Timestamps are in GMT/BST.
[1:40] * kshepherd (~firstname.lastname@example.org) Quit (Ping timeout: 240 seconds)
[1:44] * kshepherd (~email@example.com) has joined #duraspace
[1:53] * kshepherd (~firstname.lastname@example.org) Quit (Ping timeout: 260 seconds)
[2:03] * kshepherd (~email@example.com) has joined #duraspace
[4:19] * kshepherd (~firstname.lastname@example.org) Quit (Ping timeout: 260 seconds)
[7:04] -wilhelm.freenode.net- *** Looking up your hostname...
[7:04] -wilhelm.freenode.net- *** Checking Ident
[7:04] -wilhelm.freenode.net- *** Found your hostname
[7:04] -wilhelm.freenode.net- *** No Ident response
[7:05] * DuraLogBot (~PircBot@webster.duraspace.org) has joined #duraspace
[7:05] * Topic is '[Welcome to DuraSpace - This channel is logged - http://irclogs.duraspace.org/]'
[7:05] * Set by cwilper!ad579d86@gateway/web/freenode/ip.184.108.40.206 on Fri Oct 22 01:19:41 UTC 2010
[13:24] * mhwood (email@example.com) has joined #duraspace
[14:35] * peterdietz (uid52203@gateway/web/irccloud.com/x-ghsigaixbchnxlbb) has joined #duraspace
[14:50] * dyelar (~firstname.lastname@example.org) has joined #duraspace
[15:52] * th5 (~th5@unaffiliated/th5) has joined #duraspace
[15:54] * terry-b (~email@example.com) has joined #duraspace
[17:35] * th5 (~th5@unaffiliated/th5) Quit (Ping timeout: 244 seconds)
[18:13] * th5 (~th5@unaffiliated/th5) has joined #duraspace
[18:13] * th5 (~th5@unaffiliated/th5) Quit (Client Quit)
[18:54] * hpottinger (~firstname.lastname@example.org) has joined #duraspace
[19:51] * kshepherd (~email@example.com) has joined #duraspace
[19:53] * KevinVdV (~KevinVdV@d54C5104D.access.telenet.be) has joined #duraspace
[20:00] <mhwood> It's 2000 UTC. Time for the weekly meeting.
[20:01] <peterdietz> Currently there is a DuraSpace summit in DC? I think they shut down the Metro just for this event, no?
[20:01] <mhwood> There's no formal agenda this week unless someone else did one.
[20:01] <mhwood> Ha, that must be the reason.
[20:03] <mhwood> So we have the usual issue before us: getting 6.0 out for testing.
[20:03] <peterdietz> I'm not sure if this is the proper venue, but, we will want to cobble up security announcements / disclosure protocols
[20:03] * kshepherd is here accidentally
[20:04] <peterdietz> kshepherd: here, as in cyberspace, or the duraspace summit?
[20:04] <hpottinger> that would be quite the accident
[20:04] * KevinVdV_ (~KevinVdV@220.127.116.11) has joined #duraspace
[20:04] <kshepherd> IRC
[20:04] * hpottinger points at duralogbot
[20:05] <kshepherd> forgot daylight savings meant i
[20:05] <kshepherd> i'd actually be at desk
[20:05] <kshepherd> (9am here)
[20:06] <peterdietz> I don't have any news on any fronts, DS6, or DSpace UI meetings, I've missed the last few of those
[20:06] * aschweer (~firstname.lastname@example.org) has joined #duraspace
[20:06] <aschweer> good morning folks
[20:06] <hpottinger> greetings!
[20:07] * KevinVdV (~KevinVdV@d54C5104D.access.telenet.be) Quit (Ping timeout: 240 seconds)
[20:07] * KevinVdV_ is now known as KevinVdV
[20:07] <kshepherd> mōrena
[20:09] <aschweer> yeah I should sort myself out with a te reo course sometime
[20:09] <aschweer> anyway
[20:09] <aschweer> the logs say there isn't a formal agenda today?
