19:01:19 #startmeeting Ansible Community Meeting 19:01:19 Meeting started Wed Dec 2 19:01:19 2020 UTC. 19:01:19 This meeting is logged and archived in a public location. 19:01:19 The chair is felixfontein. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:01:19 Useful Commands: #action #agreed #halp #info #idea #link #topic. 19:01:19 The meeting name has been set to 'ansible_community_meeting' 19:01:21 gundalow: Error: Can't start another meeting, one is in progress. 19:01:26 hehe 19:01:32 lol :) 19:01:35 dericcrago gundalow samccann abadger1999 agaffney tadeboro russoz geerlingguy briantist samccann jillr dmsimard cybette acozine lmodemalcyberpear aminvakil gwmngilfen akasurde baptistemm: ping! 19:01:40 * gundalow waves 19:01:41 o/ 19:01:43 o/ 19:01:46 #chair gundalow dmsimard jillr 19:01:46 Current chairs: dmsimard felixfontein gundalow jillr 19:01:49 o/ 19:01:53 #chair cybette 19:01:53 Current chairs: cybette dmsimard felixfontein gundalow jillr 19:02:00 andersson007_ excused himself for this meeting 19:02:01 * dericcrago waves 19:02:06 #chair dericcrago 19:02:06 Current chairs: cybette dericcrago dmsimard felixfontein gundalow jillr 19:02:27 #topic agenda: https://github.com/ansible/community/issues/539#issuecomment-737419444 19:02:33 o/ 19:02:34 Good day :-) 19:02:41 #chair lmodemal abadger1999 19:02:41 Current chairs: abadger1999 cybette dericcrago dmsimard felixfontein gundalow jillr lmodemal 19:03:00 o/ (I'll be in and out for a bit) 19:03:10 #chair geerlingguy 19:03:10 Current chairs: abadger1999 cybette dericcrago dmsimard felixfontein geerlingguy gundalow jillr lmodemal 19:03:42 today's meeting is mainly about criteria for inclusion of new collections into Ansible 3.0.0, though we will start with two quick other topics (after general announcements) 19:03:42 #info Bullhorn 15 has just been published https://mailchi.mp/redhat/the-bullhorn-15 (you should subscribe) 19:03:54 #topic Announcements 19:03:58 #info Bullhorn 15 has just been published https://mailchi.mp/redhat/the-bullhorn-15 (you should subscribe) 19:04:05 #info Ansible 2.10.4 has been released yesterday 19:04:09 #info Ansible 2.10 contains new collections since last meeting: community.okd and community.hrobot (see https://github.com/ansible-collections/overview/issues/128 for overview) 19:04:14 o/ 19:04:18 #chair samccann 19:04:18 Current chairs: abadger1999 cybette dericcrago dmsimard felixfontein geerlingguy gundalow jillr lmodemal samccann 19:04:28 #info PR Day on 1st December was a great success, next is 17th December. Hope to see you there https://github.com/ansible/community/issues/407 19:05:17 gundalow: good job as i wrote this morning 19:05:29 #chair andersson007_ 19:05:29 Current chairs: abadger1999 andersson007_ cybette dericcrago dmsimard felixfontein geerlingguy gundalow jillr lmodemal samccann 19:05:38 felixfontein: i can't miss this meeting:) 19:05:46 andersson007_: hehe :) 19:06:24 #topic Are bugfix releases every ~3 weeks ok for community.general's stable-1 branch? 19:06:29 Long version: are bugfix releases every ~3 weeks (i.e. shortly before Ansible 2.10.x releases) ok for community.general's stable-1 branch (assuming there is something to release, of course)? 19:06:52 let's have a quick poll, if you're against it write -1, if you're for it write +1 19:07:03 (I hope it doesn't need a longer discussion :) ) 19:07:15 +1 (Regular is good, there's a continual flow of PRs merged into c.g) 19:07:24 +1 19:07:25 +1 19:07:28 Note that syncing night always be a problem, for instance, were skipping a few weeks for the Christmas-new years holiday for the next Ansible release 19:07:28 +1 19:07:31 +1 19:07:41 +1 19:07:45 abadger1999: that's what the ~ is for ;) 19:08:10 But i do like three weeks as it means even if it's out of sync, there's not long to wait to get the changes in 19:08:14 +1 19:08:26 we can revisit this once Ansible 3.0.0 and c.g 2.0.0 are out 19:08:38 ok thanks! 