I2P Dev Meeting - March 06, 2016

<zzz> 1) VRP/H1/1119 <zzz> 2) 0.9.26 carryover <zzz> 3) Summer of X <zzz> 4) 27-29 deferred to next meeting <zzz> 0) hi <zzz> hi <str4d> hi <zzz> I'll explain 3) when we get there <EinMByte> Hi <zzz> 1) VRP/H1/1119 <zzz> http://trac.i2p2.i2p/ticket/1119 <zzz> has everybody had a chance to catch up and review this ticket? * str4d is about to post his comments <zzz> str4d overall thoughts? <str4d> Overall I think it is pretty good. I like the positive feedback we have had from people who do this kind of thing for a living :) <zzz> I think we're on the right track more or less <zzz> this ticket has been around for 2 years. you brought up H1 14 months ago. we've had anonimal's vrp process drafts since september <zzz> i think over that time, h1 has become pretty legit <str4d> I agree with zzz that the later points are overspecified, but I think the process and response sections (sections III and IV) are about the right level of specification <zzz> i have no remaining doubts about using h1 <EinMByte> Yes, although I've only followed the discussion from a distance, vuln. response should follow stricter procedures then now. H1 might be a good options for that. <EinMByte> s/options/option <str4d> I am also +1 on h1, for the reasons I have already outlined in the ticket. <zzz> str4d, you met katie of h1 a while back right? can you fill us in on that meeting? <z3r0fox> Hi <str4d> Yeah! I met her at Kiwicon 9 <str4d> I asked her about the tweet I posted, that arice responded to in the ticket <str4d> Turns out that arice actually emailed her a link to our ticket asking if his response was adequate, and she ended up reviewing the ticket on her phone while in another meeting :P <str4d> She also liked it :P <zzz> and what about the funded stuff and what tor's doing with them? <str4d> She mentioned that it was going to happen, and did indicate that we may be able to get in the same program <zzz> also, overall impressions of h1 the company after meeting katie? <str4d> I have yet to follow up on this, because 1) thesis, and 2) there is no point in going in any program if we don't then use h1 <str4d> zzz, very positive <zzz> anybody have any objections to using h1? <str4d> They appear to know their stuff, and Katie is certainly thriving there <zzz> can we flip the switch on h1 now to go live or what has to happen first? <str4d> If we go for h1, this is what I think needs to happen: <str4d> - We finish up the VRP and get it on the website <str4d> - We tidy up the copy text front page of the h1 page <str4d> (things like how we respond, what we consider in-scope etc.) <zzz> vrp must be before h1 live? <str4d> - We decide on the response team <str4d> - We move the sandbox into closed beta, where we have a few researchers invited <str4d> - Once we have had some time to get used to the platform, response volumes etc. we take it to open <zzz> you really think responses are going to start rolling in the day we flip the switch? <str4d> They could <str4d> Katie indicated to me there were a number of researchers who were very interested in helping open-source projects, if they could find them <zzz> can't imagine we need to have everything lined up. not like the researchers are going to start hacking on day one <zzz> especially if no money involved <zzz> closed beta means they have to let the in? <str4d> Yes <str4d> Essentially h1 invites maybe 10 researchers to be able to use our page <EinMByte> Do you have any idea who would be invited? <zzz> so putting the VRP and our response team aside for the moment, who's going to fix up our h1 page to get ready? str4d? <str4d> I don't recall the exact specifics <str4d> (whether we invite people ourselves through h1 or whether they find the researchers from the existing registered pool) <str4d> The idea is that then we don't get inundated with crappy tickets before getting used to how to respond to them <str4d> But IMHO it also helps us start to directly build relationships with a few researchers <zzz> do you have a sense of whether everybody is chasing after bounties on h1 or are the free ones getting a lot of reports too? <EinMByte> Sure, or at least with those that are using h1 <str4d> I don't personally have a sense of that <EinMByte> zzz: Is there a possibility of eventually oferring bounties? <str4d> But Katie indicated that there were definitely researchers who wanted to help FOSS projects if they could identify them <zzz> somebody is funding tor bounties now, so yes <sadie> I can help str4d on the h1 mainpage <str4d> thx sadie <EinMByte> I2P has reasonable savings, why not spend some of them on bounties <zzz> ok great, so sadie and str4d will work on getting the h1 side ready <str4d> EinMByte, yes we could go to bounties, but not initially IMHO <zzz> 1mb we certainly can if we want <zzz> anything else on h1 or can