cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists

Release Meeting: 22 Jan 2018

Details

General status.

1. Task review

2. Development Discussion

3. Next release

Patch release 2.1.5

  • Release from: Release02x01
  • Beta start:
  • Release target:

Feature release 2.2.0

  • Feature Freeze: 01 Dec 2017
  • Release from: master
  • Beta start:
  • Release target:

4. Community Events

  • Joint "Wiki-Based Projects" booth at FOSDEM 2018 together with TikiWiki, XWiki and DocuWiki

Next meeting - - Monday 05 Feb 2018 1300Z — ReleaseMeeting02x02_20180205

Please review and be prepared to discuss FeatureProposals and ReleasePlan

IRC Log

(08:01:23 AM) gac410: Hi all ... Time for our release meeting.
(08:02:11 AM) zak256: Hello! I will attend more or less passively again.
(08:02:22 AM) MichaelDaum: Hi there
(08:05:21 AM) gac410: I thought I was going to be telling you all that I built 2.1.5 yesterday.
(08:05:40 AM) MichaelDaum: thats awesome
(08:05:49 AM) gac410: But I installed a new perlbrew, and found a number of unescaped { braces
(08:06:07 AM) gac410: Looks like they keep tightening up the parser.
(08:06:47 AM) gac410: I just pushed the fixes. ... Also tried 5.10 and found compile errors in UpdatesPlugin
(08:07:02 AM) MichaelDaum: seen it.
(08:07:21 AM) gac410: So I did a bunch more testing ... so far it still looks release worthy
(08:07:40 AM) MichaelDaum: however the checkin mentions 5.10, whereas the task is about 5.27.8
(08:07:51 AM) gac410: Ya. I cheated.
(08:08:19 AM) MichaelDaum: tststs
(08:08:34 AM) MichaelDaum: btw 5.10 is terribly insecure: see CVE-2017-12883, CVE-2017-12837
(08:09:12 AM) gac410: The bulk of the changes were the unescaped {. Well. We still officially claim compatibility with 5.8.8, but I can't even get that one to compile.
(08:09:34 AM) MichaelDaum: nobody should really be using perl < 5.26.1 ... or only when the distribution backported fixes for above CVEs.
(08:09:58 AM) gac410: I have 5.8.9, it has other problems. One test uses // if-defined perl op.
(08:10:24 AM) MichaelDaum: we can't be serious about 5.8.8 for foswiki 2.x
(08:10:50 AM) MichaelDaum: unicode received loads of important fixes in 5.22
(08:11:10 AM) gac410: I agree with you. But we've never officially said we don't support it, so I can't just walk away from it.
(08:11:35 AM) MichaelDaum: can we raise the bar here, please?
(08:12:25 AM) gac410: I think we had a feature proposal that we agreed on bumping it in the next *major* release 3.x I don't recall now.
(08:12:47 AM) gac410: It's a pain. I'd rather delete the old perlbrews
(08:13:16 AM) MichaelDaum: sure
(08:13:26 AM) zak256: I have no problem using something newer as requirement and don't think it should be that much of a problem. If it compiles on 5.10, maybe set this as requirement?
(08:14:06 AM) MichaelDaum: thats really not enough for foswiki-2.x
(08:14:07 AM) gac410: well to make unicode code work well, we ought to be up in the 20's for sure.
(08:14:48 AM) zak256: That would be the recommenden version then I guess?
(08:15:19 AM) zak256: The minimal required version should be the one that is absolutely necessary I think.
(08:16:04 AM) MichaelDaum: 5.22.1
(08:16:47 AM) zak256: Ok... then 5.22.1 it should be.
(08:17:08 AM) ***gac410 needs to dig back through the old feature proposals. I guess it depends on how you define "Absolutely necessary" ... Performance? Compiles? Features?
(08:17:31 AM) MichaelDaum: Security?
(08:18:01 AM) zak256: compiles=yes, features=all the default features which are included should work, yes
(08:18:10 AM) zak256: performance... not necessarily
(08:18:50 AM) gac410: Well compiles and features "work" ... perl 5.8.8 still works ... mostly :P
(08:18:54 AM) zak256: security: I think we shouldn't consider perl CVEs, that's a matter of the perl installation. If someone has an old perl version with backported fixes, that should work
