JupyterHub and BinderHub Team Meeting

• Date: Thursday 19th May 2022

• Time: 5PM UTC

• This HackMD: https://hackmd.io/@sgibson91/hubs-team-meeting

• GitHub issue: jupyterhub/team-compass#510

• Calendar for future meetings: https://jupyterhub-team-compass.readthedocs.io/en/latest/meetings.html

Welcome to the Team Meeting

Hello!

If you are joining the team video meeting, sign in below so we know who was here. Roll call:

• name / institution / GitHub handle

• Min / Simula / @minrk

• Nelson / Simula / @nelphy22

• Sarah / 2i2c / @sgibson91

• Erik / Sundell open source / @consideRatio

• Simon Li / University of Dundee / @manics

• Tim / Binder / @betatim

• Wayne Decatur / Upstate Medical University / @fomightez

• Luke / Alan Turing Institute / @lukehare

• Mridul Seth / GESIS / @MridulS

• Rollin Thomas / NERSC / @rcthomas

• Callum / ATI / @callummole

Quick updates

60 second updates on things you have been up to, questions you have, or developments you think people should know about. Please add yourself, and if you do not have an update to share, you can pass.

• Min: jupyterhub-singleuser is (almost) working purely using public Jupyter Server extension APIs, instead of subclassing and monkeypatching: jupyterhub/jupyterhub#3888

• Erik: - jupyterhub-bot account created for PATs, see jupyterhub/team-compass#516. Currently @sgibson91 @minrk and @consideratio has access via a password + 2FA key.

• Rollin: rcthomas/jupyterhub-announcement, maybe transfer to jupyterhub org after a little more work?

  • Action (who?) A jupyterhub-contrib org? Overhead for additional org? Maybe tag/label repos in an org

  • jupyterhub/team-compass#519 for discussion

• Wayne: Is it okay to suggest using gh-scoped-creds via MyBinder? Securely pushing to GitHub from a JupyterHub with gh-scoped-creds

• Callum: turing staging cluster mostly deployed but running into connection refused errors #2170

Reports and celebrations

This is a place to make announcements (without a need for discussion). This is also a great place to give shout-outs to contributors! We’ll read through these at the beginning of the meeting.

• Min: Welcome Nelson, who will be starting soon on a PhD surrounding security in Jupyter and JupyterHub!

Agenda items

Let’s collect all potential agenda items here before the start of the meeting. We will then attempt to create a coherent agenda that fits in the 60m meeting slot. If there are similar items try and group them together.

• Chris H: (Chris is probably going to miss this meeting, but wants to note): There’s a PR to write up some of the team structure changes we had discussed. I would love feedback about if it seems correct or if changes are needed. There’s also a lot going in that PR, I could theoretically try to split it into multiple PRs if people really wanted this. Happy to hear any feedback.

• Simon: Move Europe morning meeting to Tuesday?

  • Move both meetings to Tuesday to make it easier to remember when the meetings are

• Erik: Add 2FA for our jupyterhub-bot account on https://pypi.org

  • Agreement to setup 2FA for it?

  • Who currently has access and needs to receive the 2FA key?

    • sgibson91

  • Can we create a list of accounts in our team-compass to keep track of who has access to the account

    • similar to the list of people who have the git-crypt key for mybinder.org-deploy repo

    • Here is an issue about overviewing the accounts: jupyterhub/team-compass#520

  • Q: can we review the GitHub organisation permissions?

• Erik: Update on enforcing 2FA

  • There seems to be agreement on going onwards with enforcing 2FA access jupyterhub/team-compass#443. I’ve recently asked several “outside collaborators”

• Tim: Does the Heroku security incident effect us

  • https://status.heroku.com/incidents/2413

  • maybe move henchbot to a GH action? but keep the nice property that the henchbot bot account has no special permissions for the mybinder.org-deploy repo (as it creates a PR from its own fork)