we move onto the vrp itself? <EinMByte> Let's see how it works out without bounties <str4d> And as mentioned above, there is now a program on h1 for funding bounties for FOSS projects <z3r0fox> Beta sounds like a good opportunity for team to develop public facing responses for if a really serious bug is publically disclosed <str4d> which we may be able to get into <zzz> last call for h1 <zzz> ok, lets look at the vrp itself in the ticket * str4d posts his comments <zzz> we're reviewing anonimal's draft from november <zzz> let's not go thru point by point though <zzz> overall impressions on the november draft and where we go from here? <str4d> <str4d> I agree with zzz that the later points are overspecified, but I think the process and response sections (sections III and IV) are about the right level of specification * zzz takes a minute to read str4d's comments <zzz> ok it seems like we are in general agreement that the november draft is a great start and we have rough agreements on the edits necessary <zzz> what I'd like to do is take the final stage of this from anonimal, that str4d and I will finish the edits and get it posted on the website, and round up a team <str4d> Sounds good <zzz> what do you guys think? <str4d> There are also the necessary tweaks now we are going for h1 instead of private Trac <zzz> any volunteers to help us work on the final version? <zzz> we don't want to get overly tool-specific (mtn, h1, etc) in the process. It should be high level enough to avoid most of that <str4d> True <str4d> And we will be iterating on it anyway <zzz> doesnt need to be perfect out of the gate <str4d> That is another reason for a private beta initially <zzz> ok str4d when are we going to have that done by? <sadie> vrp draft looks good <zzz> end of march? <str4d> sounds good <zzz> ok anything else on 1) ?? <zzz> moving on to 2) 0.9.26 revisited <zzz> any other comments? unfortunately I haven't updated the roadmap on the website yet <zzz> so i could hold up my notes to the camera <zzz> sorry i should have done the website. <zzz> I did get the last 3 meeting logs, including last thurs and fri., up on the website though <zzz> guess i will be doing that until kytv reappears <zzz> whenever our next meeting is, I will put .26 on the agenda to look at it then <zzz> anything else on 2) ? <zzz> ok moving on to 3) summer of x <zzz> str4d can you explain our idea please <str4d> The idea is that we focus development for three months on user- and developer-facing elements of I2P <str4d> ie. things that people might actually care about, rather than streaming tweaks ;P <str4d> And therefore things that are easier to do publicity on <str4d> The rough idea is: <str4d> - Summer of APIs: spend a month working on updating our libraries etc <str4d> - Summer of Apps: spend a month working on helping other projects use those libraries <str4d> - Summer of Plugins: spend a month working on our own apps and plugins <zzz> right, this is about growing the network through outreach and making apps (ours and other people's) better <str4d> Yep <zzz> my idea was, if we can get 5 more Vuze's, we'll be 5 times bigger <EinMByte> You might also want to add documentation to that <str4d> Plus there's the whole Summer of Code ethos that we can hook into online <EinMByte> no good API without decent documentation <zzz> a lot of times we see some project thinking about i2p but they dont know much and dont get any help <str4d> EinMByte, to the API parts, yes <zzz> agreed 1mb <str4d> ie. that would be on making our libraries and APIs as easy for devs to use as possible <z3r0fox> Sounds like a good campaign idea! Worth a shot <str4d> so e.g. updating txi2p, libsam etc. with SAMv3.3 <EinMByte> Supporting more languages? <EinMByte> More interfacing through existing libraries <str4d> Potentially, if we have the developers to help :) <str4d> EinMByte, yah <zzz> I'd like to sadie involved in this too with branding and outreach <EinMByte> I think str4d's work with twisted is great, would be nice to do more stuff like that <str4d> Fix the libtorrent support, try and get something into libp2p, etc. <zzz> summer of i2p, or i2p summer of fun, etc <EinMByte> i;e. do not write our own API from scratch but offer plugins for whatever framework people are using <str4d> EinMByte, exactly. <zzz> pushing sam 3.3, bringing all the various bridge libs up to date, documented, etc <str4d> Or if we do offer our own API, make it as simple as possible. That's what I like about libsam, it is two files that any project can bundle (or ideally, any existing library) <zzz> there's python and go and c and c++ and twisted and libtorrent and libsockets and and and... <zzz> we fix up other people's stuff and do pull requests to them <EinMByte> str4d: Agreed, APIs should be easy to bundle. It's a common problem for me <str4d> While that is