Notes: idpy Board call, 13 October 2020
by hlflanagan@sphericalcowgroup.com
Attendees:
Ivan, Roland, Leif, Chris, Heather, Christos
Absent:
Mike
Action items
1. The Dev team needs to come up with a few key points on change management and semantic versioning first, which will apply to projects, and then inform and educate the Board on what that all means
2. After Board agreement on the change management requirements, reach out to the djangosaml2 maintainer and verify they will be willing to adhere to these requirements
Update since our last meeting (see https://github.com/IdentityPython/)
• Status of volunteer engagement - seeing largely the same people participating. Given we always have the same people, we continued to be constrained in what we can do to improve the projects over on
• Where are more resources required?
• Until we improve our documentation, we won’t be able to bring new people on to participate.
• Documentation is happening at two levels, at the architecture level and at the code level. Ivan is responsible for the architecture level, but it has not been as high a priority as feature enhancement, security issues, etc. We do have volunteers helping with some of the code-level documentation (Hannah Sebuliba). Not every project is in the same place with regards to the available documentation; OIDC libraries are better off than the other projects.
• We also need “how to” documentation, on top of documenting the code and documenting the architecture.
• An interesting example is the Norwegian federation team where the developers wrote the first pass of the documentation, but the group that did the implementation were required to improve (and probably rewrite) the documentation.
• Our documentation needs at every level are very complex; this is powerful software with many options for implementation. It would be best if we had a strategy to use our resources most efficiently, but we’re limited by what volunteers we have and where their skills/experience lay.
Proposal for a new project to be brought on board (See https://dracc.commonsconservancy.org/0025/ for a reminder of how we add new projects to idpy.)
• https://github.com/knaperek/djangosaml2 (see email to the board from 15 September, subject line: "idpy 2020 board meeting and a new project")
• There is a concern about expanding the idpy product catalog without a proper way to manage the whole catalog. Is this production grade? What is the release management process?
• The Dev team needs to come up with a few key points on change management and semantic versioning first, which will apply to projects, and then inform and educate the Board on what that all means, then
Quality of the project and how we manage our projects overall
• We should be asking each idpy project to follow a consistent release management process and a consistent testing process. The tools we use, how we use them and invoke them, as well as the policies around them, whether we use docker images, etc.
• We do have templates for issues and PRs, but they are optional. Similarly, people do not always include tests.
• Process is no guarantee of quality. If our ultimate goal is quality improvement, then we need to figure out how to get there then determine what policy is need to keep us at that level. We need the culture to evolve to overall improvements, so the team makes its own rules.
• Review is how we manage quality. This ties back to the architecture documentation, so that more people can do the review than just Ivan because they understand how it all fits.
• Perhaps tag as “future” all items that are not 100% vetted.
• IdentityPython is not so much about turnkey solutions as it is about building tool kits.
• The different idpy projects are very different in terms of scale - pySAML2 has been around for 16 years and has an enormous following, whereas the OIDC libraries have a group of 5 committers. There is unlikely to be one model that fits all.
• Can we at least get to an agreement to use semantic versioning across all projects?
Board nominations for 2021-2023
• 3 slots, currently filled by Leif, Christos, and myself, will be open
• Note that Heather’s role is also “At-Large Director of Identity Python"
Thanks! Heather
