Skip to content
This repository has been archived by the owner on Nov 9, 2017. It is now read-only.

Latest commit

 

History

History
173 lines (141 loc) · 6.08 KB

2016-11-09.md

File metadata and controls

173 lines (141 loc) · 6.08 KB

Node Foundation CTC Meeting 2016-11-09

Links

Present

  • Anna Henningsen @addaleax (CTC)
  • Ben Noordhuis @bnoordhuis (CTC)
  • Сковорода Никита Андреевич @ChALkeR (CTC)
  • Colin Ihrig @cjihrig (CTC)
  • Evan Lucas @evanlucas (CTC)
  • Jeremiah Senkpiel @Fishrock123 (CTC)
  • James M Snell @jasnell (CTC)
  • Michael Dawson @mhdawson (CTC)
  • Brian White @mscdex (CTC)
  • Myles Borins @TheAlphaNerd (CTC)
  • Sakthipriyan Vairamani @thefourtheye (CTC)
  • Rich Trott @Trott (CTC)

Standup

  • Anna Henningsen @addaleax (CTC)
    • not too much, just reviewing a few issues
  • Сковорода Никита Андреевич @ChALkeR (CTC)
    • gathering data on buffer issue
  • Colin Ihrig @cjihrig (CTC)
    • Reviewing issues and PR. Opened and landed some PRs.
  • Evan Lucas @evanlucas (CTC)
    • Cut v7.1.0 release
    • Been looking more into the OS X installer issues
  • Jeremiah Senkpiel @Fishrock123 (CTC)
  • James M Snell @jasnell (CTC)
    • Work on HTTP/2 implementation
    • PRs
  • Michael Dawson @mhdawson (CTC)
    • Add v7.x to the benchmarking jobs and benchmarking.nodejs.org
    • Moving coverage job along, removing dep on external repo and Updates for PR merging some changes into core
    • review/commenting on issues
    • working on abi-stable-node with Sampson + team
    • starting to work on benchmarking pres for Node Interactive
    • reading and keeping up to date on issues.
  • Brian White @mscdex (CTC)
    • commented on issues, reviewed PRs
  • Myles Borins @TheAlphaNerd (CTC)
    • released v4.6.2
    • discussed with community release process and revert policy
    • onboarded new collaborator to citgm
    • chasing potential bug in child_process or spawn-wrap
  • Sakthipriyan Vairamani @thefourtheye (CTC)
    • Makefile improvements
    • PR for bug in buffer module
    • General review
  • Rich Trott @Trott (CTC)
    • CTC meeting time wrangling
    • test PRs
    • some troubleshooting on CI hosts

Agenda

Extracted from ctc-agenda labelled issues and pull requests from the nodejs org prior to the meeting.

nodejs/CTC

  • Roadmap WG status #16

nodejs/node

Previous Meeting Review

nodejs/node

  • CTC membership nomination: @thefourtheye #8558

    • approved and closed last week

  • lib: make String(global) === '[object global]' #9279

    • voted on and approved last week

nodejs/TSC

  • Consider folding TSC into CTC #146
    • Rod gave overview, taken back to github

nodejs/CTC

  • Meeting Schedule #22
    • discussed and agreed on way forward.
  • Review how ctc-review process is working #20
    • going to wait for a bit longer to see how its working taken off agenda

Minutes

Roadmap WG status #16

  • CTC consensus that this does not need to be a formal WG.
  • Additional votes were added by those in attendance to the issue, we should now have enough LTGMs in the issue to consider approved.

buffer: hard-deprecate calling Buffer without new

(nodejs/node#8169)

  • James, for near term, revert in 7 and revisit in 8.
  • Chalker, still believe we should deprecate, gathering more information, 5-10% of modules are using in an unsafe way, some related to base64 encoding, could result in memory leaks or Dos. Not related to new, need to deprecate both in next release. Want people to migrate to buffer.alloc.
  • Ben: can we address by zero fill by default for new ?
  • Chalker: Problem is won.t be in place for old versions, module that runs on new/old will be at risk on old. We should add zero fill when we do hard deprecation.
  • Evan: should have deprecated both so that people are not forced to change twice.
  • James: can.t deprecate constructor completely. Original idea was to phase out new so that we could improve inheritance.
  • Evan: reason not well communicated.
  • James: communicated but complainers don.t see value .
  • Chalker: deprecation is only way to help identify those modules at risk, zero fill only addresses one issue. Hard deprecation only way to make sure security vulnerability is addressed.
  • Chalker: putting together list of packages that may be affected
  • Myles: reach out to individuals who will be affected so that we can get more direct appreciation of their concerns ?
  • Jeremia, some commenters may be more ok with fix for security.
  • Myles: need to get info on modules that will be affected and talk to concerned people, also should consider zero fill even if older versions are not addressed.
  • Ben: see also nodejs/node#7152?
  • Anna: Discussion has fragmented across threads
  • Trott: take back to github at this point ?
  • Myles: should we revert current warning since we are not converging ?
  • NEXT STEPS: open 2 issues to continue discussion:
    • short term for revert (Anna)
    • longer term one for fuller discussion (Chalker ?)

Q/A on public channels

Some comments on chat,

  • Hi please make fast like C++
  • Future of Node compare to Java ?

Upcoming Meetings

  • CTC: 2016-Nov-16, time TBD
  • TSC: 2016-Nov-10, 1pm US Pacific
  • Build:
  • Diagnostics: Nov 9, 3:00 PM Pacific
  • Benchmarking: TBD, issue for scheduling nodejs/benchmarking#69
  • LTS:
  • Post-Mortem:
  • API: