-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: added TC meeting minutes 2014-12-17 #178
Closed
Closed
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,91 @@ | ||
| # io.js TC Meeting 2014-12-17 | ||
|
|
||
| ## Links | ||
|
|
||
| * **Google Hangouts Video**: https://www.youtube.com/watch?v=7s-VJLQEWXg | ||
| * **GitHub Issue**: https://github.com/iojs/io.js/issues/163 | ||
| * **Original Minutes Google Doc**: https://docs.google.com/document/d/1PoqGfxpfTFKv5GcKmhMM2siZpPjT9Ba-ooBi-ZbYNi0 | ||
|
|
||
| ## Agenda | ||
|
|
||
| Extracted from https://github.com/iojs/io.js/labels/tc-agenda prior to meeting. | ||
|
|
||
| * Bundle tick processor with iojs #158 https://github.com/iojs/io.js/issues/158 | ||
| * Release Cycle Proposal #168 https://github.com/iojs/io.js/issues/168 | ||
| * Module search security #176 https://github.com/iojs/io.js/pull/176 | ||
| * Dealing with feature requests | ||
|
|
||
| ## Review of last meeting | ||
|
|
||
| * Move readable-stream to io.js and flip authoritative flow of code, docs and issues | ||
| * Soft deprecation of domains, accept PR #15 as last feature addition | ||
| * Caine, discussion continued on GitHub | ||
| * Project name is “io.js”, binary name is “iojs” | ||
| * Extending options from prototype, discussion continued on GitHub | ||
| * Promises statement for issue #11 | ||
| * Working with nvm, etc. | ||
|
|
||
| ## Minutes | ||
|
|
||
| ### Present | ||
|
|
||
| * Bert (TC) | ||
| * Chris (TC) | ||
| * Trevor (TC) | ||
| * Isaac (TC) | ||
| * Rod (build, facilitator) | ||
|
|
||
| ### Bundle tick processor with iojs #158 | ||
|
|
||
| https://github.com/iojs/io.js/issues/158 | ||
|
|
||
| * Bert: important because it’s tied to the version of V8, not practical to put it in npm because one is needed for each version | ||
| * Isaac: this is minimal and shouldn’t set a standard for just adding more stuff to core (i.e. keep core minimal), so +1 | ||
|
|
||
| +1 from Isaac, +1 from Bert, **no disagreement amongst group, consensus has been reached on bundling a tick processor with releases.** | ||
|
|
||
| ### Release Cycle Proposal #168 | ||
|
|
||
| https://github.com/iojs/io.js/issues/168 | ||
|
|
||
| * Bert & Isaac discussed how this feeds into the ability to have frequent releases. Discussed semver plays into this. | ||
| * Rod: consensus seems to be around having stability, predictability, lead-time but more frequent releases. | ||
| * **Bert: Move discussion to #168. Still premature to discuss here.** | ||
|
|
||
| ### Module search security #176 | ||
|
|
||
| https://github.com/iojs/io.js/pull/176 | ||
|
|
||
| * Limiting node_modules search path to $HOME as a top-level | ||
| * Isaac ~ -1 on this because EACCES already happens when you don’t have permission | ||
| * Isaac and Bert bikeshedded Windows C:\ writability and security on Windows. i.e. if someone can install code on a shared system above where a node application is running (e.g. C:\) then you could have untrusted code run by your application. | ||
| * Isaac: this PR is only addressing projects running in the home directory. | ||
| * Rod: module system is locked-down, TC needs to come to consensus that this is a _security_ issue and therefore warrants breaking it. | ||
| * Chris: `useradd node_modules` is a situation this could be a problem | ||
| * Isaac: not convinced this is a security problem, even the `useradd` situation requires root access on a system. | ||
| * Bert: this is an academic issue, it may _feel_ wrong but that doesn’t mean it’s strictly a security issue. | ||
| * Isaac: proposed the issue be closed as not a security issue. | ||
| * **No consensus that this is a security issue. Move discussion back to GitHub, potentially close issue, potentially bringing discussion back here. Encourage users to bring examples of real problems.** | ||
|
|
||
|
|
||
| ### Dealing with feature requests | ||
|
|
||
| * Bert: asking for discussion about what to do with feature requests that come up but aren’t clearly something that are wanted. | ||
| * Bert: should we put a time limit on feature requests? Would like some guidelines for how to deal with these. | ||
| * Chris: have already been putting a 4-6 day window before closing them. If there is no code then it’s easier to close. If there is code then there could be more discussion. | ||
| * Isaac: this is a broader problem about the roadmap-setting process. | ||
| * Rod & Isaac: It’s up to someone on TC (or elsewhere) to start coming up with a roadmap, or at least start the discussion. | ||
| * **Agreed to start a GitHub discussion on roadmap and soliciting feedback from the community.** | ||
| * Rod: in an open model, it’s up to TC and those with commit access to take the initiative to just close things, given enough warning and chance for discussion and better arguments. | ||
| * Isaac: builtins (like Blog of FileReader) are TC39 / WhatWG groups out there that are doing this at the language & V8 level and we pull from there. It should be straightforward to close those issues. | ||
| * Bert: the roadmap shouldn’t be about locking down the dev process and tightly limiting scope of what’s added. | ||
| * **Agreed that feedback to all contributors (including TC), regarding closing issues: close issues that are instinctively bad and worth closing (close can be undone), anything potentially controversial can be flagged with a “will close” but give ~ 1 week for discussion, disagreement, lobbying etc.** | ||
|
|
||
|
|
||
| ### Logos | ||
|
|
||
| * **Agreed that the release is the only _technical_ blocker from the TC’s perspective to a logo, so deferring discussion till then. Encourage interested parties from discussing this further on GitHub issue #37.** | ||
|
|
||
| ### Next meeting | ||
|
|
||
| * Bert proposed 2014-12-30 as next meeting time | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BloborFileReader?