#foswiki-release 2018-05-14,Mon

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
MichaelDaumHi everybody [12:19]
gac410Hi MichaelDaum - not that meeting doesnt start for 40 minutes. 1300Z
er... note
[12:20]
MichaelDaumargh. someday I'll get timezones right. [12:21]
gac410:D [12:21]
MichaelDaumtook me a couple of rounds to get the time right in the google calendar: it kept shifting the meeting around even though I edited 1300Z [12:24]
........ (idle for 36mn)
uebera||Hi there. :) [13:00]
gac410Hi everyone. Welcome to the release meeting. [13:00]
MichaelDaumHi
whats on the agenda for 2day
[13:01]
gac410Okay. Urgent tasks. Only new one is https://foswiki.org/Tasks/Item14689
I still thing best fix for that is to "eval require" the XS module and if it does not exist, fall back to the pure perl module. The PP module is NOT vulnerable the way we use it, in it's default configuration.
That way if distros add the new module and drop the old, it will be used.
[13:02]
MichaelDaumokay. kiss. [13:04]
gac410the only way the PP module becomes vulnerable if someone changes our perl code to permit nested () parenthesis in the addresses. [13:04]
MichaelDaumhow about adding an evil address to WebNotify?
or via SendEmailPlugin
[13:05]
gac410No, the vulnerability (a DOS) only happens if the parser defaults are overridden to loop through nested ( ) parenthesis.
According to the docs the module is not vulnerable in it's default configuration. which is what we use.
[13:06]
MichaelDaumalright. then I step back from my recommendations. kiss-ing is better then. [13:07]
gac410The issue to us more importantly is that some distros are removing the module, others are not. So we don't have a stable set of dependencies. [13:07]
MichaelDaumin that case people cant send emails as simple as it is.
you can still run foswiki without enabling email
[13:08]
gac410Yes. or use mailprogram. which does not need that module. [13:08]
uebera||Should we add a warning to configure (in addition to the README) highlighting this? [13:08]
MichaelDaum... and is more reliable [13:08]
gac410I thought that would be reasonable. But now it's pretty clear that we are not vulnerable, so warning is sufficient,
Anyway, There were not any other significant tasks A couple of doc issues, including one that was due to me botching the docs in 2.1.6 :(
For feature proposals. Not much activity.
In the https://foswiki.org/Tasks/Item14664 branch, I split out the {ConfigWebName} setting from the {UsersWebName}. But got rather tied up in a mess trying to handle both migration of existing sites, and handling new sites.
So that branch is not merged.
[13:09]
MichaelDaumlooking forward to test it out [13:16]
gac410The last of the features I was making progress on was https://foswiki.org/Tasks/Item14602, allowing lower case topic names. That one is ready to merge. [13:16]
vrurgHi [13:16]
gac410But I'm not planning on going any further on either of those.
Unless anyone else has any news to report on feature proposals, that brings us to new business / development news.
[13:17]
MichaelDaumwithin the next two weeks there will be a lot of plugin updates
at the end of which I will update b.f.o
[13:19]
gac410There is yet another tinymce release. 4.7.12. If someone wants to pull that into master. Currently 4.7.11 is running in master.
This is the last release meeting that I'll be running. I'm planning to take a much less involved role, and will re-evaluate things in the fall once the cold weather arrives.
[13:20]
MichaelDaumabout my editor work: I'll create a NewNatEditPlugin (or whatever it is called) and abandone my Item14288 branch. [13:22]
gac410we also need someone willing to take on reviewing the registrations on f.o, and cleaning the spam registrations. It's a never ending flow.
MichaelDaum: what happened to the editor - I thought you were making good progress with a couple of alternatives.
[13:23]
MichaelDauminstalling CaptchaPlugin would mitigate the pain. [13:23]
LynnwoodThat's something I could take on. (registrations review) [13:23]
MichaelDaumLynnwood, excellent. Thanks. [13:23]
gac410What I do, is after each registration, if it includes a link in the form, I look at the history of the IP address on foswiki.org [13:24]
MichaelDaumgac410, I've been experimenting a lot with different editors on the base of wrapping them into an Engine javascript class. [13:24]
gac410If it does not have a history of what appears to be general foswiki interest, then I remove the account and add the link to the FoswikiOrgAntiWikiSpam list [13:25]
MichaelDaumI'll be able to get funding integrating CKEdit [13:25]
LynnwoodMichaelDaum - that's some very positive news! I've had several requests for that exact thing. [13:26]
MichaelDaumthere are a couple of loose ends that need to be fixed before coming up with a good solution here.
for one dealing with the half-done work by modell aachen
I looked at their ckedit plugin code and it is needing quite a cleanup / replacement
[13:26]
gac410There have been emails to webmaster rather nasty about how bad the old TMCE is and the new one won't run. Actually it runs fine if you install 3 extensions from Extensions/Testing. NatEdit Wysiwyg and TinyMCE. [13:28]
MichaelDaumI am not sure they are using the version of this plugin as it is in their qwiki
gac410, how about doing a proper release to the Extensions web? do you think the code is fine to do so?
