Early Bird Registration for DrupalCon Atlanta is now open! By registering during our Early Bird Registration window, you’ll save $100. This window ends on 19 January 2025 and will go by quickly, so don’t wait!This meeting:
➤ Is for core developers, initiative contributors, the Drupal Association and anyone interested in the initiative.
➤ Usually happens every other Tuesday at 1700 UTC.
➤ Is done over chat.
➤ Happens in threads, which you can follow to be notified of new replies even if you don’t comment in the thread. You may also join the meeting later and participate asynchronously!
➤ Has a public agenda anyone can add to
➤ *Transcript will be exported and posted* to the agenda issue. For anonymous comments, start with a :bust_in_silhouette: emoji. To take a comment or thread off the record, start with a :no_entry_sign: emoji.
:zero: Who is here today? Comment in the thread below to introduce yourself and tell us why you are joining us.
:one: Do you have any topics to propose for the meeting today? Feel free to propose them in this thread, and then I will give them their own unique threads for discussion. Conversation moving slow? Go ahead and open your own thread in the next numeric order.
0️⃣ Who is here today? Comment in the thread below to introduce yourself and tell us why you are joining us.
| hestenet (he/him) | Tim from the DA getting things organized. |
| tedbow | Ted from Acquia |
| drumm | :wave: |
| xjm | :wave: Getting caught up |
| Kristen Pol (she/her) | Kristen, just crossed the Oregon => California border, seeing what ya'll have been up to |
1️⃣ Do you have any topics to propose for the meeting today? Feel free to propose them in this thread, and then I will give them their own unique threads for discussion. Conversation moving slow? Go ahead and open your own thread in the next numeric order.
2️⃣ Rugged: Status and Follow-upsContrib endpoint: https://packages.drupal.org/8/Core endpoint: https://packagist-signed.drupalcode.org/https://drupal.slack.com/archive... (edited)
2️⃣ 1️⃣ The core endpoint above is a Satis mirror of all of:https://packagist.org/packages/drupal/We have a few things to address:Satis performance/completing the backfilling/signing of this dataBin sizes - this is also going to include recipes and other general projects.(edited)
| hestenet (he/him) | @drumm Can you maybe speak a bit more to the state of the satis situation? |
| hestenet (he/him) | Part of the satis issues seem like they may be related to GitHub rate limiting and timeouts - that's being investigated by @Max Whitehead |
| drumm | And/or DNS resolving issues, or memory/etc constraints |
| xjm | Off-topic: I read "Satan's mirror" instead of "Satis mirror". |
| hestenet (he/him) | :rolling_on_the_floor_laughing: :devil: |
| Kristen Pol (she/her) | I just drove by Satan's lake today so that's on topic (a bit late) |
2️⃣ 2️⃣ Rugged follow up issues:https://gitlab.com/rugged/rugged/-/issues/192 securesystemslib includes non-compliant `keyid_hash_algorithms` property when generating key IDshttps://gitlab.com/rugged/rugged/-/issues/191 Reset processing targets batch on bootNice to have - https://gitlab.com/rugged/rugged/-/issues/149 Clean up more completely when targets containing empty directories are processedPlus: Would like to exercise a key rotation. (edited)
3️⃣ Updating PHP-TUF / AutoUpdates contrib to use the new signed endpointsIt worked with the contrib endpoint. In a holding pattern on the core endpoint because of the satis issues noted in 2️⃣ 1️⃣ (edited)
| tedbow | We still to make sure this is very solid before turn this on by default and require TUF.BecauseIf there are problems with the drupal.org TUF endpoints that stops an AutoUpdate of a critical security update from happening then if could be argued the site is less secure than if they didn’t have TUF at all(and they got the update)TUF validation happens on the Composer level so if there was problem with the drupal.org endpoint then the site could not do any Composer operations at all not just Package Manager operationsSo far we have really only had 1 day where we haven’t a problem using both endpoints so we need to test more. Maybe a scheduled GitHub workflow on https://github.com/php-tuf/drupal-project could help prove it is working consistently |
Comments
Comment #7
hestenet