17:01:25 <colindixon> #startmeeting tws
17:01:25 <odl_meetbot> Meeting started Mon Sep 28 17:01:25 2015 UTC.  The chair is colindixon. Information about MeetBot at http://ci.openstack.org/meetbot.html.
17:01:25 <odl_meetbot> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:01:25 <odl_meetbot> The meeting name has been set to 'tws'
17:01:26 <colindixon> #topic agenda bashing
17:01:34 <colindixon> #topic agenda bashing
17:01:41 <colindixon> #undo
17:01:41 <odl_meetbot> Removing item from minutes: <MeetBot.ircmeeting.items.Topic object at 0x1d32490>
17:02:01 <colindixon> #link https://wiki.opendaylight.org/view/Tech_Work_Stream:Main#Upcoming_Meeting_Agendas the agenda would normally be there
17:02:19 <colindixon> #info however, this week we have Stephen Kitt presenting on how we can do a better job of external dependency managmenet
17:02:23 <colindixon> #Undo
17:02:23 <odl_meetbot> Removing item from minutes: <MeetBot.ircmeeting.items.Info object at 0x1d32f10>
17:02:38 <colindixon> #info however, this week we have Stephen Kitt presenting on how we can do a better job of external dependency management
17:03:36 <colindixon> #chair phrobb dfarrell07 tbachman
17:03:36 <odl_meetbot> Current chairs: colindixon dfarrell07 phrobb tbachman
17:06:11 <colindixon> #topic external dependency management
17:06:51 <colindixon> #info this is a follow on from phrobb’s section on good hygiene at the summit, which wound up being mostly about external dependencies
17:07:35 <colindixon> #info Stephen says that this is really about upgrading a bunch of our external dependencies since they are really, very old in a lot of cases
17:07:59 <colindixon> #info in addition, he’s discovered that there’s a lot of external dependencies which need to be removed since we no longer use them
17:08:22 <colindixon> #info in general, we will need to cascade things down from odlparent to yangtools and so on
17:08:59 <colindixon> #info we desperately want to move forward to get security patches, bug fixes, and in some cases fix licensing issues
17:09:44 <colindixon> #info e.g., we don’t have source for some of our external dependencies and moving forward would fix it, in other cases, e.g., JBOSS, newer licenses are more permissive, which is good for us
17:10:00 <colindixon> #topic how do we upgrade our dependencies
17:10:16 <colindixon> #info first, identify what needs upgrading
17:10:31 <colindixon> #info second, involve the projects starting at offset 0 and moving down the list
17:11:04 <colindixon> #info what approach do we want to take as to when we do it? at first Stephen wanted to do a big bang over the course of a week when we can focus on it
17:11:23 <colindixon> #info some of that has been broken off and already merged, but there’s still a lot left
17:11:32 <colindixon> #topic major concerns
17:11:54 <colindixon> #info we have some third-party source checked into repos, that’s really best avoided if we can possible make it
17:12:14 <colindixon> #topic infrastructure
17:12:26 <colindixon> #info ideally, we’d let projects keep making progress as the upgrade goes on
17:12:41 <colindixon> #info it seems like bumping SNAPSHOT versions allows for a way to do this
17:14:04 <edwarnicke> Is anyone else having issues getting into the webex?
17:14:21 <colindixon> edwarnicke: not that I can tell
17:14:28 <colindixon> https://meetings.webex.com/collabs/#/meetings/detail?uuid=M749G9M6E4A5JG72SD48WWG57F-9VIB
17:17:07 <colindixon> #info colindixon asks if this is using branches or just bumping, Stephen says that for now his plan was not to have branches
17:18:15 <colindixon> #link https://git.opendaylight.org/gerrit/#/q/status:open+project:odlparent+owner:%22Stephen+Kitt+%253Cskitt%2540redhat.com%253E%22 the patches so far
17:18:56 <colindixon> #info that is only part of the story
17:21:00 <zxiiro> OWASP
17:21:38 <colindixon> #info in the long-term, we’d like to have this be semi-automated, Stephen says that the work of interns (Abhishek, William on owasp), and CLM this could go a long way
17:22:28 <colindixon> #topic what’s next
17:22:46 <colindixon> #info Stephen says at the summit, he advocated just upgrading things and breaking everything for a bit
17:23:14 <colindixon> #info Now, he’s wondering if that will actually work in ODL, maybe just getting the dashboards up and running would be good first
17:23:37 <colindixon> #info also, maybe focusing on removing dependencies instead, would be a good idea
17:23:45 <colindixon> #info for example, on Eclipse packages
17:27:29 <colindixon> https://git.opendaylight.org/gerrit/#/c/26327/
17:30:16 <colindixon> #info colindixon says he’d like to see us just merge the patches don’t break things, and then see us figure out what breaks for others and start hunting things down and fixed
17:30:31 <colindixon> #info edwarnicke asks if we should report individual things as weather events
17:34:15 <colindixon> #info colindixon asks if we have an idea of how to prioritize things, e.g., which ones have security vulnerabilities vs. missing source code vs. better license vs. just nice to upgrade
17:35:00 <colindixon> #info colindixon says his take would be to (1) merge the patches we think are fine, (2) figure out what other patches break things and how, and (3) what upgrades are how important
17:41:02 <colindixon> #info colindixon asks if we Stephen needs help
17:42:07 <colindixon> #info Stephen says he could use help in general, and particularly with external versions when they are not in odlparent
17:43:05 <colindixon> #info colindixon asks how somebody would help with that now, Stephen says he needs to send a mail, but the maven versions plugin is part of it
17:44:16 <colindixon> #info colindixon says he remembered us abandoning maven versions after Hydrogen because it didn’t work, edwarnicke says that he remembers it being unreliable
17:44:37 <colindixon> #info Stephen says combining maven versions, with owasp, and CLM for as good a picture as we can get
17:48:32 <colindixon> #topic next week
17:48:54 <colindixon> #info colindixon asks for topics for next week
17:50:03 <colindixon> #info nobody speaks up
17:50:05 <colindixon> #endmeeting