Update: Home Page »

Conference Calls

For the forseeable future, we will be doing conference calls with the UMO developers on a weekly basis. We will post the minutes here as well as any agendas, etc.

Conference Call: 1/27/2005

The weekly conference call for UMO will be held Thursday the 27th at 3:00PM, instead of Wednesday due to the Mozilla Foundation offsite on the 26th.

Conference Call Details

Date: Thursday, January 27, 2005 Start Time: 3:00 p.m. Pacific End Time: 4:25 p.m.

Primary Dial-in Numbers

1-800-734-6100 (toll-free in USA and Canada)

1-858-400-4047 (for callers outside USA and Canada)

Participant Access Code: *****

Proposed Agenda:

• status report
• bouncer 2.0 and integration in advance of 1.0.1
• security audit status
• disclaimer and privacy policy
• community access to site
  • limited editor access?
• decoupling AUS physically
• action items (seeking volunteers)
  • Beta going?
  • Drill down on tools and requirements for v2.0
  • Summarize needs for Firefox 1.0.1 changes to make UMO life easier
  • Update architecture and design wiki

Con-call minutes

• Kveton did status report; code freeze and wiki getting updated.
• Bouncer 2.0 discussion: Looks like we're going to be ready to use this and Mike Morgan has it almost fully-implemented. The sentry.pl is now sentry.py, multi-threaded and ready to test md5sum's. Discussion about using this with Extensions was put off due to scalability issues with bouncer handling lots of files (UI issues). Could we tie this into UMO at some point? Much discussion about moving build of RDF's for 1.0.1 out to the build infrastructure under Chase. We need to do this.
• Security audit status: deferred to discussions between kveton/cbeard
• Community access to site: we all agreed that we hate the log jam created by not reviewing any new extensions, etc on the site. We agreed that it might make sense to open up access to one or two trusted developers/admins to start pushing through updates to existing extensions. Alanjstr leading this?
• Setting up AUS servers in meer and OSL locations was discussed; will know more on Monday after discussion with Myk, Justdave and Kveton.
• Action items:
  • Beta going? - alanjstr?
  • Drill down on tools and reqs for v2.0 - mconner and morgamic
  • Summarize needs for FF 1.0.1 w/ changes to make UMO life easier
  • Update architecture and design wiki -- need volunteers

Conference Call: 2/10/2005

The weekly conference call for UMO will be held Thursday the 10th at 3:00PM. It was agreed in the last meeting that meetings would be moved from Wednesdays to Thursdays going forward.

Conference Call Details

Date: Thursday, February 10, 2005 Start Time: 3:00 p.m. Pacific End Time: 4:25 p.m.

Primary Dial-in Numbers

1-800-734-6100 (toll-free in USA and Canada)

1-858-400-4047 (for callers outside USA and Canada)

Participant Access Code: *****

Proposed Agenda:

Con-call minutes

Conference Call: 2/17/2005

The weekly conference call for UMO will be held Thursday the 17th at 3:00PM. It was agreed in the last meeting that meetings would be moved from Wednesdays to Thursdays going forward.

Conference Call Details

Date: Thursday, February 17, 2005 Start Time: 3:00 p.m. Pacific End Time: 4:00 p.m.

Primary Dial-in Numbers

1-800-734-6100 (toll-free in USA and Canada)

1-858-400-4047 (for callers outside USA and Canada)

Participant Access Code: *****

Proposed Agenda:

• Introduction of Corey Shields
• Current progress on security audit
• Preparation of infra for 1.0.1

Con-call minutes

Attendence

Corey Shields Mike Morgan Chris Beard Dave Miller Alan Starr Scott Kveton

Security Audit

Want to get the community invovled, etc. However, need to get a listing of things that are wrong, prioritize and then have the community tackle it. Not trying to exclude the community; just want to make sure make good use of the communities time. Mike is going to work more with Alan to make sure that we have the hooks into the community work.

90% done on the developer section. Starting work on VersionChecker. Going to look for patches from the community after creating bugs for each file. Just 25 hours in.

Infrastructure for 1.0.1

Talked about rsync modules. Chase and Corey are going to work on getting the load off of stage.mozilla.org. Corey is going to try to find more members for ftp-rsync just to cover the load.

Discussed a timeline for the release of 1.0.1.

Justdave and Chase will be working on building out the new RDF directories and a means to flip-flop between 1.0 and 1.0.1 in the case of melting down the mirror infrastructure.

Kveton is going to update mirroring.html to what is reality.

Justdave and Corey are going to work on getting a demo site for doing complete testing of UMO either on iguana or dev1. Alan and Justdave can work on getting the correct new testing URL's for AUS and PFS.

We discussed problems with *.mozilla.org as a certificate file and how we are going to deal with that. Although quite painful, we're going to defer until after 1.0.1 is released. The entire URL decoupling needs to be rethought out for version 2.0 of UMO. Dave is going to make a few changes now to decrease the amount of traffic considering we are on a single infra at the moment.

Policy Update

Chris Beard posted a software policy to the mailing list. We need folks to comment with additions/deletions and then get it up on the Wiki for development from there.