[20:09] <mhwood> I was lucky to get an announcement out in two tries. :-(
[20:10] <aschweer> I always get super confused when you guys have the DST change and it's all over all announcements -- we're not changing for another 10 days or so I think
[20:11] <mhwood> DST ends 03-Apr, says timeanddate.com
[20:11] <peterdietz> One idea we came up with today is that in response to the security announcement, not everyone was able to be notified, since they never signed up for the registry. Would some type of "phone home" built into DSpace that contacts a central registry be an idea worth pursuing.
[20:12] <aschweer> Might be worth first just adding a message somewhere about the registry, perhaps to the fresh_install output?
[20:12] <kshepherd> i was wondering about phone home... some people can be (rightly) wary of such things, though, so some really clear and limited scope for what it's actually used for would also be needed
[20:12] <mhwood> Perhaps, but I'd like to also see us just get the word out about the site registry, and be able to say "registered sites will be contacted in the event of an urgent security patch" or some such.
[20:12] <aschweer> Also, Claudia's comments about making the registry more user friendly wrt updates
[20:13] <aschweer> we could add a launcher command that registers the DSpace instance in some sort of private way?
[20:13] <hpottinger> we could also have a ML for security
[20:13] <aschweer> I've just gone and registered a couple of my newer instances, and the registratiom form feels pretty clunky, especially when it comes to picking what "customisations"/modules you have enabled
[20:14] <kshepherd> launcher command would be cool
[20:14] <aschweer> that list feels very old, plus I'm sure less technical people might feel intimidated
[20:14] <kshepherd> or even webui admin function
[20:14] <mhwood> We really need to be discussing this with Duraspace folk in the meeting.
[20:14] <aschweer> agreed re, launcher and/or webui, plus discuss with Duraspace
[20:14] <mhwood> I know that at least one registry entry is very outdated. :-(
[20:14] <aschweer> just generally raise awareness / lower the threshold for adding to the registry + updating
[20:14] <aschweer> right now, I can't even see for "my" entries who the contacts are
[20:15] <hpottinger> For Drupal, there's a security mailing list, and if you're not on it, and you're running Drupal, you're asking for trouble :-)
[20:15] <aschweer> hpottinger: that raises the same question though, doesn't it? How do people get on the list, how do they keep being reminded of its existence so they can change over who is subscribed when staffing changes
[20:15] <mhwood> But sites need to know what it's used for. A promise to contact you with information you need soonest would give people a reason to volunteer that information.
[20:15] <kshepherd> hpottinger: yeh on the other hand, if you're a bad guy not running drupal, you'll probably still be on the list
[20:16] <hpottinger> indeed
[20:16] <aschweer> kshepherd: but there isn't really anything stopping you from registering a fake, private DSpace instance on the registry, no?
[20:16] <mhwood> True.
[20:16] <hpottinger> perhaps we leverage our Jira user list?
[20:16] <kshepherd> that's true too, but there's no real incentive or obvious reason to do that at this stage
[20:17] <aschweer> kshepherd: fair enough (plus I guess it's more effort than to just subscribe to a nice obvious "security announcements" ist)
[20:17] <kshepherd> (since it's not called the 'security contact list' etc)
[20:17] <kshepherd> yeh
[20:18] <aschweer> if we're talking phone home, how about the other direction? Something that checks some sort of Duraspace status page and pops up on the admin screens when there is a newer version / security thing? (would have to be used very very carefully)
[20:18] <hpottinger> Oh, yeah, Wordpress does that naggy thing
[20:19] <aschweer> yeah I was wondering how other big open source projects do this, Wordpress did come to mind
[20:19] <mhwood> Nexus does that too.
[20:19] <aschweer> and nagios
[20:19] <kshepherd> drupal does it too
[20:19] <aschweer> so do Firefox and IntelliJ (they also auto-update, we won't be doing that anytime soon...)
[20:20] <hpottinger> Wordpress auto update is "fun"
[20:20] <aschweer> so maybe that's a pattern that people are used to, and feels less threatening than the phone home one? I mean to some extent making the request is still phoning home, but maybe it feels less invasive
[20:20] <mhwood> We may want to wait a little on rolling out technology to handle a largely human problem, until we have a process that we can point to and instructions on how to be included in early announcements.
