2021-06-16 conda-forge core meeting

Zoom link What time is the meeting in my time zone last weeks meeting

Attendees

• Jannis Leidel (Anaconda/Conda)
• Matt B

Agenda

Standing items

• intros for new folks on the call

  • MattiP from PyPy

• (CJ) budget

  • current approvals?
  • Whenever updated numbers land, please screenshare and show the budget.
    • Link is in Keybase (numfocus_spreadsheets.txt)

• open votes

From previous meeting(s)

• (JK) OSU OpenPOWER Survey
  • have until july 31
  • should bump this item to next meeting as a reminder

Your new() agenda items

• (MRB) legal meeting todos

  • file-type scanning
    • use the linux file command
    • add an ok list?
  • todos
    • do this on quetz and discuss next time
  • increased automation
    • staged recipes prob not
    • new maintainers maybe?
      • add a new add maintainer command to make a PR with CI skip
    • better python version testing

• (CHL) response to CVE-2021-29921 (leading zeros being parsed as octal)

  • Anaconda received request to patch Python 3.8 for this CVE: https://github.com/ContinuumIO/anaconda-issues/issues/12459
  • Rated critical by NVD; CPython decided not to patch due to breaking documented API (leading zeros are expected)
  • Ubuntu patched: https://changelogs.ubuntu.com/changelogs/pool/main/p/python3.8/python3.8_3.8.6-1ubuntu0.3/changelog
    • open ticket about docs being wrong: https://bugs.launchpad.net/ubuntu/+source/python3.8/+bug/1931296
  • RedHat noted issue, not taken action: https://bugzilla.redhat.com/show_bug.cgi?id=1957458
  • Consensus is to respect upstream decision to not patch
  • todos
    • matt B to send python 3.9.5 PR and try and fix jinja2
    • Anaconda to reach out to CPython devs to ask if they'll reconsider patching 3.8

• (MattiP) PyPy now has a win64 3.7 version, can we roll out feedstocks?

  • wait for https://github.com/regro/cf-scripts/pull/1405
  • send a PR to https://github.com/conda-forge/pypy-meta-feedstock
  • send a PR to conda-forge-pinning.

• (jaimergp) Introduce new role at Quansight and community involvement

• (MRB) gpu stuff w/ quantsight updates?

• (MRB) any CDN outage todo items for conda-forge?

  • TODO: Cheng to set up @anaconda-infrastructure handle (or similar) to bump the right people/teams in Anaconda

Pushed to next meeting

Active votes

Subteam updates

Bot

ARM

POWER

CUDA

Docs

staged-recipes

website

security+systems

CI infrastructure

Compiler upgrade

CFEP updates

Open PRs

• cfep-04 X11 and CDT policy

  • INACTIVE - Merge in with some inactive-esque status?
  • Needs new champion. Thanks for your work on this pkgw! Has unaddressed comments from pkgw as from Jan 10, 2020 Solved: Let's defer and keep the "mixed model" we have now.

• cfep-06 Staged-recipes review lifecycle

  • INACTIVE - Merge in with some inactive-esque status?
  • Lingering comment from @saraedum. @jakirkham, can you reply? Has unadressed comment from @saraedum from Jan 8, 2020
  • (MRB) The stalebot has solved the worst of the issues here. I think we could defer this one permanently. Solved: defer in favor of the stale bot for now.

• cfep-15 Feedstock statuses, unmaintained

  • INACTIVE - Merge in with some inactive-esque status?
  • Needs another review. Has unaddressed updates from pkgw as of Jan 11, 2020 Pending: re-pinged pkgw for a second review.

• cfep-12 Removing packages that violate the terms of the source package

  • Stalled since May 26, 2020
  • Active debate about moving to "broken" vs deleting from conda-forge channel
  • Active vote, ends on 2020-03-11
  • What were the results of the vote?
  • Did we hear back from NumFOCUS? they did the legal seminar which is recorded

• cfep-17 Handling pin backports and dependency rebuilds

  • Stalled debate about implementation details between Isuru, CJ and Matt
  • UPDATE 2020-07-22: We in principle have agreement to render the extra pinnings needed directly in the feedstock on a temporary basis (i.e., until the migration has ended).

• cfep-19 Pinning epochs

  • Stalled since July

• cfep-20 Package split

  • No updates for ~1 month

Discussion

Check in on previous action items

Copy previous action items from last meeting agenda.

