[board] minutes

Chuck Hagenbuch chuck at horde.org
Tue Jul 1 19:36:50 UTC 2008


Attached are minutes from today's somewhat hasty meeting.

-chuck
-------------- next part --------------
[11:08]
cjh hi folks
[11:08]
selsky hey chuck
[11:09]
cjh Okay, agenda - who's got something?
[11:10]
yunosh the RCs?
[11:11]
cjh k. anything else?
[11:13]
selsky performance improvments in imp?  will be do a new release soon?
[11:13]
mrubinsk that's all I'm coming up with as well...maybe some kind of timeline for the other 1.0s?
[11:15]
cjh and perhaps SCM and any momentum on website work
[11:15]
cjh 1. RCs
[11:15]
cjh 2. new 3.2.x releases
[11:15]
cjh 3. upcoming 1.0 releases
[11:15]
cjh 4. SCM
[11:16]
cjh 5. please think about the website (won't someone think of the website?)
[11:16]
cjh Jan - #1 is all yours
[11:16]
yunosh k
[11:17]
yunosh so, we have released the first RCs for both Whups, the ticket-tracker and Hermes the time-tracker
[11:17]
yunosh i figured they are stable enough and have seen a lot of love recently
[11:17]
yunosh so that they are in pretty good shape for releases
[11:17]
yunosh no huge feedback yet, two nitty bugs, so at least people are playing with it
[11:18]
yunosh anything else?
[11:20]
cjh hearing nothing further...
[11:20]
mrubinsk yunosh: Do the RCs work with 3.2.0 or do they require fixes in the 3.2.x releases?
[11:21]
yunosh 3.2, though some stuff has been fixed/changed in horde 3.2 since the .0 release to better suppport them
[11:22]
mrubinsk k
[11:22]
mrubinsk ...and that's a nice intro into point #2... 
[11:23]
cjh Excellent. #2
[11:23]
cjh we've already had updated Horde and Turba releases because of some small XSS issues.
[11:23]
cjh I think IMP and DIMP are both due for x.1 releases since they've had some good fixes and performance improvements
[11:24]
yunosh oh yeah
[11:24]
cjh and all of the groupware apps have had removeUserData cleanups lately
[11:24]
cjh do we want to do betas for the IMP/DIMP releases?
[11:24]
yunosh RCs probably, but yes
[11:24]
liamr did you guys ever see the CSRF vulnerability we reported for IMP?
[11:24]
mrubinsk yes, I would agree
[11:25]
yunosh liamr: i've seen one that was moot
[11:25]
yunosh which do you refer to?
[11:25]
cjh liamr: where was it reported?
[11:25]
liamr security at horde.org, i think
[11:25]
liamr imp's composition screen didn't have the token checking that was implimented elsewhere
[11:25]
liamr we were able to exercise it locally
[11:26]
yunosh huh?
[11:26]
yunosh you mean vendor@?
[11:27]
liamr nah, security at horde.org.  i'm not sure where my coworker got the address, but that's where it was sent.
[11:27]
liamr i've got it up in my mailbox, i can bounce it to a more appropriate address
[11:27]
yunosh so it was reported from you?
[11:27]
liamr from umich, but not from me
[11:27]
yunosh ah, i already wondered how you could see messages to security@ 
[11:28]
liamr i was cc'd on it
[11:28]
yunosh security@ is fine, but i don't remember seeing it
[11:28]
liamr i'll resend it
[11:28]
cjh neither do I...
[11:28]
liamr sent
[11:28]
mrubinsk same here...
[11:30]
liamr anyhoo - not do derail things.  if it doesn't come through this time, let me know, and i'll send it to a different address
[11:32]
cjh I still haven't seen it, including in my spam folder
[11:34]
liamr 5/28 from kris steinhof
[11:34]
liamr i'll forward it, instead of bouncing it
[11:35]
liamr sent to chuck
[11:36]
cjh got it
[11:36]
cjh k, we'll look at that for release
[11:36]
cjh what else?
[11:36]
cjh (i forwarded the message intact to vendor@)
[11:40]
cjh so, we should probably work on x.next releases of everything already released, pretty much
[11:40]
cjh the groupware release confused people last time because it didn't include things that were fixed in IMP cvs
[11:43]
mrubinsk so *.x releases, then a groupware release?
[11:44]
yunosh yes
[11:44]
yunosh i also need to finish the upgrade scripts for groupware first
[11:44]
mrubinsk ah...right.
[11:45]
cjh Okay. Aside from Hermes and Whups, we want to do upcoming 1.0 releases for:
[11:45]
cjh ansel
[11:45]
cjh trean
[11:45]
cjh wicked
[11:45]
cjh and updated releases for:
[11:45]
cjh chora
[11:45]
cjh gollem
[11:45]
cjh Trean needs shares work before its 1.0
[11:46]