(08:18:55 AM) MichaelDaum: but yea, we can be more specific here: perl-5.10+ is fine, per-5.22.1+ is a major performance improvement, 5.26.1+ fixes important security problems
(08:19:04 AM) gac410: https://foswiki.org/Development/RequirePerl510From2017x03 is the most recent
(08:19:36 AM) zak256: I used Perl 5.16 for some time and it worked, although performance was better with the newer perl
(08:19:59 AM) MichaelDaum: right. so why not bring these infos to the users.
(08:20:18 AM) vrurg: Hi all
(08:20:33 AM) zak256: The important thing is: People who want to setup a new Foswiki need that information to see if they can install it. If they have an environment with perl 5.16 they need to know, that they _can_ use foswiki, although not with the best performance.
(08:21:12 AM) gac410: We did agree on some updated language in 2.1 iirc. looking...
(08:21:15 AM) gac410: Hi vrurg
(08:21:47 AM) zak256: I agree with MichaelDaum: Just give exactly this information to the users.
(08:23:45 AM) gac410: SystemRequirements states: "5.8.8 or higher. A minimum of perl 5.12 is recommended." :(
(08:24:03 AM) zak256: Can't we just update that for 2.1.5 ?
(08:24:39 AM) gac410: We are so dependent upon the distros. In theory, we only make requirements changes in minor/major releases. A "patch" should never break your system by introducing external requirements.
(08:25:04 AM) MichaelDaum: okay so then lets reserve this for 2.2.0
(08:25:12 AM) zak256: I agree.
(08:25:25 AM) gac410: We really need to add a "use 5.12" or some such, to force perl to use unicode strings
(08:25:27 AM) zak256: Are there so many changes then in 2.1.5 ?
(08:25:30 AM) MichaelDaum: btw gac410, can you check in fixes in Item14605 to master as well? thanks.
(08:25:54 AM) gac410: Yes I just did the push while I was waiting for coffee. ;)
(08:25:59 AM) gac410: Now I need to merge
(08:26:47 AM) gac410: Ask and ye shall receive
(08:27:22 AM) MichaelDaum: yay
(08:27:45 AM) MichaelDaum: thanks
(08:28:02 AM) gac410: The perl issue is two-fold. 1) What are the major distributions shipping in their current releases. And 2) How much time is left on their supported "LTS" versions.
(08:28:23 AM) gac410: RedHat is the one that kills us
(08:29:17 AM) MichaelDaum: RedHat has an interesting approach to CVE-2017-12883: https://bugzilla.redhat.com/show_bug.cgi?id=1492093 says "wont fix" ... oh-kay
(08:30:01 AM) MichaelDaum: same for CVE-2017-12837: https://bugzilla.redhat.com/show_bug.cgi?id=1492091
(08:30:30 AM) zak256: It says "Perl as shipped in Red Hat Enterprise Linux 7 and older have not been found to be vulnerable."
(08:31:18 AM) zak256: and "This issue does not affect perl versions older than 5.18. Perl as shipped in Red Hat Enterprise Linux 7 and older are not affected by this vulnerability."
(08:31:45 AM) gac410: y, In this way, by staying really back-level, they avoid recent security issues, but suffer the performance issues.
(08:31:58 AM) zak256: yes... unfortunately :(
(08:32:13 AM) MichaelDaum: checked distro watch: their newest perl is 5.16.3 in RHEL-7.4
(08:32:30 AM) MichaelDaum: so their perl even is not recommended for proper unicode
(08:32:33 AM) zak256: yes, we use that here. That's why I got my own Perl
(08:33:03 AM) MichaelDaum: me too even though I am on ubuntu
(08:33:22 AM) zak256: The fact is: This is in the end not a Foswiki issue, but a Perl or distribution issue.
(08:34:54 AM) gac410: Anyway, the bigger decision for 2.2, is when do we change the "use" statement to force true unicode strings throughout
(08:35:05 AM) MichaelDaum: maybe I can find some perl core devs on the FOSDEM. will bring it up.
(08:36:24 AM) gac410: https://foswiki.org/Development/RequirePerl510From2017x03 has some recommendations, that we use v5.16.3 starting in Foswiki 3.0
(08:37:04 AM) gac410: Ah... I need to bring up a possible bug :(((