19:08:59 #agreed community.general 1.3.x bugfix releases will be ~every three weeks 19:09:23 #topic Should the next 'big' Ansible release in February 2021 be Ansible 3.0.0, or a higher version number? 19:09:33 o/ 19:09:41 3.0.0 imo 19:09:48 this question was brought up recently by nitzmahone (yesterday or the day before, I forgot) 19:09:51 either that, or like 42.0.0 19:09:56 :) 19:10:07 ONE MILLION POINT OH 19:10:10 202102.0.0 :) 19:10:30 I like 3.0.0 since the idea of the ansible package is to provide continuity for end users. 19:10:42 I think 3.0.0 is already good enough, we'll have 4.0.0 out by middle of 2021, and 5.0.0 by the end of 2021 / beginning of 2022 19:10:43 But I'm not overly married to it. 19:10:57 Yeah. 19:10:59 at that point ansible-core will probably still be in the 2.1x range with x small 19:11:11 We release ansible-3.0 in February 2021, ansible-core releases 2.11 in April 2021, we release ansible-4.0 in May 2021, we release ansible-5.0 ~September 2021 19:11:12 or so, ansible-6.0 in February 2022 or so 19:11:17 3.0.0 has the benefit of we don't have to explain why we skipped up to a larger number like 10.0.0 19:11:36 +1 3.0.0, for the continuity 19:11:42 gundalow: is 5.0.0 in ~September a fixed thing? I think that would be too frequent, since major releases can have breaking changes 19:11:51 +1 for 3.0.0 19:12:44 Yeah, my only concern was just that the average person probably hasn't figured out core vs packaged content yet, so "where's all the new 3.0 goodies?"... It's a pretty minor point of confusion, and it'll likely not be an issue for too long, but just wanted to raise it as something to think about 19:13:21 nitzmahone: I'm not sure whether they also won't ask for that if we name it 42.0.0 19:13:25 felixfontein: it's not... I would like to have about three releases a year, though.... I think february is a better month than January to release in so September could become October. 19:13:27 felixfontein: not fixed, more an indication that `ansible` numbers will move fast 19:13:30 Where if the number is far enough apart from 2.10/2.11, it'll at least be fairly clear that *something* changed 19:13:49 o/ 19:14:04 o/ 19:14:06 #chair resmo 19:14:06 Current chairs: abadger1999 andersson007_ cybette dericcrago dmsimard felixfontein geerlingguy gundalow jillr lmodemal resmo samccann 19:14:09 abadger1999: gundalow: I don't mind fast, we should just try to balance deprecations/removals vs. quick major releases, since every release which breaks things annoys users 19:14:09 felixfontein: I guess my point is that a larger version number makes someone curious, vs something that's very close to the existing core version they just assume it's business as usual 19:14:11 #chair acozine 19:14:11 Current chairs: abadger1999 acozine andersson007_ cybette dericcrago dmsimard felixfontein geerlingguy gundalow jillr lmodemal resmo samccann 19:14:28 #chair nitzmahone 19:14:28 Current chairs: abadger1999 acozine andersson007_ cybette dericcrago dmsimard felixfontein geerlingguy gundalow jillr lmodemal nitzmahone resmo samccann 19:14:35 nitzmahone: true 19:14:49 I've been trained that even a 'minor' bump (even if it's not intended to be used as 'minor' versioning using Ansible's current versioning system can have major implications. 19:15:05 So 3.0.0 in Ansible-land feels like maybe a complete and total different thing than 2.anything 19:15:07 Can we cut off discussion on this in... say 5 minutes? 19:15:15 (So we can move to the next thing) 19:15:16 abadger1999: definitely! 