ongoing, we can ask other projects if they want help getting I2P into their apps <zzz> why the heck doesn't libtorrent work? who can figure that out and get it fixed? <zzz> ^^ as an example <str4d> Then in the next phase of SoX, we then work on educating them and helping them use the newly-updated libraries and APIs <EinMByte> sounds good <str4d> It would be great to have buy-in with this from i2pd and kovri too, at least for the API part <str4d> since we want to end up with apps being able to use whatever I2P backend they want <zzz> i think we could get a lot of people excited here. I know psi is working on various libs <zzz> we need a list of all the messaging apps we want to target <str4d> And this is good for tying in with our existing outreach <EinMByte> If we get the right PR it might be a success <EinMByte> I want to create a simple C++ API for kovri, at some point <zzz> great 1mb <EinMByte> Then that API could be used from various programming languages. But this is a core API, not a client API (so use-case is somewhat different) <EinMByte> Pretty much it should allow any application to bundle the kovri core. <zzz> this would be a nice wholistic project to get everybody involved <EinMByte> Agreed <str4d> In my outreach todo list I have Tahoe-LAFS, IPFS, Tox, OpenBazaar, Zeronet... <zzz> ok how do we move forward with this <zzz> maybe sadie can give it a cool name <str4d> We essentially have until the end of May to plan this <str4d> (while .25 and .26 are released) <zzz> so after .26 <zzz> lets put this on the april 4 meeting agenda <EinMByte> Ok. <EinMByte> PR would have to attend, though <zzz> june: APIs july: apps aug: plugins <EinMByte> (so I think that's sadie, now?) <zzz> also could wrap this around HOPE <z3r0fox> I don't know many of the details obviously yet, but I'm not a terrible tech writer if anyone wants to assign me some grunt work <zzz> ok let's ask sadie to flesh this out a little on april 4 <sadie> zzz - I can take care of graphics/ content with str4d for outreach <zzz> ok <zzz> anything else on summer of x? <sadie> also, I will at Hope with stickers .. <str4d> Nothing from me :) <amnesia> Call it something other than Summer of X so it doesn't sound either non-descript, or like porn? <str4d> amnesia, X is a placeholder <str4d> (until we think of something better) <zzz> ok. as I said at the top of the meeting, I'd like to defer discussion of 27-29 and the bigger roadmap and goals for 2nd half '16 <amnesia> Summer of Targetted Development? <zzz> do we like these roadmap-specific meetings or not? should we do this again? <str4d> amnesia, a little long IMHO <str4d> We will think of something for the April meeting <zzz> send your ideas for 'X' to sadie or post somewhere <str4d> zzz, I like them <str4d> And speaking of <zzz> do we want another roadmap mtg in march? <sadie> zzz , can we put something on forum where people can leave suggestions for the "summer of" name? <zzz> yes sadie <str4d> The other thing I wanted to bring up was the longer-term roadmapping <EinMByte> zzz: Yes. We need more long-term <zzz> we got our .25 release next weekend so that will keep us occupied <zzz> maybe about 2 weeks from now for another roadmap meeting <EinMByte> Unless we plan that for later, but at some point it will need discussion <str4d> Sounds good <z3r0fox> zzz: I think they're good. Keeps focus <str4d> I want to suggest something for people to mull over <EinMByte> zzz: sure <zzz> want to go back to a tuesday 8 PM or do it on the weekend? <str4d> In parallel with the SoX, I would like to have another two parallel streams of development work <str4d> - Crypto migration <str4d> - UI overhaul <str4d> The blocker on both of these is research and design, not implementatino <EinMByte> Does crypto migration include NTCP2? <str4d> Yes <str4d> So while we are doing SoX implementation stuff, we are also doing reviews of the various proposals etc. <zzz> how is saturday March 19th <z3r0fox> +1 Weekends <zzz> 8 PM UTC Saturday March 19 <str4d> With a goal of having a plan ready to implement either during or after SoX <EinMByte> March 19 seems good <str4d> Likewise with UI, we need to start planning design work on that ASAP, because it will take a long time <sadie> march 19th works for me <zzz> ok sox == summer of x, got it <str4d> Yes (until we change it :P ) <str4d> Design stuff can happen in parallel with everything else, and then implementation could happen after SoX <str4d> It would be *so* nice if we could have a new UI in place for CCC <zzz> ok I will get an agenda up on zzz.i2p, plus the notes, plus the logs from todays meeting on the website <str4d> Anyway, stuff to think about <zzz> anything else for today's meeting? * zzz grabs the baffer <str4d> We can discuss more at next roadmap <sadie> baff it <str4d> March 19 works for me :) * zzz *baffs* it <zzz> thanks everybody