ok, now that we're all here... how should we proceed on this?
iliekcomputers
hullo.
ruaok
my brain is so addled I can't even recall what we talked about last week.
iliekcomputers
every project lead should come up with a way they want to handle this and we'd see which ones we want.
ruaok
I think we agreed that we needed to each of us keep up on security warnings and then have some sort of way to hold each other accountable as to how to do it.
I think there ought to be one process for all metabrainz that we all follow.
that way we can see when another team isn't following it and threaten to take their chocolate allowance away.
bitmap
iirc we were talking about using jira to track relevant/non-relevant security warnings
ruaok
wait, I guess there needs to be a chocolate allowance first. hmm.
I think Jira makes sense.
CatQuest
:o
ruaok
but even jira can be easy to ignore.
iliekcomputers
yes.
ruaok
zas: in the end security is your responsibility.
CatQuest
if yo uut me on the job i'm good at nagging people :D
ruaok
but doing the work to get there is not.
would it be fair to have you have the responsibility for making sure we're following the process we set out?
zas?
zas
hmmm
sorry just discovering i'm responsible of a can of worms
CatQuest
oh no
ruaok
not directly no.
CatQuest
but like i said. tell me who to nag and i wil lnag them
ruaok
I'm just trying to think of the right person to follow up on this who is not a dev.
code_master5 joined the channel
CatQuest: thanks, but we need someone with much deeper tech skills.
CatQuest
meh
i tried
ruaok
let's leave the who part off the table for now.
if we use jira, do we make one new project that covers security adivsories for all projects?
CatQuest
i'd say so
zas
i can do that, but to be clear: security doesn't really exist, so we'll have to define what you call "security", because i know guys in many secret services in the world who are still wondering who hacked them...
ruaok
bitmap: iliekcomputers: yvanzo: y'all should've thought about this more by now.
zas: I'm not going to play the game of define everything right now.
github security vulnerabilities, open tickets in JIRA in a new project
zas
ruaok: ok, i guess you got what i mean anywya
pulkit6559
Hi Freso, Sorry for not being there for the meeting, i had to attend a family wedding. To put it briefly, this week was a bit slow work wise, i worked on resolving the changes requested my previous PRs,resumed working on filtering mbids, will push the changes in a day or two and i read about t-SNE.
bitmap
otherwise they'll be scattered everywhere
CatQuest
yup
ruaok
ok, what is the workflow for a given week then?
we see a notification on github. then what?
zas
my take: create tickets in SEC project when they appear
bitmap
open a ticket on jira, close if it's non-relevant?
ruaok
how can you verify that this happening?
zas
then, on regular basis, we define priority for them
or close if not relevant yes
Freso
(Meeting time is almost up, I propose to push "april fools" to next week, close the meeting for non-devs, and let the discussion between ruaok, bitmap, iliekcomputers, Mr_Monkey, yvanzo, and zas (and reosarevok?) continue instead of cutting off in 4 minutes.)
CatQuest
+1
iliekcomputers
who opens the tikcets? project leads?
ayerhart_ has quit
bitmap
and there is a way to receive all emails for a particular project
CatQuest
it seems it's like that already :D
zas
everyone noticing a potential security-related issue
iliekcomputers
ok.
pristine--
Freso: what is that april fool agenda?
ruaok
that makes it easy for no one to do anything.
Freso
pristine--: ruaok's, so you should ask him. :)
CatQuest
SEC is a good idea
well it's also mie
mine*
pristine--
Will ask later
Thanks but:)
zas
ruaok: no one can have a view over all projects, libs, etc...
yvanzo
We can probably use webhooks to handle vulnerability alerts and forward it to JIRA.
bitmap
we can make it part of the weekly agenda to see if there are any open SEC tickets and prod people?
ruaok
yvanzo: THAT!
CatQuest
+1 bitmap
ruaok
Yes, that is what we need!
bitmap: +1 to that too.
the combo of both of those gives us enough visibilty and accountabiity.
CatQuest
hell i will subscribe to it and nag people i mena, i want to help
zas
ruaok: yes :)
ruaok
yvanzo: please investigate if this is possible (webhook)
zas
and +1 for webhooks
yvanzo
Just checked, GitHub can send events for "Vulnerability alert created, resolved, or dismissed on a repository."
ruaok
awesome!
iliekcomputers
nice!
ruaok
ok, yvanzo please make that happen.
CatQuest
yay!
ruaok
can you also create the SEC project in jira?
CatQuest
lol one minute left
one sec left ;)
ruaok
ok, let's close for the week.
CatQuest
(sorry)
ruaok
the biggest points have been covered.
Freso
Alright!
</BANG>
10 seconds past.
CatQuest
I'm glad we even had april fools on the agenda for once
TOPIC: MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | New GSoC students start here: https://goo.gl/7jsjG2 | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Meeting agenda: Reviews
Freso
Thanks for your time everyone! :)
CatQuest
it's a good thing we still ahve a week
Freso:
pristine--
Thanks Freso:)
TOPIC: MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | New GSoC students start here: https://goo.gl/7jsjG2 | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Meeting agenda: Reviews, april fools (ruaok)
ruaok
oh and btw, I will not be attending next week's meeting.
Freso
Ah.
zas
yvanzo: i'll create SEC project
ruaok
which is why I removed that from the list.
CatQuest
but
ruaok
if someone wants an april fools joke, they will need to run with it.
TOPIC: MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | New GSoC students start here: https://goo.gl/7jsjG2 | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Meeting agenda: Reviews, april fools (catquest)
CatQuest: I guess we'll talk about it next week and see what happens.
pristine--
reosarevok: 😂
Freso
Now that it's in the agenda/topic, maybe people will give it some thoughts.
yvanzo
reosarevok: ah, I knew you did nothing!
Freso
iliekcomputers: ListenBrainz doesn't have a "love" feature like Last.FM, correct?
CatQuest
Freso: yay!
Gazooo has quit
iliekcomputers
Freso: not yet.
Freso
Oh, and also, everyone: Humble Bundle has a "Web Programming" book bundle from O’Reilly currently; tier 1 includes a book on React, and tier 2 one on Flask: https://www.humblebundle.com/books/web-programm...
CatQuest
:O
Freso
(And tier 2 also has "Data Visualization with Python & JavaScript")
pristine--
iliekcomputers: we had 1 partition for users and recordings df
And 3611 partitions for listens df
Repartitioning to 1 is making situations worse, consuming a lot more time than the previous 270 sec on join operation
It will be great if you could also look into joins. Because that is the only operation which is causing 270 sec.
In case anyone's interested, I've just added a PR which totally replaces `gulp` with `webpack` in CB. Guess what's comin next? 😃 I'm excited ... 🤗
zas
we'll have to define components, and available options