19:15:29 let's do a definite vote in 2 minutes, so if you have more arguments, spit them out now :) 19:15:38 19:15:47 Yeah, I don't have anything more, just wanted to at least make sure it was a conscious choice rather than off-the-cuff 19:16:06 Either way it won't be too harmful I don't think—but I do know that with Perl, PHP, etc. whenever a major version is skipped, half the time after that release people waste having to explain what happened to the skipped numbers 19:16:12 I think whatever the outcome, communicating about it and the core rename more broadly will be important 19:16:23 VOTE: Next ansible release will be (a) 3.0.0 (b) 10.0.0 19:16:34 I think anything separated from the core numbering 2.x will cause people to go huh? and dig for more info 19:16:35 Oops, 30 seconds too soon 19:16:35 a 19:16:45 a 19:16:46 a 19:16:46 samccann: I agree 19:16:46 a 19:16:47 (c) some other number 19:16:48 a 19:16:54 a 19:16:57 (if someone wants something else than 3.0.0 and 10.0.0) 19:16:58 so long as we document it (potentially in botjh core and collection docs) we should be ok 19:17:00 a 19:17:06 a 19:17:23 3.0.0 should get a longer release summary then :) 19:17:36 a 19:17:44 a 19:18:51 #agreed the next 'big' Ansible version will be 3.0.0 in February 2021. we'll add docs everywhere that explain that it is not much different than 2.11 would have been, so users hopefully won't expect something bigger 19:18:55 thanks everyone! :) 19:19:03 #topic Criteria for inclusion of new collections in Ansible 3.0.0 19:19:13 abadger1999: do you have something prepared for this topic? 19:19:19 Cool- thanks for the discussion (and sorry I butted into the PR day yesterday with that, didn't realize it was mid-meeting). 19:19:29 #unchair nitzmahone 19:19:29 Current chairs: abadger1999 acozine andersson007_ cybette dericcrago dmsimard felixfontein geerlingguy gundalow jillr lmodemal resmo samccann 19:19:33 o/ 19:19:54 nitzmahone: thanks for putting it up! 19:19:56 #chair aminvakil 19:19:56 Current chairs: abadger1999 acozine aminvakil andersson007_ cybette dericcrago dmsimard felixfontein geerlingguy gundalow jillr lmodemal resmo samccann 19:19:58 nitzmahone: it was fine yesterday too, PR day is less a meeting and more a working session where a lot of different things can come up. 19:20:24 So last meeting, we discussed moving forward with criteria for new collections in ansible-3.0.0 19:20:35 #info https://github.com/ansible-collections/overview/issues/131 19:20:53 The first thing we need to do is create a framework that we can then modify. 19:21:35 So for homework, everyone was to take a look at the present checklist and think of modifications to it that felll into two groups: 19:22:04 (1) Things that you feel absolutely must be changed with the checklist before you can consider approving them as the basis for accepting new collections 19:22:25 (2) Things to change in the checklist that are not blockers for your vote to accept them as criteria 19:22:49 So to start today: Has anyone come up with something in group (1) ? 19:23:08 (1) at least1) matching ansible doc format and convensions 2) they must pass sanity tests 19:23:20 maybe also 3) have unit and / or integration tests as for (1) 19:23:38 (Here's the existing checklist: https://github.com/ansible-collections/overview/blob/main/collection_requirements.rst ) 19:23:52 seems like this is an opportunity to add stricter requirirements (for tests etc) 19:24:16 (1): publicly available issue tracker; information on which kind of contributions are accepted (might also be none 19:24:21 stricter requirements sounds good 19:24:29 as in we arent blocking people from creating collections and put them in galaxy w/ minimal test etc... but we CAN block them from the Ansible package to enforce stronger quality requirements 19:24:31 #topic Matching ansible doc format and conventions 19:24:49 andersson007_: Here's the existing section on documentation: https://github.com/ansible-collections/overview/blob/main/collection_requirements.rst#documentation 19:24:57 andersson007_: What is your proposed change? 19:25:27 abadger1999: just wanted to mention it again, it's imo so important:) 19:25:34 The thing I've been meaning to ask about is that those are more technical requirements but what are the non-technical ones, if any ? In other words, would we say ever say no to anyone who proposed a collection that meets the technical requirements ? 