I2P dev meeting, March 6, 2016 @ 15:00 UTC

Quick recap

  • Present:

EinMByte, sadie, str4d, z3r0fox, zzz

Full IRC Log

<zzz> 1) VRP/H1/1119
<zzz> 2) 0.9.26 carryover
<zzz> 3) Summer of X
<zzz> 4) 27-29 deferred to next meeting
<zzz> 0) hi
<zzz> hi
<str4d> hi
<zzz> I'll explain 3) when we get there
<EinMByte> Hi
<zzz> 1) VRP/H1/1119
<zzz> http://trac.i2p2.i2p/ticket/1119
<zzz> has everybody had a chance to catch up and review this ticket?
* str4d is about to post his comments
<zzz> str4d overall thoughts?
<str4d> Overall I think it is pretty good. I like the positive feedback we have had from people who do this kind of thing for a living :)
<zzz> I think we're on the right track more or less
<zzz> this ticket has been around for 2 years. you brought up H1 14  months ago. we've had anonimal's vrp process drafts since september
<zzz> i think over that time, h1 has become pretty legit
<str4d> I agree with zzz that the later points are overspecified, but I think the process and response sections (sections III and IV) are about the right level of specification
<zzz> i have no remaining doubts about using h1
<EinMByte> Yes, although I've only followed the discussion from a distance, vuln. response should follow stricter procedures then now. H1 might be a good options for that.
<EinMByte> s/options/option
<str4d> I am also +1 on h1, for the reasons I have already outlined in the ticket.
<zzz> str4d, you met katie of h1 a while back right? can you fill us in on that meeting?
<z3r0fox> Hi
<str4d> Yeah! I met her at Kiwicon 9
<str4d> I asked her about the tweet I posted, that arice responded to in the ticket
<str4d> Turns out that arice actually emailed her a link to our ticket asking if his response was adequate, and she ended up reviewing the ticket on her phone while in another meeting :P
<str4d> She also liked it :P
<zzz> and what about the funded stuff and what tor's doing with them?
<str4d> She mentioned that it was going to happen, and did indicate that we may be able to get in the same program
<zzz> also, overall impressions of h1 the company after meeting katie?
<str4d> I have yet to follow up on this, because 1) thesis, and 2) there is no point in going in any program if we don't then use h1
<str4d> zzz, very positive
<zzz> anybody have any objections to using h1?
<str4d> They appear to know their stuff, and Katie is certainly thriving there
<zzz> can we flip the switch on h1 now to go live or what has to happen first?
<str4d> If we go for h1, this is what I think needs to happen:
<str4d> - We finish up the VRP and get it on the website
<str4d> - We tidy up the copy text front page of the h1 page
<str4d> (things like how we respond, what we consider in-scope etc.)
<zzz> vrp must be before h1 live?
<str4d> - We decide on the response team
<str4d> - We move the sandbox into closed beta, where we have a few researchers invited
<str4d> - Once we have had some time to get used to the platform, response volumes etc. we take it to open
<zzz> you really think responses are going to start rolling in the day we flip the switch?
<str4d> They could
<str4d> Katie indicated to me there were a number of researchers who were very interested in helping open-source projects, if they could find them
<zzz> can't imagine we need to have everything lined up. not like the researchers are going to start hacking on day one
<zzz> especially if no money involved
<zzz> closed beta means they have to let the in?
<str4d> Yes
<str4d> Essentially h1 invites maybe 10 researchers to be able to use our page
<EinMByte> Do you have any idea who would be invited?
<zzz> so putting the VRP and our response team aside for the moment, who's going to fix up our h1 page to get ready? str4d?
<str4d> I don't recall the exact specifics
<str4d> (whether we invite people ourselves through h1 or whether they find the researchers from the existing registered pool)
<str4d> The idea is that then we don't get inundated with crappy tickets before getting used to how to respond to them
<str4d> But IMHO it also helps us start to directly build relationships with a few researchers
<zzz> do you have a sense of whether everybody is chasing after bounties on h1 or are the free ones getting a lot of reports too?
<EinMByte> Sure, or at least with those that are using h1
<str4d> I don't personally have a sense of that
<EinMByte> zzz: Is there a possibility of eventually oferring bounties?
<str4d> But Katie indicated that there were definitely researchers who wanted to help FOSS projects if they could identify them
<zzz> somebody is funding tor bounties now, so yes
<sadie> I can help str4d on the h1 mainpage
<str4d> thx sadie
<EinMByte> I2P has reasonable savings, why not spend some of them on bounties
<zzz> ok great, so sadie and str4d will work on getting the h1 side ready
<str4d> EinMByte, yes we could go to bounties, but not initially IMHO