3/17/05

Audit

Configuration

• config.php only defines constant config variables
• dbconfig.php is gone
• config.php -> config-dist.php to avoid committal of passwords

Dev/Staging

• Corey and Dave did a good job of getting chameleon squared away
• Dev is working and right now and morgamic is testing updated config and fixing non-relative paths. The goal is to package the application right so it is easier to install in a working directory, which will happen when dev's set up their sandbox on chameleon in ~/username/public_html
• Once we have home directories set up, Dev and Staging will be cron'd
  • Staging is production branch
  • Dev is development branch
  • User directories used for patch testing / sandbox testing
  • New commits will be posted to Staging/Dev every 10/15 minutes

v1.0 Schedule

• Branch unfrozen by Monday. Before then:
  • User directories (public_html) on chameleon for testing
  • Solidify configuration changes (today/friday)
  • Get PFS into CVS (friday)
  • Merge local modifications again (friday)
• Work on delegating patch work
  • kveton will start pinging developers
  • solidify review process for UMO
  • testing and staging for UMO branch before pushing it to production

Bouncer

• Wrote RSS feed for Asa
• Setting up dev environment for final testing and demo of v2.0
• Some items being worked on
  • Templating filenames and URLs
  • Load testing Sentry
  • Simplifying UI to preserve Chase's sanity
• Who is going to host the project, OSL or Mozilla?
  • kveton and cbeard will talk about this

3/3/2005

Attendance

• mvl
• alanjstr
• kveton
• morgamic
• mconnor
• justdave
• cmp
• Colin

Please put your name here if you're not here and sat in on the call.

Audit Update

Review is mostly complete with the exception of some behavioral testing we have to do on chameleon. We are focusing on the items below as discussed in the conference call.

Prod -> CVS

We needed to get CVS updated to match what is currently in production. Our goal is to get to a point where PROD is only updated via 'cvs up'.

• Patch already checked-in.
• Must checkin jst's change.
• Need to get PFS code into CVS at some point.
• When testing on chameleon is complete, re-checkout PROD from CVS.

VersionCheck.php

• VersionCheck.php almost done.
• Rewrote a large portion of this and will submit patch for review.
  • Clarification and documentation of code.
  • Efficiency and overhead reduction.

PFS

• Next up for the microscope.
• Need to get legal considerations hashed out.
• This absolutely needs to get into CVS.

Application Configuration

• Application has path, installation and configuration issues that should be resolved before distributed development (tree unfreeze).
  • Web paths for non-root working directories in the UMO 'landfill' that will exist on chameleon. We don't want to create a vhost for every person's instance.
  • Added file repositories, if necessary. Consider using a central one when we need to have test data. We should at least include a files/ directory in CVS or document the need for its existence since it is a dependency.
  • README for installation and setup instructions / information.
  • Adjust hard paths to remove any dependency on the application having to be installed on www root.

Development Environment

An adequate development sandbox/landfill needs to exist for testing. In addition, staging should be set up to test future enhancements along with cooperation with a select population of MoFo testers. Once staging is complete, how we handle updated prod should be properly handled.

Dev

• User accounts and access for UMO developers to have working directories
• How are we going to handle database(s) for these accounts?
• Should we alternatively look at simplifying the dependencies so people can work on any basic LAMP configuration?

Staging

• Domain and vhost on chameleon for staging.

Production

• Limited access to production environment.
• Updates should be done using CVS and only after proper staging.

Unfreezing Branch

Our goal is to get things back out to the community as soon as the above items are addressed.

Prioritization

• Create TODOs based on audit notes.
• Delegate work.

Reviewers (for now)

• mconnor, ctho, morgamic

Schedule

We aim to get things to "Unfreezing Branch" in the next 10-14 days.

4/28/2005

Policy and Licensing

• We will focus on improving our documentation that outlines the responsibilities of extension and theme authors.
• This means we need to collectively come up with a reasonable site of guidelines.
• For extensions that contact other third-party vendors for data sources and/or reporting, where do we draw the line? Good: WeatherFox; Bad: An extension that downloads all of your behavior and sends it to someone... ?
• Maybe we should require more information about extension authors when they register for a developer account in order to verify whether or not they are who they actually are.

v1.0

• v1.0 will come to a standstill and patches/revisions will be limited to security-sensitive items, or major blockers to usability.
• alanjstr will be responsible for managing v1.0 as v2.0 is being built out, in collaboration with kveton.
• v2.0 will proceed, morgamic is working on use-cases and updating the wiki.
• v2.0 will most likely involve a restructuring of the database and renaming of key column names in order to make things clearer. A migration script will have to be made to port all old data over to the new system, this will be done pre-release... (hopefully) :)

Dev Con Call

• Look for an update regarding a dev meeting to discuss the plans for v2.0 in the next week.

4/5/2005

Agenda

• UMO Security audit update
• Landing the patches
• Talking about "hitlist" with "hit squad"
• Other Topics

Audit update

Patches committed:

• PFS code
• Config patch

Under review:

• Sorting patch (extensions list that encourages ratings spam)
• Front page optimization (mao)

Next up:

• Sessions (morgamic)
• Commenting (chip)
• Setting up -dev, -staing (kveton,morgamic)

Hit list

1. Developer Sessions, making sure login works correctly, nav options for admins are hidden
2. Comment spam prevention for user ratings, reenabling comments for extensions and themes
3. Set up -dev,-staging
4. QA for existing patches
5. Run through remaining items in audit log that are important mainly (but not limited to):
   1. missing input validation
   2. bad loops
6. Work through workflows for developers and admins
7. Merge branch with trunk
8. Push trunk into production