[20:20] <aschweer> mhwood++
[20:21] <aschweer> in the meantime, I'm guessing an e-mail to dspace-general with information about adding to / updating the registry would be good (might want to coordinate with Duraspace so they have staff available to work through a potential deluge)
[20:21] <kshepherd> yep for sure. always good to discuss what other platforms do, which methods we like and why, etc., though
[20:22] <mhwood> But we need to know what we can promise.
[20:22] <hpottinger> a phone home is a phone home, even if the surface UI is comforting, we still have a new data source
[20:22] <mhwood> There's no formal process that I know of now.
[20:22] <mhwood> What I could say today is "join the registry, it's a really good idea, trust me, you might get something some day."
[20:23] <aschweer> hpottinger: but there is still a difference between, say, sending "IP address XYZ is set up with base URL ABC, has the following UI/modules enabled, this DSpace version, these e-mail addresses set up in dspace.cfg), and just sending a much more generic "tell me the latest DSpace version" request
[20:23] <hpottinger> and also "please verify your entry, it is probably out of date"
[20:25] <hpottinger> true, aschweer... we'd have to be sure what we're reporting back in our "phone home" is legal in all jurisdictions, too.
[20:25] <mhwood> There is an important point. The current model does allow the registrant to be selective in what is revealed.
[20:26] <mhwood> We need answers to a few questions: what is going to be done? who is going to do it? what information is needed to accomplish that? Then we know what should be in the registry.
[20:27] <aschweer> mhwood++
[20:27] <aschweer> always good to figure out the requirements first ;)
[20:27] <mhwood> And if there is a requirement for information that DSpace doesn't have, then registration can't be automatic.
[20:29] <aschweer> Yeah there is a difference between "we just want a way to contact all DSpace sites" vs "It would be great to have more information about the distribution of versions, UIs, uptake of modules, geo location of installations, UI languages, ..."
[20:30] <mhwood> Well. There is technical information, which could be gathered automatically. (If enabled.) And there is human information (in case of emergency, contact X) that requires human judgment and maintenance.
[20:31] <mhwood> Those probably represent two separate processes.
[20:32] <aschweer> agreed, which (like you said mhwood) is why it's so important to decide which problem/s we're trying to solve
[20:32] * KevinVdV (~KevinVdV@18.104.22.168) Quit (Quit: KevinVdV)
[20:33] <hpottinger> Hey, I hear there's a "summit" kind of thing going on right now
[20:33] <mhwood> That's why the people we need in this discussion couldn't be here.
[20:34] <hpottinger> but, the cool thing is, *they* are all in the same place
[20:34] <hpottinger> let's delegate
[20:34] <aschweer> sounds like a plan
[20:34] <kshepherd> also worth considering, and watching my words here.. perhaps we don't necessarily want the registry to *display* (but perhaps still ask for/capture) so much detail about instances in case it can actually be used as a shortcut/assist to malicious people looking to target a certain module/ui/version etc
[20:34] <aschweer> yeah
[20:35] <hpottinger> kshepherd++
[20:35] <mhwood> Same place = stuck waiting for a WMATA bus?
[20:35] <aschweer> perhaps even just a ticky box thing of "register me, but don't show me publicly"
[20:35] <mhwood> kshepherd++
[20:36] <mhwood> aschweer++
[20:37] <mhwood> I *think* that the registry already collects more than it shows.
[20:37] <kshepherd> mm probably true (i need to update!) - i think it also shows more than it needs to ;)
[20:38] <aschweer> mhwood: it certainly does (it collects contact details but doesn't show those, for example)
[20:40] <aschweer> most of the "maybe a bit much" fields are optional though, I think?
[20:42] <mhwood> I feel, at this point, that "here we are, a bunch of technical people talking about administrative issues that we can't decide." We should wrap this up soon and be ready to contribute technical ideas when there are some decisions, yes?
[20:42] <aschweer> mhwood++
[20:42] <hpottinger> mhwood++
[20:42] <mhwood> We have a number of good useful thoughts logged.