<zzz> 1mb we certainly can if we want
<zzz> anything else on h1 or can we move onto the vrp itself?
<EinMByte> Let's see how it works out without bounties
<str4d> And as mentioned above, there is now a program on h1 for funding bounties for FOSS projects
<z3r0fox> Beta sounds like a good opportunity for team to develop public facing responses for if a really serious bug is publically disclosed
<str4d> which we may be able to get into
<zzz> last call for h1
<zzz> ok, lets look at the vrp itself in the ticket
* str4d posts his comments
<zzz> we're reviewing anonimal's draft from november
<zzz> let's not go thru point by point though
<zzz> overall impressions on the november draft and where we go from here?
<str4d> <str4d> I agree with zzz that the later points are overspecified, but I think the process and response sections (sections III and IV) are about the right level of specification
* zzz takes a minute to read str4d's comments
<zzz> ok it seems like we are in general agreement that the november draft is a great start and we have rough agreements on the edits necessary
<zzz> what I'd like to do is take the final stage of this from anonimal, that str4d and I will finish the edits and get it posted on the website, and round up a team
<str4d> Sounds good
<zzz> what do you guys think?
<str4d> There are also the necessary tweaks now we are going for h1 instead of private Trac
<zzz> any volunteers to help us work on the final version?
<zzz> we don't want to get overly tool-specific (mtn, h1, etc) in the process. It should be high level enough to avoid most of that
<str4d> True
<str4d> And we will be iterating on it anyway
<zzz> doesnt need to be perfect out of the gate
<str4d> That is another reason for a private beta initially
<zzz> ok str4d when are we going to have that done by?
<sadie> vrp draft looks good
<zzz> end of march?
<str4d> sounds good
<zzz> ok anything else on 1) ??
<zzz> moving on to 2) 0.9.26 revisited
<zzz> any other comments? unfortunately I haven't updated the roadmap on the website yet
<zzz> so i could hold up my notes to the camera
<zzz> sorry i should have done the website.
<zzz> I did get the last 3 meeting logs, including last thurs and fri., up on the website though
<zzz> guess i will be doing that until kytv reappears
<zzz> whenever our next meeting is, I will put .26 on the agenda to look at it then
<zzz> anything else on 2) ?
<zzz> ok moving on to 3) summer of x
<zzz> str4d can you explain our idea please
<str4d> The idea is that we focus development for three months on user- and developer-facing elements of I2P
<str4d> ie. things that people might actually care about, rather than streaming tweaks ;P
<str4d> And therefore things that are easier to do publicity on
<str4d> The rough idea is:
<str4d> - Summer of APIs: spend a month working on updating our libraries etc
<str4d> - Summer of Apps: spend a month working on helping other projects use those libraries
<str4d> - Summer of Plugins: spend a month working on our own apps and plugins
<zzz> right, this is about growing the network through outreach and making apps (ours and other people's) better
<str4d> Yep
<zzz> my idea was, if we can get 5 more Vuze's, we'll be 5 times bigger
<EinMByte> You might also want to add documentation to that
<str4d> Plus there's the whole Summer of Code ethos that we can hook into online
<EinMByte> no good API without decent documentation
<zzz> a lot of times we see some project thinking about i2p but they dont know much and dont get any help
<str4d> EinMByte, to the API parts, yes
<zzz> agreed 1mb
<str4d> ie. that would be on making our libraries and APIs as easy for devs to use as possible
<z3r0fox> Sounds like a good campaign idea! Worth a shot
<str4d> so e.g. updating txi2p, libsam etc. with SAMv3.3
<EinMByte> Supporting more languages?
<EinMByte> More interfacing through existing libraries
<str4d> Potentially, if we have the developers to help :)
<str4d> EinMByte, yah
<zzz> I'd like to sadie involved in this too with branding and outreach
<EinMByte> I think str4d's work with twisted is great, would be nice to do more stuff like that
<str4d> Fix the libtorrent support, try and get something into libp2p, etc.
<zzz> summer of i2p, or i2p summer of fun, etc
<EinMByte> i;e. do not write our own API from scratch but offer plugins for whatever framework people are using
<str4d> EinMByte, exactly.
<zzz> pushing sam 3.3, bringing all the various bridge libs up to date, documented, etc
<str4d> Or if we do offer our own API, make it as simple as possible. That's what I like about libsam, it is two files that any project can bundle (or ideally, any existing library)
<zzz> there's python and go and c and c++ and twisted and libtorrent and libsockets and and and...
<zzz> we fix up other people's stuff and do pull requests to them
<EinMByte> str4d: Agreed, APIs should be easy to bundle. It's a common problem for me
