP process.
			3. TODO: Ernest or Dustin to talk with Filippo re Golang experience
			3. TODO: Sumana to ask them for opinions on threat model/needs discussion/how much security do we need here? GitHub issues

'''Any other general updates?'''
	* Ernest: burn rate?
		* number of invoices Ernest's received .... needs updates
	* Sumana: adding issues to milestones https://github.com/pypa/warehouse/milestones?direction=asc&sort=count&state=open 
	* Everyone: invoices!
	* How close are we to merging !WebAuthn?
		* very close. Maybe next week?
		* TODO: Sumana to start rollout prep, "how to test this" documentation

Unavailability between now & end of August: [availability details redacted]