Dev Meeting Transcript (March 12, 2021)
[4:01 PM] Kent Bull: hello all
[4:01 PM] Vincent: can yo upost the link to the AMA first please?
[4:01 PM] Kent Bull: do the permissions look set right? I have them set to verified members rather than everyone
[4:01 PM] boatsandhoes: seems good
[4:01 PM] Kent Bull: AMA Invite: https://app.spatial.io/rooms/6016fcb1ad940c06501a180a?share=2917580304645614086
[4:01 PM] Hans_Schmidt: Hello!
[4:02 PM] Pope Dirk Diggler (Cryptofarian): sup yall
[4:03 PM] Tron: Hello everyone. I look forward to the meetup/AMA. I think the virtual room "Ravencoin Foundation HQ" is always open and available.
[4:03 PM] Blockchain John: Hello Ravenites!
[4:03 PM] kinkajou: Regarding the note-taking – I have been posting the meeting transcript to Reddit each week. I suppose it wouldn't be too much work to condense that down a bit for your needs Kent Bull ? Not sure exactly what you're looking for there
[4:04 PM] boatsandhoes: can we start with an update on the audit?
[4:04 PM] Kent Bull: That would be great.
[4:04 PM] Tron: The VR works well with Oculus Quest, or Quest 2. It probably works with other VR sets, but that's what I've used.
[4:04 PM] Kent Bull: boatsandhoes that's on the agenda so we may as well start there.
Do we approve the agenda for today or is there anything we should add or strike from the agenda?
[4:05 PM] boatsandhoes: i think we are past the point of editing the agenda
[4:05 PM] Kent Bull: Due to discussion in #development this week I don't want to unilaterally assume it's okay .
[4:05 PM] Kent Bull: ok, shall we start from the top?
[4:05 PM] boatsandhoes: it should be before the meeting, not during, just my 2 sats
[4:05 PM] Blockchain John: Let it BEGIN
[4:06 PM] Kent Bull: First item is the code review process:
- Code merging process
[4:06 PM] Kent Bull: Common questions throughout the week are:
Who has committer privileges on the core raven repositories
Who is responsible for reviewing pull requests on the raven repositories
[4:07 PM] Hans_Schmidt: The procedures and credential assignments for git commits and public new version releases should be set by each SIG independently after negotiation and agreement with the Code Committee. A SIG developing an explorer or similar tool may have very loose rules. For raven-qt the rules should be super-strict. But in the end, this only applies if a group of devs wants to act as a SIG and benefit from Foundation bounties and other benefits. There is no such thing as "official" Ravencoin software, and devs can act independently or even fork.
[4:07 PM] kinkajou: Shaun Neal posted this article on Medium last night – I thought he presented some potential solutions well
[4:08 PM] Jeroz: For transparency: I only have privileges for the ravencoin.org website.
[4:08 PM] kinkajou: Unfortunately, I don't know of any existing blockchain projects currently implementing a truly decentralized code development/governance process
[4:09 PM] Tron: I agree the process needs to be strict, and especially so for anything the affects consensus. We have not had a formal process in place since the move from Medici. I can set the process rules, but we need people that can review the code.
[4:10 PM] Kent Bull: We could start out with a list of community members per repository so people know who they can go to in order to ask for a review or to ask for a merge.
[4:10 PM] boatsandhoes: strict, but also transparent. we need a public list of who can approve mergers depending on what its for, ie qt, website, etc
[4:10 PM] Jeroz: I was very surprised that Roshii submitted code changes to the master branch. Especially, after I replied in the PR that it should go to develop.
[4:10 PM] Kent Bull: I'm currently learning C++ and do not feel comfortable reviewing things dealing with consensus though I'm making my way to that.
[4:11 PM] Tron: And, ANYONE can comment on PRs if you see anything that is a red-flag, or yellow-flag.
[4:12 PM] Kent Bull: Do we want to publish a list of maintainers for each repo?
[4:12 PM] Jeroz: yes
[4:12 PM] Kent Bull: I'll start a list in my repo where I'm putting the agendas.
[4:12 PM] boatsandhoes: +1
[4:12 PM] Hans_Schmidt: Absolutely
[4:13 PM] Kent Bull: Is that enough for now? We could move on to the next agenda item if we'd like.
I'll read Shaun Neal 's article and see what else we can add. I'd like to hear your thoughts as well Tron on what rules we could put in place.
[4:13 PM] Kent Bull: I'll bring that list to next weeks developer meeting and will post it in #development as soon as I have it.
[4:13 PM] Tron: I will review and approve code changes to core, but that should not be enough. There should be additional requirements.