19:25:38 Okay. 19:26:13 #info existing checklist item on documentation is considered okay to start with. 19:26:23 dmsimard: that's a very hard question :) I think we also need non-technical requirements, but it is very hard to formalize them 19:26:33 For example, would we include two different nginx collections in Ansible ? 19:26:51 #topic sanity tests 19:27:01 Here's the existing sanity test checklist item: https://github.com/ansible-collections/overview/blob/main/collection_requirements.rst#ci-testing 19:27:10 Currently, the requirement is that they're run. 19:27:12 ooo interesting question on the two similar collections - Ansible Thunderdome! they have to fight it out 19:27:29 #agreed Collections MUST have sanity tests running against every major version of `ansible-core` that is supported by the collection 19:27:31 dmsimard: I would vote no on that, what's in the ansible package should be somewhat ... I don't want to say authorative, but maybe prescriptive? 19:27:35 they must run, and they must pass. you can have ignore.txt entries, though you should thrive to minimize them. 19:27:46 Do we want to change that to "sanity tests must be passing"? What is the leaway for things which should be ignored instead of changing the code to pass? 19:28:09 felixfontein: +1 19:28:10 jillr : yeah, it's just an example of a non-technical requirement I came up with but I'm sure there's more 19:28:16 abadger1999: +1 for passing 19:28:24 +1 for passing 19:28:25 abadger1999, +1 for passing 19:28:30 I like passing coupled with ignore.txt. 19:28:34 passing, and any ignores should be well documented? 19:28:39 can we perhaps put a limit on the types of tests that can have ignore.txt entries? So we are upping the requirements vs what was in say ansible-2.9? 19:29:00 Do we want to encode anything about what can go in ignores.txt right now? Or leave that up to reviewers and modify that after we get some experience? 19:29:02 like, there has to be a documented rationale for something to be ignored 19:29:08 jillr: sounds good. it's totally fair to just add a bunch of ignore.txt entries when a new validator is added to ansible-test, but they should be cleaned up in appropriate time, and not kept around forever 19:29:21 We can grand father in existing collections, though we could require new collections to have empty `ignore-x.y.txt`(apart from where you can't fix them (something about docs for certain types of non-module plugin docs)) 19:29:28 not sure how much can be in ignores.txt but could a 'nefarious' collection owner just ignore everything and presto - they pass all sanity tests? 19:29:47 samccann: in theory, you can ignore every error and have a HUGE ignore.txt 19:30:03 I'm 100% OK (and infact would strongly prefer) any new collection to be held to a much higher standard that the existing ones. 19:30:04 samccann: that would be review of the reasons for the ignores would come in, and would be the basis for a discussion with the collection maintainer 19:30:13 yeaeh I like the idea of it should be empty and if not, why not 19:30:31 "Any entries in ignore.txt must be able to be justified" 19:30:32 i think this can be up to maintainer to decide, whether it's ok to put it in ignore.txt or not 19:30:39 gundalow: +1 19:31:05 +1 for much higher standards 19:31:16 gundalow: +1 19:31:17 +1 as well 19:31:23 and +1 for higher standards too 19:31:28 +1 19:31:32 Are inline comments allowed in ignore.txt? 19:31:36 abadger1999: yes 19:31:40 Cool 19:31:47 abadger1999: I would require one comment per entry 19:31:55 abadger1999: https://github.com/ansible-collections/community.docker/blob/main/tests/sanity/ignore-2.11.txt#L1 19:32:01 abadger1999: yes 19:32:14 so each entry must have an explanation 19:32:20 acozine: sounds good to me 19:32:28 yeah i like that idea 19:32:36 yes, that's a good idea 19:32:41 acozine: +1 19:32:48 spoiler alert `# haven't bother to fix this yet` isn't a valid justification 19:32:54 that makes it transparent and also raises the bar on adding to ignore.txt vs. fixing the problem 19:32:58 gundalow: ooooh, crap :D 19:33:06 :D 19:33:10 hehe 19:33:27 VOTE Proposed addition to the `CI Testing` entry: `The sanity tests MUST pass but adding some tests to the ignore.txt file is an allowed method of getting them to pass. All entries in ignores.txt MUST have a justification, preferably a comment in the ignore.txt file for each entry. Reviewers can block acceptance of a new collection if they don't agree with the ignores.txt entries.