17:01:25 <colindixon> #startmeeting tws 17:01:25 <odl_meetbot> Meeting started Mon Sep 28 17:01:25 2015 UTC. The chair is colindixon. Information about MeetBot at http://ci.openstack.org/meetbot.html. 17:01:25 <odl_meetbot> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:01:25 <odl_meetbot> The meeting name has been set to 'tws' 17:01:26 <colindixon> #topic agenda bashing 17:01:34 <colindixon> #topic agenda bashing 17:01:41 <colindixon> #undo 17:01:41 <odl_meetbot> Removing item from minutes: <MeetBot.ircmeeting.items.Topic object at 0x1d32490> 17:02:01 <colindixon> #link https://wiki.opendaylight.org/view/Tech_Work_Stream:Main#Upcoming_Meeting_Agendas the agenda would normally be there 17:02:19 <colindixon> #info however, this week we have Stephen Kitt presenting on how we can do a better job of external dependency managmenet 17:02:23 <colindixon> #Undo 17:02:23 <odl_meetbot> Removing item from minutes: <MeetBot.ircmeeting.items.Info object at 0x1d32f10> 17:02:38 <colindixon> #info however, this week we have Stephen Kitt presenting on how we can do a better job of external dependency management 17:03:36 <colindixon> #chair phrobb dfarrell07 tbachman 17:03:36 <odl_meetbot> Current chairs: colindixon dfarrell07 phrobb tbachman 17:06:11 <colindixon> #topic external dependency management 17:06:51 <colindixon> #info this is a follow on from phrobb’s section on good hygiene at the summit, which wound up being mostly about external dependencies 17:07:35 <colindixon> #info Stephen says that this is really about upgrading a bunch of our external dependencies since they are really, very old in a lot of cases 17:07:59 <colindixon> #info in addition, he’s discovered that there’s a lot of external dependencies which need to be removed since we no longer use them 17:08:22 <colindixon> #info in general, we will need to cascade things down from odlparent to yangtools and so on 17:08:59 <colindixon> #info we desperately want to move forward to get security patches, bug fixes, and in some cases fix licensing issues 17:09:44 <colindixon> #info e.g., we don’t have source for some of our external dependencies and moving forward would fix it, in other cases, e.g., JBOSS, newer licenses are more permissive, which is good for us 17:10:00 <colindixon> #topic how do we upgrade our dependencies 17:10:16 <colindixon> #info first, identify what needs upgrading 17:10:31 <colindixon> #info second, involve the projects starting at offset 0 and moving down the list 17:11:04 <colindixon> #info what approach do we want to take as to when we do it? at first Stephen wanted to do a big bang over the course of a week when we can focus on it 17:11:23 <colindixon> #info some of that has been broken off and already merged, but there’s still a lot left 17:11:32 <colindixon> #topic major concerns 17:11:54 <colindixon> #info we have some third-party source checked into repos, that’s really best avoided if we can possible make it 17:12:14 <colindixon> #topic infrastructure 17:12:26 <colindixon> #info ideally, we’d let projects keep making progress as the upgrade goes on 17:12:41 <colindixon> #info it seems like bumping SNAPSHOT versions allows for a way to do this 17:14:04 <edwarnicke> Is anyone else having issues getting into the webex? 17:14:21 <colindixon> edwarnicke: not that I can tell 17:14:28 <colindixon> https://meetings.webex.com/collabs/#/meetings/detail?uuid=M749G9M6E4A5JG72SD48WWG57F-9VIB 17:17:07 <colindixon> #info colindixon asks if this is using branches or just bumping, Stephen says that for now his plan was not to have branches 17:18:15 <colindixon> #link https://git.opendaylight.org/gerrit/#/q/status:open+project:odlparent+owner:%22Stephen+Kitt+%253Cskitt%2540redhat.com%253E%22 the patches so far 17:18:56 <colindixon> #info that is only part of the story 17:21:00 <zxiiro> OWASP 17:21:38 <colindixon> #info in the long-term, we’d like to have this be semi-automated, Stephen says that the work of interns (Abhishek, William on owasp), and CLM this could go a long way 17:22:28 <colindixon> #topic what’s next 17:22:46 <colindixon> #info Stephen says at the summit, he advocated just upgrading things and breaking everything for a bit 17:23:14 <colindixon> #info Now, he’s wondering if that will actually work in ODL, maybe just getting the dashboards up and running would be good first 17:23:37 <colindixon> #info also, maybe focusing on removing dependencies instead, would be a good idea 17:23:45 <colindixon> #info for example, on Eclipse packages 17:27:29 <colindixon> https://git.opendaylight.org/gerrit/#/c/26327/ 17:30:16 <colindixon> #info colindixon says he’d like to see us just merge the patches don’t break things, and then see us figure out what breaks for others and start hunting things down and fixed 17:30:31 <colindixon> #info edwarnicke asks if we should report individual things as weather events 17:34:15 <colindixon> #info colindixon asks if we have an idea of how to prioritize things, e.g., which ones have security vulnerabilities vs. missing source code vs. better license vs. just nice to upgrade 17:35:00 <colindixon> #info colindixon says his take would be to (1) merge the patches we think are fine, (2) figure out what other patches break things and how, and (3) what upgrades are how important 17:41:02 <colindixon> #info colindixon asks if we Stephen needs help 17:42:07 <colindixon> #info Stephen says he could use help in general, and particularly with external versions when they are not in odlparent 17:43:05 <colindixon> #info colindixon asks how somebody would help with that now, Stephen says he needs to send a mail, but the maven versions plugin is part of it 17:44:16 <colindixon> #info colindixon says he remembered us abandoning maven versions after Hydrogen because it didn’t work, edwarnicke says that he remembers it being unreliable 17:44:37 <colindixon> #info Stephen says combining maven versions, with owasp, and CLM for as good a picture as we can get 17:48:32 <colindixon> #topic next week 17:48:54 <colindixon> #info colindixon asks for topics for next week 17:50:03 <colindixon> #info nobody speaks up 17:50:05 <colindixon> #endmeeting