[20:42] <aschweer> anyone want to volunteer to ping the Duraspace folks about this? Or do we think it's on their radar already?
[20:43] <mhwood> I expect that Tim will read the log when he is able.
[20:43] * hpottinger waves to Future Tim.
[20:43] <mhwood> And I have no doubt that it's being discussed.
[20:44] <mhwood> I'm going to keep being a pest about designing a procedure and documenting things.
[20:47] <aschweer> mhwood++
[20:48] <mhwood> Sorry, I had a phone call that wouldn't wait.
[20:48] <mhwood> So, do we have any other topics that we need to discuss?
[20:49] <kshepherd> i have a random semi-off-topic question, if noone else has topics
[20:50] <mhwood> Let's hear it.
[20:51] <hpottinger> random++
[20:51] <kshepherd> who here uses Slack, and/or would be interested in trying out a dpace-committer Slack? it has all the chatiness of IRC, can make it invite only, but better for sharing links/images/etc, you can see the entire scrollback/log even if you were disconnected or only just joined the project, lots of integration to other thigns around the show, free...
[20:52] <mhwood> We use it here. I can't say I prefer it, but I'm usually in the minority on such things.
[20:53] <peterdietz> I use IRCCloud, to keep my irc connected. I just jumped on a bus, to commute home, and have wifi on laptop
[20:53] <peterdietz> But yes, Slack is pretty good. I'm in 4 groups currently...
[20:53] <kshepherd> i was just wondering about it, particularly in the context of things that need a bit of a 'private team' approach, as opposed to just emails or invite only IRC etc
[20:53] <peterdietz> Its a huge improvement over irc.
[20:53] <hpottinger> we used to use Slack here, we moved to HipChat because it gave us more options for integrations
[20:53] <aschweer> I'd be happy to try Slack
[20:54] <mhwood> If we're going to do this, I'll be in.
[20:54] <kshepherd> maybe i'll send an email in a few days to get more opinions and if enough are keen we could try something out?
[20:54] <peterdietz> We dumped hipchat, they've had some pretty crazy stability issues, we got down to the last straw, then the last straw came and went
[20:55] <hpottinger> we're not very serious users, we mostly all lurk and let the robots talk to us (integrations)
[20:55] <mhwood> BTW I tried the Slack/IRC bridge thingy for a few days, but it created way too many tabs on Pidgin and I switched to the standalone client.
[20:56] <kshepherd> main integration i use is slack/trello
[20:56] <hpottinger> the main one I use is TravisCI
[20:56] <hpottinger> and a home-grown one that pipes cron job output to a room
[20:56] <mhwood> Ah, yes, I got all set up with Trello, and every once in a while I think, "I ought to go update that...."
[20:56] <hpottinger> so people will stop asking me "did the cron job run last night"
[20:56] <terry-b> I am eager to try out slack, and I think I would appreciate a more robust client than what I am using for IRC
[20:58] <peterdietz> I used IRCCloud, some cloud service that let me not lose the thread, I actually just left the office, and just caught wifi on the bus
[20:59] * aschweer needs to run off - bye all
[21:00] * aschweer (~email@example.com) Quit (Quit: leaving)
[21:00] <hpottinger> our hour is up?
[21:00] <mhwood> Yes. If there is no other business, shall we declare the formal meeting over? I've got to run, either way.
[21:04] <mhwood> Thanks, everyone! I need to leave.
[21:04] * mhwood (firstname.lastname@example.org) has left #duraspace
[21:54] * hpottinger (~email@example.com) Quit (Quit: Leaving, later taterz!)
[22:02] * kshepherd (~firstname.lastname@example.org) Quit (Ping timeout: 248 seconds)
[22:58] * kshepherd (~email@example.com) has joined #duraspace
[23:34] * kshepherd (~firstname.lastname@example.org) Quit (Ping timeout: 240 seconds)
[23:42] * peterdietz (uid52203@gateway/web/irccloud.com/x-ghsigaixbchnxlbb) Quit (Quit: Connection closed for inactivity)
These logs were automatically created by DuraLogBot on irc.freenode.net using the Java IRC LogBot.