# 2021-06-16 conda-forge core meeting ###### tags: `meeting-notes` **** [Zoom link](https://flatiron.zoom.us/j/93242638216?pwd=bjRCWmVJRW1oTGJhN09VUmxtTTJOUT09) [What time is the meeting in my time zone](https://arewemeetingyet.com/UTC/2020-08-26/17:00/w/Conda-forge%20dev%20meeting#eyJ1cmwiOiJodHRwczovL2hhY2ttZC5pby9wUk15dFVKV1FmU3NJM2xvMGlqQzJRP2VkaXQifQ==) [last weeks meeting](https://hackmd.io/r5eeo5cGQ7iHG1IgpB6axQ) ## Attendees * Jannis Leidel (Anaconda/Conda) * Matt B ## Agenda ### Standing items * [x] intros for new folks on the call * MattiP from PyPy * [x] (CJ) budget * current approvals? * Whenever updated numbers land, please screenshare and show the budget. * Link is in Keybase (numfocus_spreadsheets.txt) * [x] open votes #### From previous meeting(s) - [ ] (JK) OSU OpenPOWER Survey - have until july 31 - should bump this item to next meeting as a reminder ### Your __new__() agenda items - [x] (MRB) legal meeting todos - file-type scanning - use the linux file command - add an ok list? - todos - [ ] do this on quetz and discuss next time - increased automation - staged recipes prob not - new maintainers maybe? - [x] add a new add maintainer command to make a PR with CI skip - better python version testing for automerge - [x] (CHL) response to CVE-2021-29921 (leading zeros being parsed as octal) - Anaconda received request to patch Python 3.8 for this CVE: https://github.com/ContinuumIO/anaconda-issues/issues/12459 - Rated critical by NVD; CPython decided not to patch due to breaking documented API (leading zeros are expected) - Ubuntu patched: https://changelogs.ubuntu.com/changelogs/pool/main/p/python3.8/python3.8_3.8.6-1ubuntu0.3/changelog - open ticket about docs being wrong: https://bugs.launchpad.net/ubuntu/+source/python3.8/+bug/1931296 - RedHat noted issue, not taken action: https://bugzilla.redhat.com/show_bug.cgi?id=1957458 - Consensus is to respect upstream decision to _not_ patch - todos - [x] matt B to send python 3.9.5 PR and try and fix jinja2 - [ ] Anaconda to reach out to CPython devs to ask if they'll reconsider patching 3.8 - [x] (MattiP) PyPy now has a win64 3.7 version, can we roll out feedstocks? - [ ] wait for https://github.com/regro/cf-scripts/pull/1405 - [ ] send a PR to https://github.com/conda-forge/pypy-meta-feedstock - [ ] send a PR to conda-forge-pinning. - [x] (jaimergp) Introduce new role at Quansight and community involvement - [x] (MRB) gpu stuff w/ quantsight updates? - [x] (MRB) any CDN outage todo items for conda-forge? - [ ] TODO: Cheng to set up @anaconda-infrastructure handle (or similar) to bump the right people/teams in Anaconda ### Pushed to next meeting ### Active votes ### Subteam updates #### Bot #### ARM #### POWER #### CUDA #### Docs #### staged-recipes #### website #### security+systems ### CI infrastructure #### Compiler upgrade ### CFEP updates #### Open PRs * [cfep-04](https://github.com/conda-forge/conda-forge-enhancement-proposals/pull/7) X11 and CDT policy * INACTIVE - Merge in with some inactive-esque status? * Needs new champion. Thanks for your work on this pkgw! Has unaddressed comments from pkgw as from Jan 10, 2020 Solved: Let's defer and keep the "mixed model" we have now. * [cfep-06](https://github.com/conda-forge/conda-forge-enhancement-proposals/pull/9) Staged-recipes review lifecycle * INACTIVE - Merge in with some inactive-esque status? * Lingering comment from @saraedum. @jakirkham, can you reply? Has unadressed comment from @saraedum from Jan 8, 2020 * (MRB) The stalebot has solved the worst of the issues here. I think we could defer this one permanently. Solved: defer in favor of the stale bot for now. * [cfep-15](https://github.com/conda-forge/conda-forge-enhancement-proposals/pull/15) Feedstock statuses, unmaintained * INACTIVE - Merge in with some inactive-esque status? * Needs another review. Has unaddressed updates from pkgw as of Jan 11, 2020 Pending: re-pinged pkgw for a second review. * [cfep-12](https://github.com/conda-forge/cfep/pull/23) Removing packages that violate the terms of the source package * Stalled since May 26, 2020 * Active debate about moving to "broken" vs deleting from conda-forge channel * Active vote, ends on 2020-03-11 * What were the results of the vote? * Did we hear back from NumFOCUS? they did the legal seminar which is recorded * [cfep-17](https://github.com/conda-forge/cfep/pull/32) Handling pin backports and dependency rebuilds * Stalled debate about implementation details between Isuru, CJ and Matt * **UPDATE 2020-07-22**: We in principle have agreement to render the extra pinnings needed directly in the feedstock on a temporary basis (i.e., until the migration has ended). * [cfep-19](https://github.com/conda-forge/cfep/pull/35) Pinning epochs * Stalled since