[4:14 PM] boatsandhoes: at this point, the only 2 people I know who can push the qt main branch are Tron and @[MASTER] roshii
Tron, you posted 2 pics the other day of devs that can make changes, but a good % of them could not
[4:14 PM] boatsandhoes: doesn't it already require 2 devs to approve?
[4:15 PM] Tron: But I think the others can be approvers, which, once the rules are established, are needed.
[4:15 PM] Pathfinder: I know it's silly, but might there be a place somewhere on GitHub under https://github.com/RavenProject where I could put copies of all the RVN memes and meme template images I have floating around? There's an old repo I was using, but I don't think anyone's looking after it anymore (https://github.com/underdarkskies/Ravencoin-Marketing)
[4:15 PM] Pathfinder: Could migrate all the stuff in that old Ravencoin-Marketing repo to the main project too?
[4:16 PM] Pathfinder: I'm happy to move stuff and look after it.
[4:16 PM] Kent Bull: Ok, in the interest of time should we say we have a plan of action for this agenda item and move on to the next item?
[4:17 PM] Tron: Would it be better to fork underdarkskies/Ravencoin-Marketing to Pathfinder/Ravencoin-Marketing if it has been abandoned?
[4:17 PM] LSJI07 – BWS: is it worth asking if there should be an external audit per new release or planned schedule of releases (or both)? If we are building pipelines be good to know for the community to be able to plan their time.
[4:18 PM] Pathfinder: I'm not a GitHub expert, so I'll do whatever more knowledgable folks think makes sense. I just don't want things to get lost or abandoned.
[4:18 PM] Kent Bull: Tron answered this in Blockchain John 's podcast. We get security audits for consensus-related things.
[4:18 PM] Kent Bull: We don't quite have to go to that level for every code change.
[4:18 PM] LSJI07 – BWS: and regular releases?
[4:18 PM] Kent Bull: just for security sensitive things. We can always pay for an audit or review for any PR though if we want one.
[4:19 PM] Tron: I think code audits are essential for anything that impacts consensus. Smaller releases that don't impact consensus shouldn't need it.
[4:19 PM] boatsandhoes: can we move to #2
[4:19 PM] Tron: I don't want to hold up GUI improvements, spelling issues, translations, icons, cosmetic fixes, etc with a security review.
[4:19 PM] boatsandhoes: its a big agenda list and we are 1/3 out of time
[4:19 PM] Kent Bull: agreed. LSJI07 – BWS let's bring that up in a future meeting.
[4:19 PM] Kent Bull: Next item:
- Status update on P001 – P2SH
– Kudelski Security discussion
– Security Code and legal funds discussion
[4:20 PM] Tron: I had a call with them 2 hours ago. They will give us an estimate next week.
[4:20 PM] boatsandhoes: are funds already available for the audit?
[4:20 PM] Kent Bull: kinkajou will you put that in the notes?
[4:20 PM] Tron: They're a pretty big firm with guys in US, but out of Switzerland I think they said.
[4:20 PM] boatsandhoes: shouldn't be more than 20k right?
[4:21 PM] Tron: There are funds for the security audit because of the overpayment for the last one — combined with a 1200%+ increase in value of RVN.
[4:21 PM] boatsandhoes: outstanding
[4:22 PM] boatsandhoes: can we start with funds that went towards building the code for the fork?
[4:22 PM] Tron: These funds are being held by 4 trusted community members. One of them has proposed sending the funds to the foundation, and I think the other 3 would like that as well.
[4:22 PM] boatsandhoes: then if needed dip into the excess funds from the last audit? just seems the cleanest way to go
[4:22 PM] LSJI07 – BWS: Is this for the p2sh proposal code submitted only or including the older code as well?
[4:23 PM] Tron: I only discussed the P2SH code. I'm sure they'll do any auditing we want for a price. How do we feel about the code audit we already had done?
[4:23 PM] boatsandhoes: so there is only 1 firm we are getting a quote from?
[4:24 PM] boatsandhoes: feel good about it, no reason to do another one for the same thing
[4:24 PM] Tron: We already have a quote from ISE.io ($16,800 to $19,800) for P2SH PR review.
[4:24 PM] Jeroz: wouldnt they need to go through the whole thing to be able to judge p2sh?
[4:24 PM] boatsandhoes: good point
[4:25 PM] LSJI07 – BWS: I am happy with the ISE code review. Worth having more ultra security conscious eyes on the code in my opinion. The code is a whole package as far as im concerned.
[4:25 PM] Tron: Only where it interacts.
