-
-
Notifications
You must be signed in to change notification settings - Fork 287
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add meeting notes 2025-02-19 (#2464)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
- Loading branch information
1 parent
90b0cc1
commit fa3e54a
Showing
1 changed file
with
69 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| --- | ||
| tags: [meeting-notes] | ||
| title: '2025-02-19' | ||
| --- | ||
| # conda-forge core meeting 2025-02-19 | ||
|
|
||
| Add new agenda items under the `Your __new__() agenda items` heading | ||
|
|
||
| - [Zoom link](https://zoom.us/j/9138593505?pwd=SWh3dE1IK05LV01Qa0FJZ1ZpMzJLZz09) | ||
| - [What time is the meeting in my time zone](https://dateful.com/convert/utc?t=2pm) | ||
| - [Previous meetings](https://conda-forge.org/community/minutes/) | ||
|
|
||
| ## Attendees | ||
|
|
||
| | Name | Initials | GitHub ID | Affiliation | | ||
| | ----------------------- | -------- | --------------- | --------------------------- | | ||
| | | | | | | ||
| | | | | | | ||
| | | | | | | ||
| | | | | | | ||
| | | | | | | ||
| | | | | | | ||
| | | | | | | ||
| | | | | | | ||
| | | | | | | ||
|
|
||
| X people total | ||
|
|
||
| ### Standing items | ||
|
|
||
| - [ ] | ||
|
|
||
| ### From previous meeting(s) | ||
|
|
||
| - [ ] | ||
|
|
||
| ### Active votes | ||
|
|
||
| - [ ] | ||
|
|
||
| ### Your __new__() agenda items | ||
|
|
||
| - [ ] (JRG): Code of conduct working group at NumFOCUS. | ||
| - [ ] Opt-in or not? | ||
| - [ ] If yes, choose between "Recommend" or "Response". | ||
| - [ ] Discuss at "The new Code of Conduct working group in NF" thread in Zulip/core | ||
| - [ ] (JRG) Inactive core to emeritus process starting soon. | ||
| - [ ] (WV) Run-exports "attach" mode from cache output to outputs | ||
| - [ ] (WV) [Add sigstore support to the ecosystem](https://github.com/conda/ceps/pull/112): what to have in the predicate field? | ||
| - [ ] Default contents added by Github, but we can also add info in a free-form field. | ||
| - [ ] PyPI doesn't add any, but for now we could add the channel+label. | ||
| - [ ] In touch with Anaconda security folks. | ||
| - [ ] MRB: What if people move the channel? Does it invalidate the signature? | ||
| - [ ] The blob itself doesn't change. It's a matter of checking whether the claim matches or not with the source channel. This way you can identify copies from "original" uploads. To make it extra secure, the channel also needs to countersign it and "validate" the initial claim. | ||
| - [ ] MRB: If we, conda-forge, sign a package with "Our keys", then it's a pretty strong claim: "We, conda-forge, generated this package". | ||
| - [ ] IF: Certificates to sign conda-launchers? | ||
| - [ ] Currently signed by Anaconda, blocking win-arm64 deployment | ||
| - [ ] We could sign them with Azure-provisioned NumFOCUS-owned certificates ($10/mo) | ||
| - [ ] Clone repo to conda-forge, build binaries in CI and repackage them. | ||
| - [ ] Wolf to get in touch with NF. | ||
|
|
||
|
|
||
| ### Pushed to next meeting | ||
|
|
||
| - [ ] | ||
|
|
||
| ### CFEPs | ||
|
|
||
| - [ ] |