July * [cfep-20](https://github.com/conda-forge/cfep/pull/39) Package split * No updates for ~1 month ## Discussion ## Check in on previous action items Copy previous action items from last meeting agenda. ### This meeting ### Last meeting ### 2 meetings ago ### Move to Issue Tracker 2020-11-18 * [ ] (IF/MRB/MV) intel oneAPI * todo * [ ] (Nikolay) licensing for opencl_rt * [ ] (Nikolay) intelmpi ABI compat w/ mpich * [ ] (MRB/IF) figure out how exactly to package C/C++ compilers * [ ] (MRB/IF) think about fortran ABI * [x] (MRB) make conda-forge compilers room (add people including keith) * [ ] (MB) asking core members to move to "emeritus" status * [ ] TODO: Eric to set up quarterly check-in for all core members to see if they're interested in remaining "active" or if they want to move to emeritus * Remove emeritus folks from having access to various credentials (api tokens, twitter password, etc.)? This would require a change to the governance doc. 2020-11-11 * TODO: Think about bringing in JOSS to provide context around how we might best write papers 2020-11-03 * TODO: Check on Forrest Watters permissions for core * [x] (FF) Outreachy would cost 6500 USD. * Next steps: write abstract and vote on spending of funds. 2020-10-28 2020-10-21 * [ ] (Marius?) Python 2.7 migration * ( ) [ ] make a hint * ( ) [ ] make an announcement * ( ) [ ] make the hint a lint 2020-10-07 * [ ] Make sure to add the NVBug info to the cudatoolkit package that conda-forge makes (if we make one) 2020-09-09 * [ ] (ED) Update governance docs with similar voting model as what got put into conda-tools (+3 with no -1 is a pass) * [ ] (SC) Write jinja template to turn institutional partners yaml into a website https://github.com/conda-forge/conda-forge.github.io/blob/master/src/inst_partners.yaml * [ ] (SC) Document what needs to be done to create an OVH account and get access 2020-08-26 **Docker hub** * [ ] (JK) Check in on Azure build workers to see if they have the docker hub limitation. * [ ] (JK) work with dockerhub to see if we can get OSS status * [ ] Check in again at some point. We haven't heard back as of 2020-09-23 **OVH** * [ ] Shout-out on twitter at some point. "Thanks forOVHCloud for providing a VM", etc. (maybe after we ship qt on windows with it?) * [ ] Figure out how to communicate breaking changes to users. Likely should open up an issue immediately for futher discussion. Ping @kkraus, plus capture notes from further up in these meeting notes * [ ] John K. will update the cuda toolkit feedstock on the git repo to note the NVBug link to the internal NVIDIA issue tracker * [ ] Jonathan will update docs to note that some non-exhaustive list of packages (like cuda-toolkit, MKL, etc.) * [ ] Jonathan will review this [PR](https://github.com/AnacondaRecipes/cudatoolkit-feedstock/pull/7) * [ ] (Kale) schedule conda working group * [ ] cfep-10 next steps: CJ to call a vote for feedback * [ ] cfep-06 next steps: Ask staged recipes team to champion this CFEP and move it forward * [ ] jakirkham & CJ-wright to sync on adding CUDA to the migration bot * [ ] (Eric) Scheduling Anaconda <-> conda-forge sync on anaconda.org requirements gathering * Will try and get this scheduled in the next month. * [ ] (Anthony) Reach out to NumFocus to figure out legal ramifications of not including licenses in files. * [ ] (Eric) check internally for funding levels for hotels & flying folks from the community in? * [ ] (Eric) Figure out finances of conda-forge to support themselves? * [ ] (jjhelmus) Open up CFEP for which python's we're going to support * [ ] (jakirkham) write a blog post on CUDA stuff we discussed today * [ ] (jakirkham) update docs on how to add CUDA support to feedstocks * [ ] (jakirkham) will open an issue on conda-smithy to investigate Drone issues. (ping the aarch team) * https://github.com/conda-forge/conda-forge.github.io/issues/954 * [ ] (ED) Who we are page? Some combination of a FAQ and a who is everyone. FAQ things like: * who's the POC for CF <> Anaconda, CF <> NumFocus, CF <> Azure * who's the POC for the various subteams? * Informal information: roles, day jobs, bios, the whole nine yards, why you're here, etc. * Public or internal? I don't really care either way. Anyone feel strongly one way or the other? * opt-in to public bios * software carpentry has a large number of instructors and has https://carpentries.org/instructors * some concern about "yet another place to keep stuff up to date" * [ ] (ED) document strategies for reproducible environments using conda-forge * [ ] (UK) Static libraries stuff * [ ] Add linting hints to builds to find them * [x] Recommend how to package them -> CFEP-18 * [x] We should write docs saying we don't provide support and this is a bad idea. -> CFEP-18