(08:37:25 AM) MichaelDaum: gac410, 2.2.0 seems to be the right scope for that change, he says not knowing what would break then. :|
(08:37:51 AM) gac410: https://trunk.foswiki.org/TestCases/TestCaseEditTableAllFieldTypes
(08:38:28 AM) gac410: clicking the "stain" for the Mood (radio button) and check (checkboxes) cells don't work.
(08:38:53 AM) gac410: You get a rendered edit cell with no or incorrect selected elements.
(08:39:01 AM) gac410: I'm not sure when this broke.
(08:39:28 AM) gac410: I was trying last night to check it out on older foswiki, but didn't get very far
(08:40:18 AM) gac410: Edit row, and edit the whole table both work fine.
(08:42:32 AM) MichaelDaum: there are subtle javascript errors
(08:43:26 AM) MichaelDaum: edit a cell on the last row, cancel out, leave the table to the bottom, enter the same row, no yellow edit corners, hovering over another row and then back brings it back
(08:43:29 AM) MichaelDaum: sux
(08:44:13 AM) gac410: y, ERP does have its issues.
(08:44:46 AM) vrurg: MichaelDaum: it also incorrectly handles <th> in a data (not header) row. Fixed in my patch.
(08:45:08 AM) gac410: The bigger question... What does this discovery do for 2.1.5. I need to open a task. but is it a new issue that should block 2.1.5, or do I finally release the darn thing.
(08:45:23 AM) uebera||: Hi there. gac410: Is the mood icon supposed to change without clicking on the disk icon?
(08:45:59 AM) uebera||: (because that works.)
(08:46:00 AM) gac410: The mood should reflect the "radio button" selected in edit.
(08:46:24 AM) gac410: If you clikc the stain, you should see one radio button highlighted. I get none.
(08:46:51 AM) gac410: On the "Check" column, clikc the stain, should show 3 of 4 checkboxes selected. I get only A checked.
(08:47:03 AM) gac410: Full table edit and full row edit though appear to work ine.
(08:47:05 AM) gac410: fine
(08:48:29 AM) uebera||: yes, I see the same.
(08:49:04 AM) gac410: hm i was going to say please don't save :( That will put our git sources into conflict I suspect, since we don't commit from t.f.o. I'll ssh in and revert later :D
(08:49:22 AM) uebera||: Sorry, we can delete r2.
(08:49:43 AM) gac410: nah... I'll just do a "git checkout" later
(08:50:31 AM) uebera||: I thought t.f.o was overwritten every 15mins?
(08:50:50 AM) ***uebera|| needs to reread the documentation.
(08:50:57 AM) MichaelDaum: got a phone call coming up in 10 mins. will check back later. wrt release: gac410, if you like to create a blog posting unpublished I can look over it pimping it up a bit, maybe another image.
(08:51:18 AM) gac410: Okay. So 2.1.5 is a go. Ignore the ERP issues?
(08:51:43 AM) uebera||: Can we add avahi-daemon to the VM for 2.1.5?
(08:51:49 AM) MichaelDaum: yes. we can publish fixes later in between releases always.
(08:52:23 AM) zak256: If this can be solved for 2.1.6 then, I am for a release.
(08:52:23 AM) gac410: uebera||: Y, however I have not started to refresh the VM yet. That takes a bit more effort.
(08:52:43 AM) uebera||: No problem, I can help you test it later on... it's not urgent. ;)
(08:53:38 AM) gac410: re trunk. I'll have to look at the code again, but we are selective, we don't do a full overwrite of the sources.
(08:53:52 AM) uebera||: I see.
(08:59:10 AM) gac410: Okay. I've fixed it up from the shell. Found another topic that was "both modified" as well.
(09:01:17 AM) gac410: Anyway, we are at an hour. ... anything else for release meeting? We didn't really touch on 2.2.
(09:04:52 AM) uebera||: Not from my side.
(09:05:36 AM) vrurg: Neigher from my.
(09:05:44 AM) zak256: no
(09:06:01 AM) gac410: Okay, lets wrap it up. I'll get 2.1.5 built today, We can let it soak on foswiki.org for 24 hours and then publish the announcements tomorrow.
(09:06:07 AM) gac410: Thanks everyone
(09:08:09 AM) vrurg: Thanks!
(09:08:56 AM) uebera||: Thanks!
