JupyterHub and BinderHub Team Meeting#
Date: Tuesday 17th January 2023
Time: 6PM Europe/London
GitHub issue: jupyterhub/team-compass#582
Calendar for future meetings: https://jupyterhub-team-compass.readthedocs.io/en/latest/meetings/index.html#meeting-calendar
By participating in this meeting, you are agreeing to abide by and uphold the Code of Conduct. Please take a second to read through it! :pray:
Welcome to the Team Meeting#
If you are joining the team video meeting, sign in below so we know who was here. Roll call:
Min / Simula / @minrk (will be late)
Blessing / Outreachy / @bl-aire
Sarah / 2i2c / @sgibson91
Erik / 2i2c / @consideRatio
Simon / University of Dundee / @manics
Eskild / Quansight / @iameskild
Wayne / Upstate Medical University / @fomightez
Yuvi / 2i2c / @yuvipanda
Sheila / Outreachy / @Sheila-nk
If this is your first time attending the meeting, add your name below and we will ask you to introduce yourself on the call :)
60 second updates on things you have been up to, questions you have, or developments you think people should know about. Please add yourself, and if you do not have an update to share, you can pass.
Min: move away from problematic referer checks to xsrf tokens ready for review: jupyterhub/jupyterhub#4032 (thanks for Oksana for selenium tests that help ensure actual pages work, not just test requests)
Reports and celebrations#
This is a place to make announcements (without a need for discussion). This is also a great place to give shout-outs to contributors! We’ll read through these at the beginning of the meeting.
@dolfinushas made a lot of thorough PRs to KubeSpawner - such as adding tests! (List of PRs)
@bollwyvlfor work in jupyterhub/jupyter-server-proxy regarding tests!
Let’s collect all potential agenda items here before the start of the meeting. We will then attempt to create a coherent agenda that fits in the 60m meeting slot. If there are similar items try and group them together.
Min (5m): Outreachy for Spring. Do we do it, or wait for Fall? We need project ideas, mentors and especially volunteers for the application period. First deadline is already Feb 10, which is before our next meeting! jupyterhub/team-compass#612
Money from Outreachy for two interns
We need mentors to help detail projects for the interns
Sarah (probably following on from Min’s topic): What does the JupyterHub community want the Strategic Lead to focus on? What outside Outreachy is important to prioritise? Is Outreachy a top priority or not?
Sarah acting the community coordinator
Sarah concerned about the additional work that Outreachy would involve, would there be other community things that you would prefer Sarah work on?
Sarah has been working on Outreachy guide.
Simon: what are other things Sarah could spend time on?
Restructure this meeting. Can be challenging for new attendees. Proposal, two meetings
Sarah’s hackmd: https://hackmd.io/@sgibson91/SyD50E2qo
always run a onboarding breakout session each meeting
use breakout rooms / pomodoros to break things down so attendees can work on what they’re interested in.
Yuvi: Outreachy is still important for community health long term. Look for someone else to be the Outreachy coordinator.
Participate in the way we want, but let’s not forego it altogether.
Make an annoucement on Discourse.
Keep in mind which Outreachy round (sping or fall) we participate in so that we don’t always exclude those from the southern hemisphere.
Min: annual Outreachy participation?
How do we integrate Outreachy into our “daily” process so that we can handle participating twice a year?
Sarah: her action items
Make Discourse post calling to action for mentors and a new community coordinator
Continue to update the JupyterHub Outreachy guide.
Min (5m): Interest in / resources for a Jupyter roadmap/strategic planning event/workshop/asynchronous period, etc.?
It might be time to get together to “plan” as a team be this in-person or virtual.
CZI grant might be able to used for this.
Erik (3 min): BinderHub 1.0.0
Declare intent to go for SemVer versioned releases with changelog going onwards, software package and Helm chart still bundled
We are currently at version
It’s time for regular releases.
Can we confirm that there won’t be any breaking changes for the foreseeable future?
Min: don’t set the bar too high
Create an issue and start listing all the things that need to be wrapped before the release.
Erik (5 min): Overview of major releases to be made
z2jh, jupyterhub, kubespawner, oauthenticator all includes breaking changes, so we have z2jh 3, jupyterhub 4, kubespawner 5, and oauthenticator 16 coming up.
Call to action: help get any breaking change reviewed and merged so we can get many of these releases to go hand in hand for z2jh.
Min’s jupyterhub PR about XSRF tokens: jupyterhub/jupyterhub#4032
Yuvi’s kubespawner PR about merging dictionaries instead of overriding them jupyterhub/kubespawner#650
Yuvi would love for someone else to pick it up and finish it if possible
A unreleased regression relevant fixing before releases of oauthenticator: jupyterhub/oauthenticator#564
These releases don’t need to be made around the same time but if they are, it would reduce the number of communications.
Min: don’t wait on JupyterHub
z2jh is a distribution collecting many packages, does it make sense to explore calver? https://jacobtomlinson.dev/posts/2023/sometimes-i-regret-using-calver/
Erik (3 min): Lower Dependabot’s frequency to update GitHub actions
Currently weekly updates are made
Do we have agreement to go for monthly updates going onwards? (Min +1!)
If quick update is needed, one can trigger updates via a “Last checked
Switch from weekly to monthly updates; manual updates are still possible (workflow_dispatch)
Agreed to switch to monthly dependabots updates
Erik (after meeting ?): Discussion about an untested security vulnerability patch
I’d like us to find a way forward
Related discussion for JupyterHub team members: orgs/jupyterhub
Test the untested security vulnerability patch in a production environment.
Email Greg Werner
Or potentially remove LTE 1.3 (keep 1.1)
Can we just release the patch regardless? If this breaks the LTE that’s better than the lingering security vulnerability.
Deadline: decide one way or another by Wed January 25
Otherwise Erik to remove LTE 1.3.
Simon: Readthedocs for Z2JH are not versioned.
Build the docs based on ref and/or tag
Adding a dropdown to the rtd theme to access older tagged docs