TC Meeting - 2016-12-16

• Participants
• Minutes
  • OpenPaas license
  • New project joining conditions
  • Ongoing discussions with TecLib
  • New user management service
  • GitLab
  • Management of binaries and images
  • OSCAR
  • GSoC 2017
  • CROSSMINER
  • STAMP
  • FOSDEM booth
• Next meeting

Participants

• Marc Dutoo MDU
• Daniele Gagliardi DGA
• Martin Hamant MHA
• Stéphane Laurière SLA
• Marius Matei MMA
• Clément Oudot CLO
• Jean Parpaillon JPA

Minutes

OpenPaas license

• Mail sent from the management office in July 2016 to Linagora CC OW2 board stating that OW2 can only accept projects which licences are approved by the OSI. As a course of action it was kindly suggested that Linagora submits the OpenPaaS license to the OSI by August 31st, otherwise the project will be moved to the archive. No answer was given by Linagora since then, hence the project is moving to the archive.

New project joining conditions

• The board decided that the projects backed by an organization now require that the organiation becomes a corporate member of OW2 for joining the OW2 code base.

Ongoing discussions with TecLib

TecLib is considering to submit GLPi to the code base. TecLib is maintaining other open-source software which would make sense in the OW2 code base: Armadito anti-virus, and KIMIOS DMS. Membership to be discussed.

New user management service

• Status: we're reaching the final steps.
• Pending: finalization of the membership agreement message and the registration types.

GitLab

• A dedicated VM is getting ordered to Xsalto for setting up a production instance of GitLab
• Cetic is also using GitLab internally for private projects (with great feedback), so is XWiki
• Projects and repositories management
  • MHA emphasizes that in GitLab one project = one git repo. Possibility to manage groups of projects. Something specific, and different of what OW2 knew from the old forge system, semantically speaking.
  • DGA: ENG adopted this (raw) schema: every client has its related group of projects
  • MHA: we'd like to let project leaders create new projects in their group / they need autonomy
  • DGA: one can set a limit on project number, just to have everything under control (if one project leader needs to add new project it should be possible to increase that number). At ENG, for every new (group of) project(s) we setup a group/namespace, and enable the project manager as the owner of that namespace. He can create new projects, with a default limit of 10 projects, but you can increase that size for each owner/project manager. We add other accounts, but project manager enables them to his "namespace".
  • DLE: by default, each user has its own namespace for projects (its login). That namespace is shared with group names. Projects in GitLab can be public, internal or private. As such, we probably need to enforce some rules like: only project leader can create groups, project leader should create the public project repositories in a group with the project name. That way, the user namespace can be used for contributions to the public project, or any other OW2 project.
• MMA: at PSA, subversion/Teamcity/sonarcube is used, to be replaced soon by GitHub and use Artifactory for binaries
• DGA points out it would be nice to set up a connection between GitLab and STAMP

Management of binaries and images

• SLA and MHA had a call with Vincent Massol @ XWiki for discussing the use of JFrog Artifactory and how it can replace and extend our Nexus Pro instance
• DGA: at ENG, Nexus Community is used
• SLA: pros we see in using JFrog Artifactory:
  • Vincent sees Artifactory as a kind of the new Nexus
  • Strong momentum
  • Provides stats for all artifacts (ie not only release files, but also indidividual dependendencies)
  • Manages all types of binaries: jar, war, rpms, ...
  • Would make the OW2 forge best of breed in terms of binary management
  • Cons:
  • Adds complexity in comparison to an integrated forge (ie binaries stored in GitLab)

• MHA: about releases / binaries in GitLab ? What is your process when publishing a new release with downloads , changelog, etc
• DGA: currently we aren't using this feauture. The PM and developers started to move to git just few months ago, and they are using GitLab just to manage Git repos so, the process to publish a new artifacts is made by the means of Jenkins. Jenkins builds, packages, and then publish binaries on Nexus.