` 19:33:46 +1 19:33:48 +1 19:33:52 +1 19:33:52 +1 19:33:53 +1 19:33:54 +1 19:33:59 +1 19:34:01 +1 19:34:01 +1 19:34:04 +1 though remove preferably and make it a hard requirement 19:34:08 +1 (but i'd exclude "preferably") 19:34:20 +1 with gundalow's addition 19:34:23 +1 on hard req 19:34:36 "MUST have a justification, described in a comment in the ignore.txt" 19:34:47 +1 acozine 19:34:51 is `# TODO` an acceptable comment for something that will get fixed in a couple of weeks, once the maintainer(s) have more time? 19:35:00 and we can link to https://github.com/ansible-collections/community.docker/blob/main/tests/sanity/ignore-2.11.txt#L1 19:35:00 +1 19:35:15 felixfontein: nothing is as permanent as a temporary solution 19:35:39 this is for adding net new collections, right? 19:35:40 gundalow, aye ;) 19:35:46 Whats the incentive for the collection owner to fix it once the collection has been included in `ansible.in`? 19:35:47 acozine: yes 19:36:00 I'd say they need to be clean when they get added or they never will be 19:36:10 acozine: +1 19:36:12 it's our best chance to influence the authors 19:36:15 maybe we need an ignores.txt hall of shame for existing collections :-) 19:36:23 heeheee 19:36:28 samccann: see Bullhorn#15 19:36:34 btw, didn't find anything related to "license" in https://github.com/ansible-collections/overview/blob/main/collection_requirements.rst 19:36:45 do a periodic re-review of included collections? 19:36:46 gundalow: I'm mainly thinking of something like 'validate-plugins has been merged in ansible/ansible' happening a couple of days before, and there's no time to go through all suddenly new ignore.txt entries to remove them before the deadline is reached in two days 19:36:55 we have something in the docs now about "we know we don't follow this rule in all existing modules, don't make the problem worse" 19:37:00 Cool 19:37:30 felixfontein: ah, OK. So can we add something like `against the `devel` branch it is OK to have temporary `#todo` items for newly added validation rules 19:37:34 jillr: that's a good idea, I have no idea whether we have enough resoures for that though 19:37:35 #agreed sanity test requirement updated to require passing with rules on using ignores.txt: https://github.com/ansible-collections/overview/pull/132/files#diff-dacab21f27a6aa218b8dcaafcf6f5685df0ab52f231afa16e7a9ab5284b72c68 19:37:42 gundalow: that sounds good! 19:37:44 maybe for a different discussion (around maintenance / continual inclusion), but what happens when the sanity tests change and start failing because someone either hasn't fixed or ignored? 19:37:56 felixfontein: yeah the more I think about it, maybe it's an annual review? plan it out like a PR day? 19:38:06 jillr: good idea! 19:38:11 jillr, +1 19:38:15 and perhaps shortly before Fest, since that's one of our best times to engage with partners and community 19:38:40 yes, and on-site, plz ;) 19:38:42 we could do a collections fix-up event at contributor summit or something 19:38:44 jillr: should be sufficiently before the next major release though, so that there's time to inform collection maintainers that they don't satisfy the conditions anymore, and they have a bit time to fix it and avoid being removed 19:39:06 and ignore.txt hackfest sounds good 19:39:23 felixfontein: I dont think we'd want to remove right away? more as an opportunity to engage with the maintainer and help them get back on track, 19:39:23 with special guest russoz ;) 19:39:23 #action gundalow to think about ignore.txt hackfest 19:39:37 kicking them out should be only after attempts to get the collection back in order 19:39:44 jillr: +1 19:40:01 maybe there are categories of ignore.txt that can be 'easyfix' issues per collection 19:40:06 Kicking out is another whole set of things 19:40:32 This is good discussion, though I feel we are going slightly off topic from the inclusion criteria 19:40:44 to exclusion criteria 19:40:47 #topic license for collections 19:40:50 oh about CI.... we don't have any rule that says how often the sanity tests should run, right? 