This meeting

Last meeting

2 meetings ago

Move to Issue Tracker

2020-11-18

• (IF/MRB/MV) intel oneAPI
  • todo
    • (Nikolay) licensing for opencl_rt
    • (Nikolay) intelmpi ABI compat w/ mpich
    • (MRB/IF) figure out how exactly to package C/C++ compilers
    • (MRB/IF) think about fortran ABI
    • (MRB) make conda-forge compilers room (add people including keith)
• (MB) asking core members to move to "emeritus" status
  • TODO: Eric to set up quarterly check-in for all core members to see if they're interested in remaining "active" or if they want to move to emeritus
    • Remove emeritus folks from having access to various credentials (api tokens, twitter password, etc.)? This would require a change to the governance doc.

2020-11-11

• TODO: Think about bringing in JOSS to provide context around how we might best write papers

2020-11-03

• TODO: Check on Forrest Watters permissions for core
• (FF) Outreachy would cost 6500 USD.
  • Next steps: write abstract and vote on spending of funds.

2020-10-28 2020-10-21

• (Marius?) Python 2.7 migration
  • ( ) [ ] make a hint
  • ( ) [ ] make an announcement
  • ( ) [ ] make the hint a lint

2020-10-07

• Make sure to add the NVBug info to the cudatoolkit package that conda-forge makes (if we make one)

2020-09-09

• (ED) Update governance docs with similar voting model as what got put into conda-tools (+3 with no -1 is a pass)
• (SC) Write jinja template to turn institutional partners yaml into a website https://github.com/conda-forge/conda-forge.github.io/blob/2a2d3caaf7d74eb370ac40c679ba337a73d15c8a/src/inst_partners.yaml
• (SC) Document what needs to be done to create an OVH account and get access

2020-08-26 Docker hub

• (JK) Check in on Azure build workers to see if they have the docker hub limitation.
• (JK) work with dockerhub to see if we can get OSS status
  • Check in again at some point. We haven't heard back as of 2020-09-23

OVH

• Shout-out on twitter at some point. "Thanks forOVHCloud for providing a VM", etc. (maybe after we ship qt on windows with it?)

• Figure out how to communicate breaking changes to users. Likely should open up an issue immediately for futher discussion. Ping @kkraus, plus capture notes from further up in these meeting notes

• John K. will update the cuda toolkit feedstock on the git repo to note the NVBug link to the internal NVIDIA issue tracker

• Jonathan will update docs to note that some non-exhaustive list of packages (like cuda-toolkit, MKL, etc.)

• Jonathan will review this PR

• (Kale) schedule conda working group

• cfep-10 next steps: CJ to call a vote for feedback

• cfep-06 next steps: Ask staged recipes team to champion this CFEP and move it forward

• jakirkham & CJ-wright to sync on adding CUDA to the migration bot

• (Eric) Scheduling Anaconda <-> conda-forge sync on anaconda.org requirements gathering

  • Will try and get this scheduled in the next month.

• (Anthony) Reach out to NumFocus to figure out legal ramifications of not including licenses in files.

• (Eric) check internally for funding levels for hotels & flying folks from the community in?

• (Eric) Figure out finances of conda-forge to support themselves?

• (jjhelmus) Open up CFEP for which python's we're going to support

• (jakirkham) write a blog post on CUDA stuff we discussed today

• (jakirkham) update docs on how to add CUDA support to feedstocks

• (jakirkham) will open an issue on conda-smithy to investigate Drone issues. (ping the aarch team)

  • https://github.com/conda-forge/conda-forge.github.io/issues/954

• (ED) Who we are page? Some combination of a FAQ and a who is everyone. FAQ things like:

  • who's the POC for CF <> Anaconda, CF <> NumFocus, CF <> Azure
  • who's the POC for the various subteams?
  • Informal information: roles, day jobs, bios, the whole nine yards, why you're here, etc.
  • Public or internal? I don't really care either way. Anyone feel strongly one way or the other?
  • opt-in to public bios
  • software carpentry has a large number of instructors and has https://carpentries.org/instructors
  • some concern about "yet another place to keep stuff up to date"

• (ED) document strategies for reproducible environments using conda-forge

• (UK) Static libraries stuff

  • Add linting hints to builds to find them
  • Recommend how to package them -> CFEP-18
  • We should write docs saying we don't provide support and this is a bad idea. -> CFEP-18