[4:25 PM] Hans_Schmidt: Amoung the outstanding PRs, only the P2SH code is risky. But of course you have to look at everything to some degree
[4:26 PM] Kent Bull: So with that update on Kudelski what do we want to cover regarding the security code and legal funds discussion?
[4:26 PM] boatsandhoes: why not go with the ISE.io quote and start the process today?
[4:27 PM] Tron: We have the funds. It seemed pricey, so this is a second quote. It may be for more, I'm not sure.
[4:27 PM] Jeroz: Oh by the way, I was not sure if the P2SH code applies to all assets, including tags. Could people with cpp knowledge look at that?
[4:27 PM] Kent Bull: I'm sure they will.
[4:27 PM] Kent Bull: The work is already done though. AFAIK it's for all assets.
[4:28 PM] boatsandhoes: so if more go with ISE.io, if less, go with the company you will hear back from next week?
[4:28 PM] Jeroz: all I know is that the tag-assets are a special class
[4:28 PM] Hans_Schmidt: I was not particularly impressed with ISE's audit. Better than nothing. We should try someone else if we can.
[4:28 PM] boatsandhoes: Hans_Schmidt why specifically were you not impressed?
[4:29 PM] Tron: I agree. I wanted a more comprehensive report on what was done. The " – Improved" report was better, but not confidence inspiring.
[4:29 PM] boatsandhoes: understood
[4:29 PM] LSJI07 – BWS: The report felt like getting a ford when i wanted a lambo.
[4:29 PM] boatsandhoes: so the one you are waiting for next week is a better company?
[4:30 PM] Hans_Schmidt: Half the "identified issues" had already been fixed, were for BCH and didn't apply to RVN, etc
[4:30 PM] boatsandhoes: oh
[4:30 PM] Tron: The reports are here if you want to read them: https://ravencoin.foundation/code-security-audit
[4:30 PM] boatsandhoes: i would be interested in reading an audit of the audit. im sure a lot of others would too
[4:30 PM] boatsandhoes: Hans_Schmidt you game for that?
[4:31 PM] Jeroz: Anyways, I would favor an audit on the whole thing including p2sh, if it's a new company unfamiliar with the code. We have the funds.
[4:31 PM] boatsandhoes: agreed
[4:31 PM] Hans_Schmidt: I don't want to publicly shame anyone. It was better than nothing.
[4:31 PM] boatsandhoes: unless its absurdly high price
[4:31 PM] Jeroz: lol
[4:32 PM] boatsandhoes: its not a shame if its just pointing out valid perspectives
[4:32 PM] Kent Bull: A review of the whole code base could be useful though we don't want to halt or bottleneck development waiting on it.
[4:32 PM] Tron: Let's get the proposal/price and decide. I'm not against having them do another full review Jeroz
[4:33 PM] boatsandhoes: until today, i thought the last audit was 5 stars, it would be great to get at least one in depth review of the last audit so the community can understand better
[4:33 PM] LSJI07 – BWS: I have written and read lots of life safety reports and specifications. Lots of the audit was generic and easily repeatable for different customers. Im sure ISE did the work behind the scenes and testing etc. I just can't see and test procedures or outcomes based on the testing.
[4:33 PM] Jeroz: then people can tweet double audited bitcoin 3.0! :rofl:
[4:34 PM] LSJI07 – BWS: Thats my personal view above.
[4:34 PM] boatsandhoes: should we move on to #3 on the agenda?
[4:34 PM] Kent Bull: Do we have anything further to share on the audit?
If not then the next agenda item is:
Security Code and legal funds discussion
[4:35 PM] Tron: An audit is like a car inspection. If someone doesn't give you a checklist of everything they've tested that passed, then anyone can kick the tires, and say it looks good. I'm not saying ISE.io didn't do a thorough inspection, but the checklist was non-existent in the first report, and limited in the " – Improved" report.
[4:36 PM] boatsandhoes: what legal thing needs funds spent on at this point in time?
[4:36 PM] Hans_Schmidt: Tron well said
[4:36 PM] boatsandhoes: appreciate the insight
[4:37 PM] Tron: Right now we have no legal needs that I'm aware of. I'd propose that the funds in the legal fund (currently mixed in with the code audit funds), are held by the foundation, and untangled and allocated to each (future legal, and current code audits).
[4:37 PM] Kent Bull: That sounds like a good idea.
[4:37 PM] Kent Bull: Or, rather, reads like a good idea. No sound to text.
[4:37 PM] Hans_Schmidt: Makes sense
[4:38 PM] Vincent: what about some of the core design features; voting;… anyone working on those… any plans to finish the project?
[4:38 PM] Tron: I have the first draft of the pro bono work for the network-derived funding. I'm not allowed to distribute the DRAFT copy, but it looks good and thorough.
