Date/Time: 2018-11-28 @ 15:00 UTC / 10:00 EDT / 23:00 HKT
Click here to convert to your time zone
Length: 45 minutes
Meeting link: [https://zoom.us/j/966890423]
This meeting is for the engineering team, app developers and the community to discuss engineering concerns or questions.
Agenda
Please reply to this forum post with items you would like included on the agenda.
Each item should include:
Item name
Background information: Links to github issues, forum posts, etc with background information on the item
Desired outcome: what decision or deliverable would you like from the discussion of this topic at the meeting?
Meeting Minutes/Notes (please review/correct as needed)
2018-11-28 Meeting Notes
Open Source Metrics
Open Source engagement Metrics generally are response rates to external
community members. And close rates on issues and PRs. This is the last month
over our repositories.
Only two issues closed and
- Metrics are in the engineering meeting.
- He has a script and he can provide us with the script. There are some tools from Open Source companies. Gremlin (Chaos) has a tool Gremwar lab.
- Discussion of hosting this service so outside folks can see the .
- Aaron will post on the forum the different tools.
- Move people out of Slack and out of the Forum.
- Muneeb: Always be directing the discussion to the GitHub to keep the community focussed there.
- If a discussion in Slack is more than a one word focus.
- Jude would like to see further depth in the metrics so he can be a better maintainer.
- Muneeb: I think this is a good check for how engaged our community is. If you are truly operating as an open source project, you do these things online in an open meeting. Posting the meetings. Asking favors can result in more involvement.
- Jeff: Sometimes it is good to ask people to build things or do things.
- Virgina: We need to be aware that App Mining.
- Jude: Do we tell people that sign up for App Mining get information about this meeting? No was the answer.
- We should maybe attend other open source meetings to find out how they are run.
ACTION ITEM:
- Mary creates a how to use this Forum/Slack/GitHub post and pins it.
Scoped Gaia Auth Tokens Discussion
These would allow admin of an organization give a token that allows users to
write to a specific path. This would allow you to easily manage collaborative.
Reduces management by the app of coordinating among individual repos. This is a
scoped Gaia API key.
Aaron: Agrees with use case 1 not the second. For the second, he sees that a user who
controls a single Gaia hub could use the whitelist feature to get this than a
scoped.
Hank: Discusses the Graphite case…and he sees that it is possible that whitelist is possible solution yes.
Larry: This is hitting to an API/end point we haven’t documented in the past.
There is no doc or discussion around this API — it has been a private thing.
ConnectToGaiHub is private…we should leave it that way until we have a cleaner
API implementation. Also we need to have a way to revoke these.
Larry/Hank: Both want to talk about this further.
Aaron: We need to think through how we want people to work through GAIA if they aren’t just doing gets/puts.
Larry: It isn’t clear how this fits into the “when” should you do this.
Aaron: The API we present needs to show how to use it. Also, the concept of
scoped auth tokens as it exists now is problematic because they can’t be
revoked. We should address these separately.
Larry: Thinks these issues belong in the same discussion, not separate.
Virgina: Maybe we should encourage people to give them out if we can’t revoke
them. Same vein, users can’t delete their account. Gaia needs to allow users to
view and delete their own data. We need to think about this in general. We are creating some residual issues.
Ken: Has concern about these scoped tokens. Between the Gaia and account data — what are t…
Jude: There is a case where users don’t have Gaia storage. For enterprise case
not all employees will have a GAIA hub. In enterprise, you want a company or
dept hub.
Aaron: EAch of these employees would have a different keys. Why would you use scoped tokens there?
Jude: It is more a dev env management problem. YOu want your employees to all
have something the company controls.
Aaron: The server is the central…the hub is on a company machine. Each
employees bucket is on that company server. There are a variety of use cases
with a token.
Jude: I may not have communicated the case well enough. MIsos and Graphite –
they are trying to integrate with third party external services. Your service
can use their bucket but the company won’t have the data. Or you can have
solutions that allow the service to integrate with the company’s hub.
Aaron: This is a valid use case. Scoped tokens in the regular interent is
basically for creating robot XXX. The association token it makes it so you can
whitelist one address on a Gaia hub. This allows only these addresses to write
to the Hub. Each hub manages multiple buckets. To write to a bucket you need
the key. EAch application writes to a specific bucket. The whitelist says only
the following keys can write at all. Thsi limits the number of buckets. As a
user, you don’t want to write each app address to the whitelist. So, what he
does is allow users to associate apps with a single key on the white lists(sic).
Assocation keys are meant to be used in an authenticator app — programmatically.
Jude: Brings up OKR 5.4 and …
Aaron: My understanding was that OKR was limited in scope.
Jude: If we are modifying the browser already…this maybe only one or two lines to do. We only need to do a quick PR
Jude/Aaron: Already discussing this
Virgina: Do we need to clarify the intended use case.
Aaron: Yes. Some of these tokens are not intended to use it all.
Mary:We should mark things people shouldn’t be using as private so people know if they use them they are at risk, we can deprecate or change.
Virgina: We will take a stab at.
Aaron: The takeaway is we should continue to have this feature marked private. We should decide if we need to have this feature at all.
LarrY; We probably want to expand this meeting it there is more than two topics of signifigance.
There are two topics.
- Revocation.
- …
The other issues are linked and there was a discussion on the PR. There needs
to make a more product led approach to our API. We need to make sure we have
discussion.
Virgina: Even in our GAIA meeting there is just 6-7 new meetings.
Mary: Maybe we need to have Roadmap for our projects? That way we at least know the direction.
Virgina; Issues keep coming up in meetings. If we had a Roadmap if we had that might keep it from getting to feature happy.
Ken: I think we also need a Roadmap for Blockstack Js and SDKs.
Larry: Ken you are going to be taking the lead on that from Muneeb.
Ken: Yes, that is correct.