19:41:06 felixfontein: I'll add on PR and nightly to abadger1999 PR 19:41:11 some collections only run them on commits/PRs, and if these only happen every few months, they might not even notice that they would need a lot of ignore.txt entries 19:41:34 I guess a weekly built is also OK for smaller collections, but something that runs regularly would be great 19:41:42 OK, I'll add 19:41:43 NEXT 19:41:55 from resmo 19:41:55 > didn't find anything related to "license" in https://github.com/ansible-collections/overview/blob/main/collection_requirements.rst 19:42:11 plugins need to be GPL 3.0+ licensed anyway 19:42:15 abadger1999: to be included in the `ansible` package, what licences must a collection be 19:42:30 the whole collection needs to be compatible to GPL 3.0+ I guess 19:42:35 remembering these a net new files, not ones previously in ansible/ansible 19:43:00 GPL v3 would be a pass, others would need to be considered 19:43:17 felixfontein: yeah, plugins must be GPLv3+ is a necessary rule to comply with importing the ansible library 19:43:46 But I think since the model is "What does a Linux distro do?", then modules and module_utils can be any open source license. 19:44:16 Maintainers (and reviewers) will need to point out license incompatibilities if they spot them, though. 19:44:47 since reviewers and maintainers usually aren't lawyers, I'd tend to define a list of approved collection licenses 19:45:07 The FSF, Fedora, and OSI all have lists of open source licenses. 19:45:10 new entries of the list need to be approved by someone who knows licenses well enough (RH legal?) 19:45:41 abadger1999: I'd be happy to re-use an existing list :) 19:46:14 if we're going to have a list of acceptable licenses IMO that should 100% be reviewed by RH legal 19:46:30 https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#SoftwareLicenses 19:46:31 There is a minimal amount of literature for plugins here: https://docs.ansible.com/ansible/latest/dev_guide/developing_module_utilities.html#standard-module-utilities 19:46:59 https://www.gnu.org/licenses/license-list.html 19:47:30 https://opensource.org/licenses/alphabetical 19:47:37 abadger1999: that last link lists apache v2 as compatible but I still got in trouble for initially licensing ara as apache v2 :) 19:47:52 I didn't want to bother and re-licensed to gplv3 but still 19:48:13 apache v2 and gplv3 are compatible. But apache v2 and gplv2 are not compatible. 19:48:22 all three licenses are open source. 19:48:53 what exactly does 'compatible' mean here? 19:49:08 can gplv3 code be used in an apache v2 project? 19:49:13 or vice versa? or both? 19:49:25 there be dragons (and lawyers) 19:49:39 hence why I just re-licensed, was easier 19:49:46 Also, I think I should have responded differently to whatfelixfontein said earlier..... plugisns must be licensed gplv3 compatible.... they don't necessarily need to be under the gplv3 themselves. 