(09:09:44 AM) gac410: uebera||: I'll try to catch you later regarding avahi-daemon. Do I need to configure it, or is it just an apt-get install and done.
(09:10:41 AM) uebera||: Sure. It should be enough to install the package, deploy the two definition files I mentioned a few days ago, and maybe add http://foswiki.local as valid hostname so it works out of the box.
(09:10:58 AM) uebera||: --> https://media.projektzentrisch.de/temp/avahi.tar.gz
(09:11:53 AM) uebera||: (The second file is for https; not sure this is set up, but we could add it as well.)
(09:15:20 AM) gac410: We don't have https configured I don't believe. Trying to keep the setup simple
(09:15:32 AM) uebera||: Then we only need the http file ;)
(09:16:20 AM) gac410: vrurg, you mentioned the ERP issue with <th> ... is there a task for that one?
(09:16:42 AM) gac410: I just opened Item14606 for the edit issue
(09:18:18 AM) vrurg: No, I didn't have much time back then to make another task. As it was primarly targetting the drag button (it is showing in incorrect position) I included the fix into the patch.
(09:19:17 AM) vrurg: I'm currently finishing a local work project and hope to get back to the flickering issue of the patch.
(09:19:42 AM) gac410: Okay y, Item14537 shakey table.
(09:20:39 AM) vrurg: <th> problem is simple: ERP doesn't consider it a cell thus just skipping it always.
(09:21:50 AM) vrurg: But a *bold* table cell produces <th>. Basically, to my view, use of CSS font-weight would be more correct.
(09:27:50 AM) gac410: y our table handling is quite archaic
(12:03:29 PM) MichaelDaum: gac410, see https://blog.foswiki.org/Blog/Foswiki215IsReleased ... looking up some image material to add to the posting
(12:05:27 PM) gac410: Looks good MichaelDaum ... thanks.
(12:05:52 PM) MichaelDaum: removed For users... For admins headings
(12:07:13 PM) ***gac410 needs to go look at translation status. Maybe we ought to ack the 100%ers
(12:08:57 PM) uebera||: [off] The "2.1*er* series" somehow sounds German to me.
(12:09:43 PM) gac410: y. I tend to overlook things like that. Gives it an international flair ;)
(12:16:56 PM) MichaelDaum: do we still provide a download from sourceforge or github only?
(12:17:25 PM) gac410: I have not uploaded sourceforge yet. But I will eventually get to it.
(12:27:12 PM) MichaelDaum: omg fontawesome 5.0.4 is out
(12:42:47 PM) uebera||: [off] Is that a Christmas tree in the background of the picture? ;)
(12:43:25 PM) MichaelDaum: sure :D
(12:43:54 PM) MichaelDaum: Foswiki: the perfect xmas present.
(12:44:58 PM) MichaelDaum: gac410, uebera||, let me know when you are done fixing the posting and that it should go public. I'll put it on twitter and facebook afterwards.
(12:47:16 PM) gac410: I guess we could say that 19 extensions are updated in this release? (6 more to go with uploading)
(12:48:57 PM) uebera||: Yes, I'd add that (because that's what the banner says atm :o).
(12:48:59 PM) gac410: Chinese (Taiwan), French, Italian, Ukrainian are at 100% translated.
(12:49:32 PM) uebera||: Do we add a link first for "You may download either from http://en.wikipedia.org/wiki/Special:Search?go=Go&search=][Soureforge" or do we silently change it afterwards?
(12:50:05 PM) gac410: Czech, Danish, German and Klingon are 90%+
(12:50:22 PM) uebera||: Strange. '[[' gets modified by Konversation?
(12:52:37 PM) gac410: uebera||: Best to point to Foswiki:Download. That will have links to our preferred and alternate locations.
(12:55:19 PM) uebera||: So maybe change the announcement to ``You may download it from different locations, see [[https://github.com/foswiki/distro/releases/download/FoswikiRelease02x01x05/][our download page]] for details.´´
(12:56:13 PM) gac410: No.... See https://foswiki.org/Download/FoswikiRelease02x01x05
(12:56:41 PM) gac410: The Download web is where we always have the latest info / pointers
(12:57:59 PM) uebera||: gosh, of course.
(12:58:22 PM) uebera||: corrected.
