12:00 < ibennetch> Very well, let's begin then -- the first item is the reimbursement for the GSoC runion.
12:00 -!- chanaka777 [67f7328a@gateway/web/freenode/ip.18.104.22.168] has joined #phpmyadmin
12:00 < ibennetch> Is there any discussion about this? it seems pretty straightforward to me.
12:00 < ibennetch> Hello chanaka777
12:00 < dstorm> hi
12:00 < chanaka777> hi
12:01 < Marc9> Hi chanaka777 and dstorm
12:01 < dstorm> hello Marc9
12:01 < ibennetch> If no one has any point to discuss about the GSoC expenses, then I think we can jump in to voting right away.
12:01 < Marc9> Well, I'm only sad that Google has such a limit, but nothing's perfect
12:02 < ibennetch> I agree, but at least they reimburse some of it
12:02 < ibennetch> I think this is reasonable and affordable so I vote yes we should reimburse the rest.
12:02 < Marc9> I also vote yes
12:02 < ibennetch> Michal and Hugues also voted yes by mailing list
12:03 < madhuracj> I think I should not be voting as I will be benifiting from this, hence have a conflict of interest there.
12:03 * dstorm being non member, can't say in this matter
12:03 < ibennetch> madhuracj: this is probably best in this case.
12:04 < ibennetch> There seems to be no objection, so we can move on and continue discussion of the security coordinator position.
12:04 -!- nijel [~email@example.com] has joined #phpmyadmin
12:04 < ibennetch> I'll notify Michal so he knows to approve the expenses through Conservancy
12:04 < nijel> hi everybody
12:04 -!- zixtor_ [~firstname.lastname@example.org] has joined #phpmyadmin
12:04 < chanaka777> hi nijel
12:04 < ibennetch> nijel: Greetings, you got here just in time to notice we approve the first point on GSoC expenses.
12:04 < Marc9> What prompted my adding this item, is that this week we got 2 security reports involving 4 issues
12:05 < Marc9> Hi nijel
12:05 < nijel> great, that was fast :-)
12:06 < Marc9> Note that there are only 4 participants to the security mailing list...
12:06 -!- zixtor [~email@example.com] has quit [Ping timeout: 240 seconds]
12:06 -!- zixtor_ [~firstname.lastname@example.org] has quit [Client Quit]
12:06 < nijel> I can still spend some time on fixing bugs, but I really lack time to do the communication and coordination...
12:06 < Marc9> So we would need a new security coordinator, and also more participants to the security mailing list :)
12:07 -!- zixtor [~email@example.com] has joined #phpmyadmin
12:07 < Marc9> A coordinator is the one who does the communication, not necessarily the fixes,
12:07 < Marc9> also takes care that we do not forget any issue
12:08 < Marc9> If nobody volunteers, I can take the security coordinator hat, but I would appreciate more participation to the security issues
12:08 < zixtor> I remember Ann + J.M. showing interest about being coordinator
12:09 < Marc9> zixtor, yes, they did it for the last round of issues, they also did the fixes
12:09 < Marc9> (but they are not here today...)
12:09 < zixtor> yeah, right
12:09 < Marc9> also, I'm not sure that they have the time to do it regularly
12:11 < chanaka777> Just wanted to know, did they told something like that ?
12:12 * ibennetch is thinking about whether I have time to commit to being coordinator
12:12 < Marc9> Last time I suggested that more team members participate to the security list, I don't think there was a single response. I don't want to point fingers at anybody, but more participation would help avoid anyone being burned out
12:13 < madhuracj> Also, I do not see any problem of all the team members being members of the security team. Of course if they are willing to.
12:13 < madhuracj> So we will have more man power there
12:13 < Marc9> I also do not see a problem with that
12:13 < chanaka777> Yes, agreed
12:13 < zixtor> Yes, I also always thought why we have two separate mailing lists..
12:13 < nijel> indeed, anybody is welcome to join that list
12:13 -!- dietcode [~Codefirstname.lastname@example.org] has joined #phpmyadmin
12:14 < chanaka777> So why we do not discuss those issues in the team list ?
12:14 < Marc9> If I can do a time estimate for the coordinator "job", it could be about, say, 10 hours per year.
12:15 -!- mckendricks [~email@example.com] has joined #phpmyadmin
12:15 < Marc9> zixtor, I think the reason is that, before, there were more inactive members on the team list
12:15 < zixtor> Ok and I am willing to join the list and help with issues that I can..
12:15 < Marc9> zixtor, but now that the team list contains only active people, we could redirect the security list to the team list;
12:15 < nijel> indeed it's not much consuming, you just need to react reasonably fast on incoming mails and track which issues need to be addressed
12:16 < Marc9> however the real issue is manpower
12:16 < Marc9> if someone wants to try being a coordinator, I can be his mentor
12:16 < zixtor> Yes, so having everyone on the list will attract everyone's attention to the issues..
12:17 < madhuracj> @Marc9: I would like to give it a try
12:18 < Marc9> I can complete the "Security of phpMyAdmin" wiki page (process section) with the missing parts
12:18 < madhuracj> 10 hours per year shlould not be a problem. Having a mentor would be quite helpful for a start.
