#opendaylight-meeting: tws

Meeting started by colindixon at 17:01:25 UTC (full logs).

Meeting summary

  1. agenda bashing (colindixon, 17:01:26)
    1. https://wiki.opendaylight.org/view/Tech_Work_Stream:Main#Upcoming_Meeting_Agendas the agenda would normally be there (colindixon, 17:02:01)
    2. however, this week we have Stephen Kitt presenting on how we can do a better job of external dependency management (colindixon, 17:02:38)

  2. external dependency management (colindixon, 17:06:11)
    1. this is a follow on from phrobb’s section on good hygiene at the summit, which wound up being mostly about external dependencies (colindixon, 17:06:51)
    2. Stephen says that this is really about upgrading a bunch of our external dependencies since they are really, very old in a lot of cases (colindixon, 17:07:35)
    3. in addition, he’s discovered that there’s a lot of external dependencies which need to be removed since we no longer use them (colindixon, 17:07:59)
    4. in general, we will need to cascade things down from odlparent to yangtools and so on (colindixon, 17:08:22)
    5. we desperately want to move forward to get security patches, bug fixes, and in some cases fix licensing issues (colindixon, 17:08:59)
    6. e.g., we don’t have source for some of our external dependencies and moving forward would fix it, in other cases, e.g., JBOSS, newer licenses are more permissive, which is good for us (colindixon, 17:09:44)

  3. how do we upgrade our dependencies (colindixon, 17:10:00)
    1. first, identify what needs upgrading (colindixon, 17:10:16)
    2. second, involve the projects starting at offset 0 and moving down the list (colindixon, 17:10:31)
    3. what approach do we want to take as to when we do it? at first Stephen wanted to do a big bang over the course of a week when we can focus on it (colindixon, 17:11:04)
    4. some of that has been broken off and already merged, but there’s still a lot left (colindixon, 17:11:23)

  4. major concerns (colindixon, 17:11:32)
    1. we have some third-party source checked into repos, that’s really best avoided if we can possible make it (colindixon, 17:11:54)

  5. infrastructure (colindixon, 17:12:14)
    1. ideally, we’d let projects keep making progress as the upgrade goes on (colindixon, 17:12:26)
    2. it seems like bumping SNAPSHOT versions allows for a way to do this (colindixon, 17:12:41)
    3. https://meetings.webex.com/collabs/#/meetings/detail?uuid=M749G9M6E4A5JG72SD48WWG57F-9VIB (colindixon, 17:14:28)
    4. colindixon asks if this is using branches or just bumping, Stephen says that for now his plan was not to have branches (colindixon, 17:17:07)
    5. https://git.opendaylight.org/gerrit/#/q/status:open+project:odlparent+owner:%22Stephen+Kitt+%253Cskitt%2540redhat.com%253E%22 the patches so far (colindixon, 17:18:15)
    6. that is only part of the story (colindixon, 17:18:56)
    7. in the long-term, we’d like to have this be semi-automated, Stephen says that the work of interns (Abhishek, William on owasp), and CLM this could go a long way (colindixon, 17:21:38)

  6. what’s next (colindixon, 17:22:28)
    1. Stephen says at the summit, he advocated just upgrading things and breaking everything for a bit (colindixon, 17:22:46)
    2. Now, he’s wondering if that will actually work in ODL, maybe just getting the dashboards up and running would be good first (colindixon, 17:23:14)
    3. also, maybe focusing on removing dependencies instead, would be a good idea (colindixon, 17:23:37)
    4. for example, on Eclipse packages (colindixon, 17:23:45)
    5. https://git.opendaylight.org/gerrit/#/c/26327/ (colindixon, 17:27:29)
    6. colindixon says he’d like to see us just merge the patches don’t break things, and then see us figure out what breaks for others and start hunting things down and fixed (colindixon, 17:30:16)
    7. edwarnicke asks if we should report individual things as weather events (colindixon, 17:30:31)
    8. colindixon asks if we have an idea of how to prioritize things, e.g., which ones have security vulnerabilities vs. missing source code vs. better license vs. just nice to upgrade (colindixon, 17:34:15)
    9. colindixon says his take would be to (1) merge the patches we think are fine, (2) figure out what other patches break things and how, and (3) what upgrades are how important (colindixon, 17:35:00)
    10. colindixon asks if we Stephen needs help (colindixon, 17:41:02)
    11. Stephen says he could use help in general, and particularly with external versions when they are not in odlparent (colindixon, 17:42:07)
    12. colindixon asks how somebody would help with that now, Stephen says he needs to send a mail, but the maven versions plugin is part of it (colindixon, 17:43:05)
    13. colindixon says he remembered us abandoning maven versions after Hydrogen because it didn’t work, edwarnicke says that he remembers it being unreliable (colindixon, 17:44:16)
    14. Stephen says combining maven versions, with owasp, and CLM for as good a picture as we can get (colindixon, 17:44:37)

  7. next week (colindixon, 17:48:32)
    1. colindixon asks for topics for next week (colindixon, 17:48:54)
    2. nobody speaks up (colindixon, 17:50:03)


Meeting ended at 17:50:05 UTC (full logs).

Action items

  1. (none)


People present (lines said)

  1. colindixon (51)
  2. odl_meetbot (6)
  3. edwarnicke (1)
  4. zxiiro (1)
  5. phrobb (0)
  6. tbachman (0)
  7. dfarrell07 (0)


Generated by MeetBot 0.1.4.