19:50:48 dmsimard: thinking about licenses always scares me :) 19:50:58 abadger1999: FYI I CI Cron and ignore.txt example from felixfontein to https://github.com/ansible-collections/overview/pull/132/commits/a060bb028523d32b5666c42cf390ea70e54e1097 19:51:10 it's all well and good for us to say let's pick the OSI or FSF lists, but there's nuance we could miss and we have lawyers for just these things 19:51:16 felixfontein: it would mean: I have a plugin. It imports ansible (GPLv3+). Therefore, the license of my plugin must be compatible with the GPLv3. I can license the plugin as Apache v2 because that is true. 19:51:39 jillr: yup, this might be why I ignored it from the original checklist :P 19:51:46 (back in 5) 19:52:02 jillr: that's why I prefer an explicit list that can only be extended after consulting lawyers :) 19:52:15 gundalow: so let's say the action item is "ask RH legal to help us write us some things about license requirements" 19:52:40 I'm OK for that list to be "GPLv3+" initially (assuming that's right) then after speaking to OSLegal we can add more 19:52:45 jillr: it's clear that gplv3 is A OK, need to validate for the rest 19:52:46 +1 to an explicit list 19:52:50 as for the requirements list, we know we want guidance and restrictions about licenses but we're not going to solve that list here today 19:52:59 dmsimard: yeah 19:53:01 (would be great to have apache v2 on that list if possible, so I could "donate" apache cloudstack modules to apache) 19:53:05 gundalow: abadger1999: I'm also fine with weekly CI, as long as it doesn't happen less recently 19:53:54 do we need to vote to include licensing as a requirement for included collections? 19:54:10 felixfontein: I'm a little unsure about CI requirements.... what CI (resources/examples of configuring free services/etc) do we provide for collection owners? 19:54:10 jillr: I think it would be better 19:54:38 abadger1999: we don't provide any services, but we have examples for GitHub Actions 19:54:51 I'd prefer that we don't spend more than 5 more minutes on licencing as I feel it will take hours otherwise 19:54:58 and for small (open source / community) collections, what GH offers for free is sufficient 19:55:19 abadger1999: https://github.com/ansible-collections/collection_template/blob/main/.github/workflows/ansible-test.yml 19:55:22 VOTE: For initial checklist can we copy the license requirements that we had for ansible/ansible (GPLv3+ and BSD for module_utils) 19:55:23 I don't think I like requiring everything to be gplv3+ at the moment is workable. 19:55:24 lets vote 19:55:35 abadger1999: oh? 19:55:41 Yeah, okay, BSd for module_utils is what I was thinking of. 19:56:01 let's try to extend the list quickly to some more licenses. though not today :) 19:56:04 +1 19:56:14 +1 19:56:16 gundalow I'm going to write something more finished before we vote 19:56:20 +1 19:57:07 current documentation says GPLv3 or higher 19:57:08 https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_checklist.html 19:57:26 acozine: I think that's the + in GPLv3+ 19:57:29 Proposal: New licensing section in the checklist. Licensing section will say: "At the moment, module_utils must be licensed under the BSD-3-clause license and all other content must be licensed under the GPLv3+. We have a list of other open source licenses which are allowed as soon as we get red hat legal to approve such a list for us" 19:57:34 https://www.apache.org/licenses/GPL-compatibility.html tldr, apache v2 okay to be in gplv3 code (like abadger1999 said) but not vis versa 19:57:51 abadger1999: I don't think module_utils must be BSD, GPLv3+ is also fine IMO 19:58:22 PROPOSAL: New licensing section in the checklist. Licensing section will say: "At the moment, module_utils must be licensed under the BSD-3-clause or GPLv3+ license and all other content must be licensed under the GPLv3+. We have a list of other open source licenses which are allowed as soon as we get red hat legal to approve such a list for us" 19:58:34 the BSD requirement was mainly to allow re-use of generic code, but module_utils in collections is used for a lot of specific code that's not really optimized for being reused outside the collection 19:58:36 PROPOSAL: New licensing section in the checklist. Licensing section will say: "At the moment, module_utils must be licensed under the BSD-3-clause or GPLv3+ license and all other content must be licensed under the GPLv3+. We