Early Bird Registration for DrupalCon Atlanta is now open! By registering during our Early Bird Registration window, you’ll save $100. This window ends on 19 January 2025 and will go by quickly, so don’t wait!This meeting:
➤ Is for core developers, initiative contributors, the Drupal Association and anyone interested in the initiative.
➤ Usually happens every other Tuesday at 1700 UTC.
➤ Is done over chat.
➤ Happens in threads, which you can follow to be notified of new replies even if you don’t comment in the thread. You may also join the meeting later and participate asynchronously!
➤ Has a public agenda anyone can add to
➤ *Transcript will be exported and posted* to the agenda issue. For anonymous comments, start with a :bust_in_silhouette: emoji. To take a comment or thread off the record, start with a :no_entry_sign: emoji.
:zero: Who is here today? Comment in the thread below to introduce yourself and tell us why you are joining us.
:one: Do you have any topics to propose for the meeting today? Feel free to propose them in this thread, and then I will give them their own unique threads for discussion. Conversation moving slow? Go ahead and open your own thread in the next numeric order.
0️⃣ Who is here today? Comment in the thread below to introduce yourself and tell us why you are joining us.
| hestenet (he/him) | Tim from the DA, kicking off these threads :wave::skin-tone-3: |
| tedbow | Ted from Acquia |
| lamech | Dan from Consensus. |
| ergonlogic | Christopher, from Consensus, recently back from leave |
1️⃣ Do you have any topics to propose for the meeting today? Feel free to propose them in this thread, and then I will give them their own unique threads for discussion. Conversation moving slow? Go ahead and open your own thread in the next numeric order.
2️⃣ The AutoUpdates endpoint is in production for both core and contrib :tada: - but there are follow-ups that will need some threads below.
3️⃣ Follow-up: Exercising a key rotation.
| hestenet (he/him) | @drumm and I need to schedule this soon - but we're doing the SSO window this week, so maybe next week. |
4️⃣ Follow-up: Rugged issues
| hestenet (he/him) | These are issues we've uncovered since taking this to production under the full scale of core and contrib:https://gitlab.com/rugged/rugged/-/issues/192 securesystemslib includes non-compliant `keyid_hash_algorithms` property when generating key IDshttps://gitlab.com/rugged/rugged/-/issues/191 Reset processing targets batch on bootNice to have - https://gitlab.com/rugged/rugged/-/issues/149 Clean up more completely when targets containing empty directories are processed. |
@drumm Is there any update on popularity-based binning for TUF? (edited)
| phenaproxima | It occurs to me that we could use both popularity binning and hash binning. Example — the top 50 modules have one bin. The next 50 are in another. Same with the next two groups of 50. After that, everything is just in hash bins. |
| drumm | I thought you found some good speedups in the client and hadn’t prioritized it. And I’ve been short on time with Drupal.org upgrades.Fewer hashed bins - straightforwardDelegations per-project - kinda hard, need to build support for that into Rugged.Delegations by popularity - kinda hard, and more complex integration since rugged is decoupled from Drupal.org’s DB, would be another integration point to communicate the binsAnd on top of that, any change either needs a week outage to re-sign everything, or an update to Rugged to allow TUF repo structure rearranging |
| drumm | How is the client side speed going in general? |
| phenaproxima | It’s…not too bad, but would be better to optimize more. |
| drumm | One thing I’d like to see is calculating the number of http requests there would be with each strategy to see how effective each would be, for the starshot demo and any other good test cases we have. As in get the list of URLs that will be requested and calculate where they’d fall with a few different numbers of fewer bins and the delegation strategies |
| hestenet (he/him) | What's 'not too bad' look like in the real world? |
| phenaproxima | @hestenet (he/him) That’s a good idea, finding some metrics. If I had an ordered list of the most popular modules, I could maybe (using the Starshot prototype as a model) tell you how many HTTP requests we were going to do. |
| drumm | You have one, but Slack is where thoughts go to be forgotten https://drupal.slack.com/archives/C02CRC4BZ0V/p1720800512896799?thread_t... |
| phenaproxima | Yeah, I remember that you sent one. Just needed to dig it up. Thanks @drumm! |
| ergonlogic | Re. metrics, please take into account the size of the various metadata file downloads. Hashed bins are meant to minimize overall bandwidth usage. |
Comments
Comment #7
hestenet