[13:28]
gac410It's a big change. generally we only do critical bugfix for extension changes between releases.
I've only cursorly tested it. Nothing signfiicant
[13:30]
Something else the project needs todeal with . Github is removing their email service / hook. Acually ALL of their hooks, which inludes Sympa
er. weblate
And their IRC notifications too.
The only thing left by end of year will be the webhook "push" using json that we use to update our tasks.
So either someone needs to make the FoswikIOrgPlugin we run on master, do the email and irc notifications, or come up with some other way to tell us all about commits.
[13:37]
vrurggac410: When are they gonna pull the lever? [13:41]
gac410It's at the end of every commit email: **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
January 31, 2019: GitHub stops delivering installed services' events on GitHub.com.
We use Email, Gitter, IRC and Weblate services.
[13:42]
vrurgI don't receive these emails from foswiki. Ok, then if my situation won't change I'll try to take care of it. [13:44]
gac410They go to the foswiki-commits email list. Used to be foswiki-svn list. [13:45]
vrurgBut not until I'm back from TPC2018 [13:45]
gac410Oh... another thing that needs to be done once in a while is to look at the https://github.com/foswiki/distro/settings/hooks
the "push" to the FoswikiOrgPlugin occasionally times out when our server is slow Need to "redeliver" those or tasks updates are missed.
Anyway, unless someone has something else for the release meeting. thanks everyone. I'll still be around, but much less active.
[13:47]
vrurggac410: It would be a great idea to have a topic with a list of duties. [13:49]
gac410I'll create a Community/Housekeeping topic but will be private, as there is stuff I handle that should not be generally public - ie what triggers spam removal. ;) [13:50]
MichaelDaumthanks gac410 for leading the release meetings. we will continue having them bi-weekly. lets see what happens. [13:50]
uebera||+1! [13:51]
gac410I'll probably eavesdrop for now. [13:51]
vrurggac410: thanks!
I have a quick question.
Got back to v3 polishing recently. Thinking of pulling in Type::Tiny for isa-checks (and more than that). Anyone to object this?
[13:51]
MichaelDaumvrurg, we are far away from giving you any guidance here. If you feel inclined to do so, why not.
I am using ref() for type checking. not sure what Type::Tiny adds to it but am open to suggestions.
[13:55]
vrurgTechnically its a way to go. The question is about more dependencies to be involved.
Say, ref() doesn't solve matters like Map[Str, InstanceOf["SomeClass"]].
[13:56]
MichaelDaumsure
so Type::Tiny is replacing the current UNIVERSAL::isa() ?
[13:58]
vrurgBesides, ref() must usually be accompanied with 'defined' whereas Type::Tiny provides a single check.
Not only. StrMatch[qr/\s\w+/], Int, etc.
[13:58]
MichaelDaumcould you please check linux distros for Type::Tine first?
^tine^tiny
[14:00]
vrurgI can only see if Ubuntu/Mint have them. [14:00]
MichaelDaumubuntu ships them in libtype-tiny-perl
not that I still use the distro perl packages
[14:01]
vrurgBut they're a cornerstone of Moose ecosystem. Where there is Moose – they must have Type::Tiny too. [14:01]
MichaelDaumah ok
so then go for it
[14:02]
vrurgMichaelDaum: neither do I. BTW, our tests have a problem with cpanm installation. [14:02]
MichaelDaumare you using cpanm on top of the distro packages or a local perl via plenv or perlbrew? [14:03]
gac410I've never seen cpanm issues that I can recall. And I always run unit tests with a perlbrew / cpanm configuration. Or I use OS packages with OS perl. I never mix them. [14:04]
vrurgI have perl from MacPorts + cpanm on top of it. [14:05]
MichaelDaumyou can mix os with self compiled packages as long as you add /usr/local/... to INC
the problem is that distros ship unpatched perls
[14:05]
vrurgWill recheck with master branch, but the problem must be there. It's about tests being run in a separate process where forking code cleans up PERL5LIB and incorrectly removes cpanm path. [14:06]
MichaelDaumlots of distros didn't fix CVE-2018-6797, CVE-2018-6798 and CVE-2018-6913 yet [14:06]
vrurgI haven't had time to do the recheck and make a report. So, just a heads up. [14:07]
MichaelDaumanyway I have to leave now
thanks for the good discussion. see you soon.
[14:07]
uebera||cu [14:08]
vrurgcu!
Thanks everybody! Special thanks to gac410 !
[14:08]
gac410cu all around. Thanks. [14:09]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)