<str4d> While that is ongoing, we can ask other projects if they want help getting I2P into their apps
<zzz> why the heck doesn't libtorrent work? who can figure that out and get it fixed?
<zzz> ^^ as an example
<str4d> Then in the next phase of SoX, we then work on educating them and helping them use the newly-updated libraries and APIs
<EinMByte> sounds good
<str4d> It would be great to have buy-in with this from i2pd and kovri too, at least for the API part
<str4d> since we want to end up with apps being able to use whatever I2P backend they want
<zzz> i think we could get a lot of people excited here. I know psi is working on various libs
<zzz> we need a list of all the messaging apps we want to target
<str4d> And this is good for tying in with our existing outreach
<EinMByte> If we get the right PR it might be a success
<EinMByte> I want to create a simple C++ API for kovri, at some point
<zzz> great 1mb
<EinMByte> Then that API could be used from various programming languages. But this is a core API, not a client API (so use-case is somewhat different)
<EinMByte> Pretty much it should allow any application to bundle the kovri core.
<zzz> this would be a nice wholistic project to get everybody involved
<EinMByte> Agreed
<str4d> In my outreach todo list I have Tahoe-LAFS, IPFS, Tox, OpenBazaar, Zeronet...
<zzz> ok how do we move forward with this
<zzz> maybe sadie can give it  a cool name
<str4d> We essentially have until the end of May to plan this
<str4d> (while .25 and .26 are released)
<zzz> so after .26
<zzz> lets put this on the april 4 meeting agenda
<EinMByte> Ok.
<EinMByte> PR would have to attend, though
<zzz> june: APIs july: apps aug: plugins
<EinMByte> (so I think that's sadie, now?)
<zzz> also could wrap this around HOPE
<z3r0fox> I don't know many of the details obviously yet, but I'm not a terrible tech writer if anyone wants to assign me some grunt work
<zzz> ok let's ask sadie to flesh this out a little on april 4
<sadie> zzz - I can take care of graphics/ content with str4d for outreach
<zzz> ok
<zzz> anything else on summer of x?
<sadie> also, I will at Hope with stickers ..
<str4d> Nothing from me :)
<amnesia> Call it something other than Summer of X so it doesn't sound either non-descript, or like porn?
<str4d> amnesia, X is a placeholder
<str4d> (until we think of something better)
<zzz> ok. as I said at the top of the meeting, I'd like to defer discussion of 27-29 and the bigger roadmap and goals for 2nd half '16
<amnesia> Summer of Targetted Development?
<zzz> do we like these roadmap-specific meetings or not? should we do this again?
<str4d> amnesia, a little long IMHO
<str4d> We will think of something for the April meeting
<zzz> send your ideas for 'X' to sadie or post somewhere
<str4d> zzz, I like them
<str4d> And speaking of
<zzz> do we want another roadmap mtg in march?
<sadie> zzz , can we put something on forum where people can leave suggestions for the "summer of" name?
<zzz> yes sadie
<str4d> The other thing I wanted to bring up was the longer-term roadmapping
<EinMByte> zzz: Yes. We need more long-term
<zzz> we got our .25 release next weekend so that will keep us occupied
<zzz> maybe about 2 weeks from now for another roadmap meeting
<EinMByte> Unless we plan that for later, but at some point it will need discussion
<str4d> Sounds good
<z3r0fox> zzz: I think they're good. Keeps focus
<str4d> I want to suggest something for people to mull over
<EinMByte> zzz: sure
<zzz> want to go back to a tuesday 8 PM or do it on the weekend?
<str4d> In parallel with the SoX, I would like to have another two parallel streams of development work
<str4d> - Crypto migration
<str4d> - UI overhaul
<str4d> The blocker on both of these is research and design, not implementatino
<EinMByte> Does crypto migration include NTCP2?
<str4d> Yes
<str4d> So while we are doing SoX implementation stuff, we are also doing reviews of the various proposals etc.
<zzz> how is saturday March 19th
<z3r0fox> +1 Weekends
<zzz> 8 PM UTC Saturday March 19
<str4d> With a goal of having a plan ready to implement either during or after SoX
<EinMByte> March 19 seems good
<str4d> Likewise with UI, we need to start planning design work on that ASAP, because it will take a long time
<sadie> march 19th works for me
<zzz> ok sox == summer of x, got it
<str4d> Yes (until we change it :P )
<str4d> Design stuff can happen in parallel with everything else, and then implementation could happen after SoX
<str4d> It would be *so* nice if we could have a new UI in place for CCC
<zzz> ok I will get an agenda up on zzz.i2p, plus the notes, plus the logs from todays meeting on the website
<str4d> Anyway, stuff to think about
<zzz> anything else for today's meeting?
* zzz grabs the baffer
<str4d> We can discuss more at next roadmap
<sadie> baff it
<str4d> March 19 works for me :)
* zzz *baffs* it
<zzz> thanks everybody