will have a list of other open source licenses which are allowed as soon as we get red hat legal to approve such a list for us" 19:58:58 Anything else people see before we vote on that? 19:59:29 for module utils, current docs say BSD with exceptions https://docs.ansible.com/ansible/latest/dev_guide/developing_module_utilities.html#standard-module-utilities 20:00:20 acozine: one could argue that this is mainly for ansible/ansible :) 20:00:29 abadger1999: would it make sense to say "at the moment we follow the ansible/ansible licensing requirements [link to docs] and will have a list...." 20:00:41 jillr: But we don't 20:00:55 yeah, we can change the docs to reflect whatever we decide 20:00:59 the current guidelines say that the core team approves. 20:01:10 abadger1999: fair, I was trying to piece together the different docs links above^ 20:01:11 (for module_utils) 20:01:48 one could interpret 'core team' as 'collection maintainers', but that's an interpretation 20:02:26 Also... I don't think we want to be the arbitrators of that as a general rule. 20:02:43 ok, we had more than 5 minutes, let's vote maybe? 20:02:57 VOTE: New licensing section in the checklist. Licensing section will say: "At the moment, module_utils must be licensed under the BSD-3-clause or GPLv3+ license and all other content must be licensed under the GPLv3+. We will have a list of other open source licenses which are allowed as soon as we get red hat legal to approve such a list for us" 20:03:03 I think the latest proposal is a good start; we can still adjust it next week if someone has a better idea until then 20:03:16 +1 20:03:18 +1 20:03:19 +1 20:03:25 +1 20:03:30 yeah.... this week we need things that we think *MUST* be changed in order to approve the checklsit 20:03:31 +1 20:03:38 +1 20:03:39 +1 20:03:49 +1 20:04:06 +1 20:04:06 also, if someone likes a license to be added to this list (like Apache), that should be tracked somewhere so we have something to ask RH legal 20:04:42 +1 20:04:43 issue under `/overview/` 20:04:48 we could add this to the checklist 20:05:14 what felixfontein suggested 20:05:24 andersson007_: it's a temporary thing, for until next week :) 20:05:31 no need to add that to the checklist 20:05:42 ok 20:06:07 isn't the term short? 20:06:08 +1 20:06:17 we can add some generic "new licenses can be added to this list, but only after approval by RH legal", or something like that. we want to avoid that we can be used to DDOS RH legal ;) 20:06:19 #action abadger1999 to find out who manages legal@fedoraproject.org and whether we can piggyback off of the list they maintain for our needs or need to setup our own review process and list with red hat legal. 20:06:37 +1 20:06:41 abadger1999: +1 20:07:02 +1 20:07:06 #agreed New licensing section to be added: https://github.com/ansible-collections/overview/pull/132/commits/7d93eb228f66a1bd581e0f014630af50891e7714 20:07:40 #topic Make some things stricter 20:08:15 samccann: You mentioned this. Do you have a solid proposal? If not, I would advise we move on and cover specific ideas as non-essential changes next week. 20:08:44 Or a list of potental things and maybe we can quickly approve some of them 20:08:56 I think we should require that there's a publicly available issue tracker (you don't have to pay to register and create an issue) and a changelog 20:09:22 (taken from jillr's issue https://github.com/ansible-collections/overview/issues/126) 20:09:29 #topic Publically available issue tracker 20:09:42 +1 20:10:03 Is there any detail that needs to be included? 20:10:07 +1, obv 20:10:10 +1 20:10:11 jillr: :) 20:10:14 also some expectation about handling security issues might be a good candiate to add 20:10:32 +1 20:10:38 I'd still like a SHOULD have a CoC 20:11:04 +1 20:11:13 sorry blinked and I missed my moment - but no, I didn't have anything concrete for 'make things stricter' other than what was already mentioned - better testing, limiting ignores.txt etc 20:11:18