Improving trust in Rust dependency trees

# Improving trust in Rust dependency trees ## Plan * Quick round of introductions * Collecting feelings around Rust dependency trees * Goal: come up with a set of recommendations and action items, for stakeholders, the ecosystem, the community, and/or individuals * Personas involved * https://docs.google.com/document/d/1dWPZAsixXIUR52NijMeYywWgkGlg9uOzDtp3hD8a2Ag/edit * Starting Rust developer * Discovery * Unofficial: blessed.rs can help * Having the Project bless things is tricky * Overloads the Project with too many concerns * Situation on the ground changes faster * Maintainer of popular Rust crate(s) * Regulated industry tech lead * Pushing down the decisions * Crate metadata for maintenance status/support availability? * What questions do you want to have answered about crates? * Repo manager: consuming crates into vendored env * Distribution packager * Distribution policies requiring the use of OpenSSL/approved crypto packages * https://github.com/hickory-dns/hickory-dns/issues/2072#issuecomment-1773742598 * crates vs packages * Topics for discussion * What do you expect from your dependency's maintainers? * How do we educate the maintainers? * A "transparent" marketplace? * How do we make "maintainer" a job? * How to approach mismatch between systems packaging/library management? * Rust requires static linking * 1h Intro/feelings collection/presentation of goals/agreement on personas * 1h * What do you expect from your dependency's maintainers? * How do we educate the maintainers? * A "transparent" marketplace? * How do we make "independent maintainer" a job? * How do we make them visible? * Also for the ecosystems sake? * How do we deal with "bad players/freeloaders"? * 1h How to approach mismatch between systems packaging/library management? * Rust requires static linking ## Roles We’re going to fill these rolls to help make sure your discussion is as productive as it can be: 1. Leadership (1-2 people): Dirkjan, Florian a. Creates discussion agenda and keeps discussion on track towards goals. b. Selected in advance of the event. This is you! 2. Moderator (1 person): Florian? a. Calls on people to speak. b. Can be selected on the day of. 3. Note Taker (1 person): ISRG-appointed a. Takes notes during the discussion on a laptop with its display mirrored to a large screen. b. After the event ISRG will draft a report based on the notes for track leadership to review. c. ISRG will select a note taker in advance of the event. ## Leadership Preparation You’ll have 3 hours to discuss with your group, broken up into 1 hour periods. This is a lot of time, intentionally! One of the differentiating factors for our event is that we want to give you time to dig deep and make real progress while there are many bright people to exchange ideas with. Making great use of that much time will require some preparation up front. Here is what we recommend preparing: 1. A discussion plan containing an ordered list of discussion topics, ideally organized around identifying and discussing challenges. We recommend adding a few more questions to discuss than you think you might need, just in case some things take less time than you expected. 2. Consider preparing a draft of your group’s output recommendations and action items as a starting point that you can iterate on with your group. This can save time and provide some initial context for discussion. Since this is primarily a discussion format there is no need for anyone to prepare a talk. However, if you would like for someone to present on a topic because you think it’s valuable for the group, that’s totally fine. We simply recommend that you keep any presentations for your group to around 10 minutes or less so as to keep the vast majority of the time open for discussion. Please prepare your discussion plan in a Google Doc and share it with Josh Aas, Sarah Gran, and your co-leader. ## Moderating We want to make sure every participant has an equitable opportunity to speak. This will be managed by selecting a moderator, someone whose job is to select who will speak next. We do not want a discussion that is consistently dominated by one or two people, or one in which speaking order is determined by volume. The moderator should give speaking priority to people who wish to speak and have spoken the least in total up until that point. If leadership wishes to speak they get priority over everyone else, primarily for the sake of being able to keep the conversation on track. If someone is not asking to speak at all, the moderator should consider asking them at some point if they have any thoughts to try to get them into the conversation. ## Note Taking The note taker will take notes in two Google Docs which can later be shared with participants. The first document will summarize the conversation and ideas that get brought up. The second document will record the group’s output, consisting of recommendations and action items. ## Group Output The goal for the discussion is to come up with a set of recommendations and action items, for stakeholders, the ecosystem, the community, and/or individuals.