(01:06:32 PM) uebera||: The announcement looks good to me, but maybe George wants to have a look.
(01:07:50 PM) uebera||: Once the the blog entry if public, I'll post an announcement to the XING Foswiki group as well.
(01:08:35 PM) gac410: The extensions are all uploaded. ... I hope ;)
(01:10:22 PM) zak256 left the room.
(01:44:45 PM) gac410: I'll use the blog page as the start for the announcement email.
(01:51:29 PM) ***uebera|| forgot to modifiy the meta description (saw it after I posted to the XING Foswiki group). I take it once we touch it now it gets republished? (I'll keep my hands off it…)
(01:51:56 PM) gac410: er... Meta descriptioni in what?
(01:52:16 PM) uebera||: Of the blog post.
(01:52:47 PM) uebera||: (you see these on the "SEO" tab.)
(01:53:53 PM) ***gac410 doesn't really follow all that stuff. Looked at raw=all view to see what you were talking about
(02:56:33 PM) gac410: uebera||: You said to add foswiki.local as a valid hostname. Where do you want that? /etc/hosts? or in the Foswiki LocalSite.cfg or ???
(02:57:00 PM) uebera||: No, that's in configure (valid aliases for the host name).
(02:57:15 PM) uebera||: So, yes, LocalSite.cfg ;)
(02:58:33 PM) gac410: okay so http://foswiki.local ... hm.... That's already the DefaultUrlHost. Nothing to change,.
(02:59:03 PM) uebera||: Ah, great. I thought it was empty.
(03:19:49 PM) MichaelDaum left the room (quit: Quit: quit).
(03:36:30 PM) gac410: The vmware image is uploading to github now. It will take a whie.
(03:57:29 PM) uebera||: Unpacking it now...
(03:58:08 PM) gac410: great. Let me know how it goes. If it is okay, I'll upload it to sourceforge too and change the download topic.
(04:06:31 PM) gac410: btw uebera|| ... if you have any ideas on stuff to remove to shrink the vm a bit more, please let me know.
(04:06:58 PM) gac410: I've got a script in the root user that "cleans" the image
(04:07:00 PM) uebera||: Using VirtualBox on Linux, "http://foswiki.local" works but shows an Internal Server Error.
(04:07:36 PM) gac410: damn. Let me boot it again. Did I miss some ownership changes on the var/www/foswiki directory?
(04:09:05 PM) uebera||: Hm, the ownership looks ok.
(04:13:25 PM) uebera||: Sorry, seemed to be a local problem. The test machine is too slow ("mod_fcgid: read data timeout in 30 seconds"). If you keep refreshing, it works.
(04:13:58 PM) gac410: strange. I've never run into anything like that.
(04:14:44 PM) uebera||: Well, the MacMini I use is very slow and also I made the mistake to run "dpkg-reconfigure keyboard-configuration" in parallel which rebuilds the kernel.
(04:15:05 PM) uebera||: I forgot that the image has ssh which accepts login via password.
(04:15:10 PM) ***uebera|| is not used to that ;)
(04:15:45 PM) gac410: y. no sense trying to use ssh keys on a demo vm like this.
(04:15:57 PM) gac410: Comes right up for me. First hit on web server, maybe 2 seconds.
(04:17:00 PM) uebera||: As it should be. Looking good. :)
(04:17:35 PM) gac410: Did the foswiki.local part work. Thats something I'm not prepared to test.
(04:18:00 PM) uebera||: Time to retire the MacMini Late2009 within the next months (Intel NUCs are so much faster nowadays).
(04:18:06 PM) uebera||: Yes, that's what I tried first.
(04:19:54 PM) gac410: great
(04:24:13 PM) uebera||: Regarding the shrinking, we can compare the list of packages once the vagrant test setup based on ubuntu-minimal works here.
(04:25:14 PM) gac410: okay. At least it didn't grow at all this time.
(04:27:58 PM) gac410: Uploading to sourceforge now
(05:09:14 PM) gac410: btw uebera|| If you want to feed back anything into my vm build process, see https://foswiki.org/Development/VirtualMachineImages
(05:33:20 PM) uebera||: thx, I will have a look at that.

Topic revision: r1 - 05 Feb 2018, GeorgeClark - This page was cached on 21 Sep 2018 - 13:31.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy