Automatic Updates Initiative meeting on Oct 3, 2023

Created on 20 December 2023, about 1 year ago
Updated 4 January 2024, 12 months ago

This meeting:
➤ Is for core developers, initiative contributors, the Drupal Association and anyone interested in the initiative.
➤ Usually happens every other Tuesday at 1700 UTC.
➤ Is done over chat.
➤ Happens in threads, which you can follow to be notified of new replies even if you don’t comment in the thread. You may also join the meeting later and participate asynchronously!
➤ Has a public agenda anyone can add to
➤ *Transcript will be exported and posted* to the agenda issue. For anonymous comments, start with a :bust_in_silhouette: emoji. To take a comment or thread off the record, start with a :no_entry_sign: emoji.

Transcript

0️⃣ Who is here today? Comment in the thread below to introduce yourself and tell us why you are joining us.

1️⃣ Do you have any topics to propose for the meeting today? Feel free to propose them in this thread, and then I will give them their own unique threads for discussion. Conversation moving slow? Go ahead and open your own thread in the next numeric order.

2️⃣ From @xjm: What is the status of the remaining client-side blockers? I know the composer-stager governance issue has been RTBC and awaiting signoff a long time. What about the status of PHP-TUF, the integration, and the core modules and changes? What are the major blockers (and if the info's available, their sprint point sizing and approximate % done, and your best guess how many more sprints they'll take)?

3️⃣ There's been some recent discussion on 🌱 [policy, no patch] Make PHP's OpenSSL extension a requirement for installing and using Package Manager (and therefore, Automatic Updates and Project Browser) Fixed (thanks, @catch, @Warped, @longwave, @xjm, @dts, @drumm). When I get a chance (hopefully today or tomorrow), I'll respond to some of the points that were brought up there.

4️⃣ rugged - We have a new blocking issue https://gitlab.com/rugged/rugged/-/issues/147, the rugged issue queue could use some triage to make sure we’ve clearly identified the known blockers

5️⃣ Server-side for contrib - re-inited the proof-of-concept TUF repository to work around the rugged issue above ^. We’re rebuilding this to fix some shortcuts taken in rushing through the proof-of-concept. The next step is https://gitlab.com/drupal-infrastructure/package-signing/drupal-rugged/-..., I think we may be toward the “end” for this on staging, but I’m sure we’ll discover more

6️⃣ Server-side for core - no progress to report, once the contrib instance is set up, we’ll set up another rugged stack and begin work

7️⃣ Security review - I am not personally aware of any progress

8️⃣ Core reviews of the module - @tedbow, @phenaproxima, and I will work on updating relevant issue summaries  to help facilitate this. Depending on reviewer preference, code review can be done by either reviewing the core MR or the code in the contrib module: they're 99% the same, and the core MR is automatically generated from the contrib module. However, testing is easier done with the contrib module, since otherwise it's a chicken and egg problem of applying a core MR to have a core codebase that has AU in it but then using it to update to a version of core that doesn't yet have AU in it. Separately, per 6️⃣ above, TUF integration can be tested for updating a contrib module, but TUF integration can't be tested yet for updating core, since the Rugged instance for signing core hasn't been built yet. (edited) 

Participants:

xjm, tedbow, effulgentsia, phenaproxima, drumm

📌 Task
Status

Fixed

Version

2.0

Component

Meetings

Created by

🇺🇸United States hestenet Portland, OR 🇺🇸

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024