[4:39 PM] Kent Bull: Good question, let's bring that up soon. We've got upcoming agenda items. If we don't cover it then submit it as a PR for the next meeting. We can always discuss throughout the week as well.
[4:39 PM] boatsandhoes: i like the idea, can this be brought up again next week too before a decision is made?
[4:40 PM] Tron: Vincent Larger questions. Given the recent rise in price, and considering this over a billion $ project now …. Do we want to risk security to add expiring voting tokens? Tokens can be used for voting now, they just don't expire out of the UTXO set. It is a consensus change.
[4:41 PM] Vincent: Well should the outline of the rest of the project be defined
[4:41 PM] Jeroz: we need an alternative 2nd layer system then.
[4:41 PM] Jeroz: and could focus on that
[4:41 PM] boatsandhoes: ^100% yes
[4:42 PM] LSJI07 – BWS: Dedicated yes and no rvn burn addresses. :rvn_heart_2:
[4:42 PM] boatsandhoes: Vincent ill try to submit something on it this week
[4:43 PM] Kent Bull: Would it have to be burn addresses or would it be sending tokens back and forth? The transaction fee could be considered burnt, so maybe a burn address would work well.
[4:43 PM] Tron: Transaction fees are not burned. They are recycled to miners.
[4:43 PM] Hans_Schmidt: raven-qt is working well now. Except for P2SH I would recommend against consensus change code until we have more devs and a better process. They will come.
[4:43 PM] Kent Bull: Thanks for the reminder :stuck_out_tongue:
[4:43 PM] Tron: This would be my preference as well.
[4:44 PM] Kent Bull: Agreed, let's get the other low-hanging fruit and WIP done.
[4:44 PM] boatsandhoes: something like this would work for voting https://www.corviato.com/votez
[4:44 PM] Blockchain John: I feel like these dev meetings are either not long enough or there is too much on the board to discuss.
[4:44 PM] Jeroz: both
[4:44 PM] Vincent: the question wasn't about voting specifically
[4:44 PM] boatsandhoes: +1
[4:45 PM] Kent Bull: It seems we've established that consensus changes are a bit of a slower process. We can build significant project momentum by targeting some of the other low hanging fruit that can be done quickly, like wallet fixes, QT fixes, and such.
[4:45 PM] boatsandhoes: agreed
[4:45 PM] Kent Bull: Yeah, though we can discuss things in #development during the week. I suspect we could improve our communication processes of what work is ongoing and the status updates so we don't have to crowd everything into these dev meetings.
[4:45 PM] Tron: Now. Three months ago…. crickets.
[4:46 PM] Hans_Schmidt: Yes, small feature adds and cleanups are ok
[4:46 PM] LSJI07 – BWS: I swear Tron just called me a cricket. :rofl:
[4:46 PM] boatsandhoes: next item on the agenda?
[4:46 PM] Kent Bull: Hardware Wallet Integration – P002
[4:47 PM] Hans_Schmidt: I recommend that Proposal002 be withdrawn. Aside from the coding required, USB drivers are a huge attack vector. Adding them to raven-qt is a bad idea at this time. If bitcoin ever does it, we can do it then.
[4:47 PM] Kent Bull: That's sound reasoning.
[4:47 PM] Kent Bull: Do we have counterpoint?
[4:47 PM] boatsandhoes: second the motion
[4:47 PM] Jeroz: P002 goes hand in hand with point 5 on the agenda imo
[4:48 PM] Blockchain John: Agreed
[4:48 PM] boatsandhoes: then maybe modify P002 to be just for Electrum wallet at most?
[4:48 PM] LSJI07 – BWS: Withdraw P002 and divert the resources to focus more on the electrum wallets to support hardware wallet users.
[4:48 PM] Kent Bull: This is what I thought we were doing, modifying P002 for just Electrum.
[4:48 PM] Kent Bull: Is that not the plan?
[4:48 PM] Jeroz: it is now
[4:49 PM] boatsandhoes: ^that part
[4:49 PM] boatsandhoes: next item on the agenda?
[4:49 PM] Kent Bull: Spatial.io Meetup/AMA after this meeting
[4:49 PM] Kent Bull: 2 PM PST, 3 PM MST
[4:49 PM] boatsandhoes: on in other words, 11 min
[4:49 PM] Kent Bull: yep
[4:50 PM] Tron: Based on our previous conversations, I've removed P002. And added reward onto electrum-raven.
[4:51 PM] LSJI07 – BWS: Associated SIG looks like its growing nicely.
[4:51 PM] Kent Bull: Since we've announced the AMA just after this shall we move on to Hans_Schmidt 's agenda item?