• MMA: Artifactory is very powerfull but we should think also to containers repositories (Docker Hub like) as the docker image becomes the standard to exchange
• DGA: Gitlab has in integrated repository of Docker images, since version 8.8 https://about.gitlab.com/2016/05/23/gitlab-container-registry/
• SLA: UShareSoft UForge is working on this as well (AppHub partner): they provide images not only for Docker but many other container and Cloud formats

Actions:

• SLA to send a mail to the TC to discuss the idea of using Artifactory. NB: pro version would be needed for LDAP integration and Groovy scripts execution (needed by XWiki)
• If the TC approves, we would need to find a deal with JFrog to obtain the pro license. NB: MMA emphasizes that the price is quite high, so an agreement must be found. MHA points out we must understand how support will be provided in those conditions.
• MHA: We will need to learn how to  use it in the best way with the others tool / release process
  we would need the pro version for LDAP integration and Groovy scripts execution (needed by XWIki)
• MHA emphasizes the need to understand the level of support we would get.

OSCAR

• SLA: there is some uncertainty around the status of Antepedia Reporter that we used to run for checking vulnerabilities and originality issues
  http://antelink.com/ points to an online code source engine now, not to any downloadable software. We contacted the CEO to get some update,
  no news yet. We may need to choose a new provider for vulnerability check and originality check. Cedric suggested SourceClear and Palamida, whom he met at OSCON EU. Any other suggestion is welcome.
• See also:
  • https://www.sourceclear.com/registry/search#query=jonas
  • https://www.sourceclear.com/registry/search#query=asm
  • https://www.sourceclear.com/registry/search#query=ow2
• OSCAR backround work: update OMM especially on the following axis: integrate an Accessibility chapter, see if we can get closer to the CII Badge Model in some way, introduce the concept of Market Readiness Level, as suggested by Cedric, in a similar way as what the NASA proposes with the TRL - Technology Readiness Levels. To be discussed. DGA notices that CMMI is more focused on corporate processes, while MRL would be more on open-source govervance, engineering.
• DGA: the concept of "maturity" is very interesting... and wide... :-) our effort should be to bring it to OSS values
• New feature in progress in the OSCAR dashboards: we've added an "AppHub / Cloud deployment" tab to the project dashboards so as to promote and ease Cloud deployment (in progress). See for instance the Prelude AppHub tab (some links are broken though, work in progress)
• SLA: see also what Bitnami is proposing: https://bitnami.com/stack/gitlab

GSoC 2017

• JPA:  "Mentoring Organization Applications open on January 19th, 2017." https://developers.google.com/open-source/gsoc/
• MMA: seems applications will be open in March for students
• JPA: the timeline goes like this: mentoring org -> projects -> students

CROSSMINER

• New H2020 project, with the following abstract: "CROSSMINER aims to extend and scale the OSSMETER 1 platform, an open-source multi-dimensional quality assessment platform (code, communication channels and issues) for open source software projects. The vision of the project is to: achieve high-performance semantic analysis and quality measurement of multi-language open-source code in the presence of incompleteness and ambiguity (e.g. missing libraries, unsatisfied dependencies); identify new correlation and causality relationships between different quality dimensions of open-source projects, which will enable predictive analytics (e.g. prediction of the future evolution of open-source software); deliver a highly-distributed and fault-tolerant federated architecture that will support deep (IO, memory and CPU intensive) analysis, measurement and fact extraction from a wealth of data sources (code, DevOps artefacts, communication channels and issues) related to open-source software projects; bring knowledge extracted through the analysis of large volumes of open-source software back to software developers through deep but unobtrusive integration with contemporary Integrated Development Environments."
• DGA points out the possibility to have strong synergies with OSCAR
• OW2 will develop a use case and enhancing OSCAR along these axis, and showcase the improvements by focusing on a subset of selected projects.

STAMP

• DGA is consider to write a first sketch of notes about the infrastructure
• We'll discuss the project in greater details over the mailing-list and during the next meeting

FOSDEM booth

• OW2 will have a booth at FOSDEM 2017, to be held Sat 4 and Sunday 5 Jaunary: https://fosdem.org/2017/
• The more project leaders and community members can join and help driving the booth the better

Next meeting

• Fri. 13 January, 11:00am
• Topics:
  • GSoC 2017
  • User management
  • GitLab
  • STAMP
  • CROSSMINER
  • OSCAR
  • New best practice guides
  • Synergies with the Open Source School and with the Summer School organized by Xsalto
  • See more on the page meeting