cjh otherwise, i think those are basically on track
[11:46]
cjh anyone have anything to add there?
[11:46]
mrubinsk Regarding Trean
[11:46]
yunosh i haven't reviewed the open bugs for those yet
[11:46]
mrubinsk while we are talking about it, we need to make a decision if we wan't to keep it hierarchical or flat...
[11:46]
mrubinsk but we can discuss that on list, irc etc...
[11:47]
yunosh yeah
[11:47]
mrubinsk My other question is, are we planning on getting these out at the same time, like we have been doing with the other apps?
[11:48]
yunosh we could try to, but not necessarily
[11:48]
cjh I don't think we should work extra hard at it
[11:48]
yunosh exactly
[11:48]
cjh whatever makes this all happen, in my opinion
[11:48]
mrubinsk great. That was my hope 
[11:48]
yunosh btw, the sork apps should be released too
[11:48]
mrubinsk otherwise Trean would probably hold things up.
[11:49]
cjh k. will someone add sork to the ReleaseManagement page?
[11:49]
mrubinsk sure
[11:52]
cjh My hope/plan is still to start serious Horde 4 work (in the core, as opposed to the libraries I've been working on) once these releases are done
[11:52]
cjh but, for simplicity's sake, to hold off with major backwards-incompatible changes until then
[11:52]
cjh So, that's a big motivation for me to get this stuff out
[11:52]
cjh mrubinsk: thanks
[11:52]
mrubinsk np
[11:53]
cjh okay, there'll be time for freeform later, but moving along since we're dragging a bit
[11:53]
cjh #4 SCM
[11:53]
cjh I've started using git for my personal repositories. I'm liking it a lot.
[11:53]
mrubinsk I started playing with Hg myself and I'm pretty excited about moving to a distributed system.
[11:53]
cjh I'm not entirely clear how we'd want to organize our code, since we'd have to have either one huge repo (probably not good) or be unable to commit across multiple apps
[11:54]
cjh One possibility is to do some application consolidation or grouping - put the groupware apps into one repository, email into another, etc.
[11:54]
cjh that would cut down on the number of cross-repo commits necessary.
[11:54]
cjh but, this is probably not at the point of a decision, so unless anyone else has experience to report, let's move on
[11:55]
mrubinsk How would that effect releases/branching etc..?
[11:55]
cjh as long as we were consistent with our names, it wouldn't
[11:55]
cjh and we'd still have separate dirs in the repo for those apps - just splitting up into a few repositories, instead of one per app or one for everything
[11:55]
mrubinsk k. makes sense
[11:56]
selsky why can't we have 1 huge repo?
[11:57]
yunosh yeah, i really don't want to lose either the modularity (through grouping) nor the ability to commit across modules (through separate repos)
[11:58]
cjh well, we can try it
[11:59]
cjh i figured people would be unhappy with the size of a single repository
[11:59]
cjh but it's probably simplest
[11:59]
yunosh can't you checkout subdirectories? i.e. is that the problem, that you have to checkout everything?
[12:01]
cjh it looks like git has some potential submodule options
[12:01]
cjh I don't believe hg currently does
[12:01]
mrubinsk that was my impression.
[12:03]
mrubinsk website?
[12:04]
liamr http://www.selenic.com/mercurial/wiki/   , i believe
[12:04]
selsky do we have gitweb running anywhere?
[12:04]
cjh I just want to say that I'm firmly in favor of switching to something distributed at this point. hg made a better initial impression on me, but I've figured out most of my git problems.
[12:05]
mrubinsk thanks, liamr, I was actually asking about moving to the agenda item 
[12:05]
liamr d'oh
[12:05]
cjh Having the branching, tracking, and offline aspects is worth it to me over CVS
[12:05]
cjh I know change is hard, but, I'd really like to see us do this.
[12:05]
mrubinsk I agree...
[12:05]
cjh okay. #6
[12:05]
cjh website - please look at the projects page. no one has to wait on me to help work on the new organization or a design or anything.
[12:05]
cjh that is all.
[12:06]
cjh comments/questions/discussion about any of this or about anything else?
[12:10]
mrubinsk not from I
[12:14]
cjh Okay, thanks folks.
[12:14]
cjh Sorry for the disjointed meeting today


More information about the board mailing list