[4:52 PM] Kent Bull: It's a big item on SIGs and team management.
[4:52 PM] boatsandhoes: #5-3 is a good idea, its not going to happen this meeting. we should make a file just for that where people can contribute at will
[4:52 PM] Kent Bull: Agreed. I'm already assembling that sort of a list and will post it in #development when I have it.
[4:52 PM] Hans_Schmidt: The creation of a Code Committee which manages SIGs, and its relationship to the Foundation, is modeled loosely on the Internet Engineering Task Force and its relationship to the Internet Society. The IETF is an open voluntary group with no formal memberships and no formal voting procedures, but it accomplishes all the internet technical work. The Internet Society is a membership-based non-profit corporation which provides the financial and legal framework with formal voting procedures but it exists primarily to serve the IETF. Wikipedia has a good description.
[4:52 PM] boatsandhoes: a good chunk of the info is already on the wiki, which is nice
[4:53 PM] boatsandhoes: fantastic
[4:53 PM] Jeroz: If people have not read it yet, I really recommend giving Hans_Schmidt's thoughts a read.
I agree with the ideas and think Special Interest Groups is a great idea.
Moreover, Hans_Schmidt set up an Electrum SIG that has 3 developers now and a discussion channel at #electrum-sig-working. A call out for volunteers already has over 20(!!!) signups for coding and testing!
[4:53 PM] Kent Bull: Who manages the Wiki? I'd like to contribute articles.
[4:53 PM] boatsandhoes: Jeroz does
[4:53 PM] Kent Bull: I second this. Hans put a lot of thought into things. If you haven't read it then please do.
[4:53 PM] Jeroz: send me your user ID, and ill give you the rights.
[4:53 PM] Tron: Have not read it yet. I will after the AMA. Thank you Hans_Schmidt
[4:54 PM] Kent Bull: Ok, let's pick one of those sub items to finish off this meeting.
[4:55 PM] Kent Bull: How about this one?
Are there developers interested in setting up SIGs?
[4:55 PM] Kent Bull: Yes, I'm very interested in it. I really like this model, even if just as a starting point.
[4:55 PM] Kent Bull: It gives the community a clear place to go to send developer resources and ask questions as well as submit comments.
[4:55 PM] Jeroz: So we also need a SIG for example for Bluewallet (mobile), for Core, etc.
[4:55 PM] Kent Bull: It's a great way for individuals to take responsibility for specific featuresets and parts of the community.
[4:56 PM] boatsandhoes: yep
[4:56 PM] Kent Bull: For example, #thenest has become a SIG for emotionally supporting Joe.
[4:56 PM] Kent Bull: Hope I haven't crossed a line too much there :stuck_out_tongue:
[4:56 PM] Jeroz: not at all
[4:56 PM] boatsandhoes: Would love feedback on github for P003 and P004
[4:57 PM] Kent Bull: Who disagrees with the SIG idea? Let's hear some counterpoint if we have it.
[4:57 PM] Kent Bull: Otherwise, it proceeds by default lol
[4:57 PM] Tron: Still need to read it.
[4:57 PM] Tron: Here's the funded GitHub issues.
[4:57 PM] Tron: https://ravencoin.foundation/proposals/
[4:57 PM] boatsandhoes: Eyeballs on #s 9 and 11 of the agenda would be super great
[4:58 PM] boatsandhoes: obviously not this meeting, but as a topic for next week would be great
[4:58 PM] Pope Dirk Diggler (Cryptofarian): anything Joe related, is never over the line
[4:58 PM] Kent Bull: Let's discuss SIGs throughout the week then and bring it up first thing next meeting if we still need.
[4:58 PM] Hans_Schmidt: P003 and P004 are fine. I am more interested in the process and having SIGs manage their creation.
[4:59 PM] Vincent: is joe banned from the meting?
[4:59 PM] Kent Bull: Ok, just to clean this meeting up, any closing thoughts?
We can discuss any of the other agenda items throughout the week.
We're starting to get things done in these meetings :slight_smile:
[4:59 PM] Hans_Schmidt: More coding!
[5:00 PM] Kent Bull: I volunteer for next week as well. I'm jumping over to the AMA now. Thank you everyone for coming!
[5:00 PM] Tron: I'll see ya'll at "Ravencoin Foundation HQ". Signing off.
[5:00 PM] Blockchain John: Kent Bull excited to have you on the Crypto Currency Chat Podcast on Sunday. I hope to discuss more Raven discussion.
[5:00 PM] boatsandhoes: :wave:
[5:00 PM] Kent Bull: If anyone else wants to volunteer then go ahead, you can facilitate.