12:18 < Marc9> Thanks Madhura, so when can we start? :)
12:19 < Marc9> Thanks Atul for giving help on security issues
12:19 < ibennetch> Good, then madhuracj can do it -- but if he finds the work unsuitable then I can take over as coodinator.
12:19 < madhuracj> I believe you sent the initial replies to the recent security reports. I can follow them up.
12:19 < zixtor> Yes, I am willing to join the process
12:19 < Marc9> Now, what do we do, a redirect or we keep two distinct memberships?
12:19 < ibennetch> I don't think it makes sense to have co-coordinators, better to have one person managing it. Just to be clear.
12:20 < madhuracj> I think it's best to keep two seperate list and invite members to join the security list if they are willing to
12:20 < Marc9> Indeed, the coordinator is the one who sends a "team" response to incidents, once the team agrees
12:20 < ibennetch> I think two memberships is fine for now. There's no gain to me to have it merged to one list; we can just all join both.
12:21 < chanaka777> okay that's fine
12:22 < Marc9> madhuracj, I sent the initial replies to the reporters, and made the initial tests on all issues
12:23 < ibennetch> So madhuracj is the new coordinator and will work with Marc9 to take over smoothly the current issues; the rest of us who are interested will join the security mailing list.
12:23 < zixtor> Yes, right
12:23 < Marc9> Great
12:23 < nijel> perfect
12:24 < Marc9> May I add one small subject to the meeting: the next meeting in person?
12:24 < madhuracj> Please go ahead
12:25 < nijel> okay
12:25 < Marc9> I wrote about going to PHP conference in Italy and got a few answers, but I would like to know if we can consider this kind of conference, or not
12:26 < nijel> it's not something I'd prefer, but it's acceptable for me
12:26 < zixtor> I vote for FOSDEM
12:26 < madhuracj> I think it's ok
12:27 < Marc9> I heard that someone would not participate if we go to FOSDEM
12:28 < chanaka777> I vote for PHP conference
12:28 < zixtor> Marc9, Oh, I didn't know that
12:29 < Marc9> Maybe it's not time to "vote" yet, just clarify the possibilities
12:29 < madhuracj> May be we can list the possible options, study them more and vote on them. I guess we are not in a hurry to decide
12:29 < zixtor> Are we considering FOSDEM vs PHP conference?
12:29 < madhuracj> @Marc9: indeed
12:29 < ibennetch> I think Italy is very much a possiblity.
12:29 < ibennetch> (As is FOSDEM)
12:29 < Marc9> One of the reasons pro-Italy is the weather, of course;
12:29 < zixtor> Right, first we list other options too..
12:30 < ibennetch> I imagine both are reasonably close to J.M. as well for train travel
12:30 < Marc9> another reason is to go to a different kind of conferences, to add some variety
12:31 < Marc9> but, it's true that FOSDEM is difficult to beat in terms of subjects span; plus we could apply for a booth
12:33 < Marc9> I don't think we should consider DebConf 15 in Germany
12:33 < ibennetch> But the PHP conference falls on the anniversary of PHP, right? So it's a bigger deal than other years.
12:34 < Marc9> ibennetch, well I wrote today to their contacts, but I'm not sure that the 2015 date is set
12:34 < nijel> I'd also skip DebConf
12:35 < Marc9> nijel, what about openSuSE conf?
12:36 < nijel> Marc9: honestly I think it's getting smaller and smaller, so I'm not really sure it's good idea to consider it
12:36 -!- zixtor_ [~firstname.lastname@example.org] has joined #phpmyadmin
12:37 < Marc9> nijel ok
12:37 -!- zixtor [~email@example.com] has quit [Read error: No route to host]
12:37 < nijel> just to make the information complete: The openSUSE Conference 2015 is going to take place in The Hague, Netherlands.
12:38 < Marc9> We should consider only conferences where the entry price is not heavy
12:39 < Marc9> Ok, we can continue discussing in the next few months, but if FOSDEM materializes, we'll have to take a decision, say, in October
12:40 < madhuracj> We probabl can start a discussion on the team mailing list.
12:40 < madhuracj> probably*
12:41 < nijel> that's true for overseas flights it should be the time to book...
12:41 < Marc9> and I'll let you know when I get an answer from PHP Italy Day
12:42 < nijel> okay
12:42 < ibennetch> Okay, that sounds reasonable to me
12:42 < nijel> I will go to FOSDEM most likely anyway, but I don't think that makes any change in deciding :-)
12:43 < Marc9> nijel, a lightning talk about weblate?
12:43 < nijel> Marc9: maybe, I'll see :-)
12:44 < Marc9> Now _this_ would make a change in deciding ;)
12:44 < ibennetch> :)
12:44 < nijel> I don't think so ;-)
12:44 < madhuracj> :)
12:45 < ibennetch> Okay, then; things seem to be winding down so unless anyone has a last minute item to bring up I think we can begin to wrap up the meeting
12:45 < Marc9> ok for me
12:45 < chanaka777> sure
12:46 < nijel> okay for me
12:46 < ibennetch> Thank you all for attending today and have a great week!
12:46 < Marc9> bye all
12:46 < dstorm> bye everyone
12:46 < ibennetch> Of course we can continue to discuss, but the "official" meeting is over