Dev Meeting Transcript (July 16, 2021)

[4:24 PM] Someone_2: Going to guess the meeting hasn't really started yet, will check back in a bit.

[4:25 PM] kralverde: If you want to ask some questions they can be answered in a bit

[4:27 PM] kralverde: We also have meetings for special interests every wednesday in voice channels for more indepth discussion on core and electrum; the friday development meetings are kind of just a review for what has gone on the past week

[4:29 PM] Tron: Hi everyone. Sorry I'm late. I got here and opened the channel. Usually this is already done.

[4:30 PM] kralverde: Everyone’s busy weeks aligned it seems

[4:31 PM] kralverde: Am i correct in hearing that the core just needs a code review/audit before the next release?

[4:31 PM] Tron: We've done one review/audit of P2SH.

[4:32 PM] Tron: I've asked ISE for an estimate for reviewing the rest of the code, and I've asked CertiK for the same. Both should have a response by early next week.

[4:33 PM] Tron:

Attachment file type: acrobat

ise-ravencoin-assessment-202106-r1.pdf

295.17 KB

[4:33 PM] Tron: P2SH assessment

[4:37 PM] kinkajou: Tron some community developers have pointed out that github issues related to mobile wallets tend to get ignored and PRs not receiving much/any attention. Are there any plans to address the current mobile wallets? And if not, could we perhaps looking into archiving them or noting somewhere on the development pages that the projects are no longer being prioritized/maintained?

[4:40 PM] Tron: Excellent questions. I think the SPV wallets are worth having. I am not a mobile dev, but I can put bounties on the mobile wallet issues. The Android version in particular needs help to be a viable wallet.

[4:41 PM] kinkajou: There are currently multiple open PRs for the android wallet related to bounties posted on the foundation site. It seems based on the bounties site that Ben completed many bounties and was paid for this work but the PRs have not been merged. Is this just a matter of not having reviewers?

[4:41 PM] kralverde: I would image thats the case

[4:42 PM] kralverde: It might be best to add some more contributor accounts to certain repos

[4:44 PM] kralverde: We do have the moontree workers hard at work on an alternate app https://github.com/moontreeapp/raven though this is being built from scratch and will likely be a few months out

[4:45 PM] kralverde: Though theyve said theyre working on a mockup ui now for basic transactions

[4:45 PM] kinkajou: Agreed. It would be nice to get those PRs reviewed and merged since they represent many thousands of dollars in foundation funds. The ravenwallet-android repo overall could use some updating. https://github.com/RavenProject/ravenwallet-android

At least to help point developers in the right direction

[4:46 PM] kinkajou: Don't want to lose developers that want to contribute because they are confused by the workflows

[4:47 PM] Tron: Stibits works on iOS, and MangoFarmAssets also works on mobile for both platforms, and moontree is coming, but there is still value to SPV wallets. Exodus, Edge, Trust Wallet and many others work for RVN, but not assets.

[4:47 PM] kralverde: (if anyone knows java/js , are reading this elsewhere and are motivated to do some code overhauls reach out on the discord)

[4:48 PM] kralverde: Who is incharge of updating these on the app store?

[4:48 PM] Tron: I've built iOS RVN before, and can do it again. I've not installed the iOS dev environment on my current system.

[4:48 PM] kralverde: I think there should also be a warning about mining to the rvn mobile wallets specifically

(Though there have only been a few issues ive heard of)

[4:49 PM] Tron: I can update on iOS app store.

[4:49 PM] kinkajou: Right, I don't think there is any shortage of working mobile wallets. Rather the problem is that the "official" mobile wallets (on the projectraven repo) seem deprecated/unsupported and community developers attempts to update these "official" wallets are not noticed or seemingly not prioritized. If we could get a notice posted on the github that efforts have largely shifted to other mobile wallet platforms I think that would be helpful.

[4:50 PM] kinkajou: Or a notice that we need more reviewers before development can continue if that is the case.

[4:51 PM] kinkajou: It seems obvious to many here just to check the development channel in Discord but to many outside devs working from Github alone that is not the case. And there is nothing on those Github pages directing them here

[4:52 PM] kralverde: We can talk to the admins here to create channels to sort of form some kind of mobile wallet sig

[4:53 PM] kralverde: Do you want to try and find devs/organize this kinkajou

[4:53 PM] Tron: If we have a mobile-wallet-SIG, or a mobile-wallet-android-SIG, I'll reference it via the README in the GitHub.

[4:55 PM] kinkajou: I don't think I'm at all qualified but I'll help in any way I can. But again I don't think the issue has anything to do with SIGs in this Discord or elsewhere on Github. Rather the issue is that our current mobile wallet repos on the ravenproject Github are confusing to new developers looking to contribute.

If it was a significant enough problem for one mobile dev to seek out a channel specifically to voice discontent then I have to believe other devs are experiencing the same confusion and simply choosing to forego the project.

[4:56 PM] kralverde: You seem to be motivated enough to be asking about it 😉

[4:57 PM] kralverde: Of course no pressure, but it would really just be trying to pull in devs/organize the qualms people have with the current mobile wallet

[5:00 PM] kinkajou: I don't know anything about mobile dev and I cannot code JS if my life depended on it which feels important/relevant here. I would be happy to help attempt to organize if that is the only way forward here.

My view is that the Github needs to be updated or a notice should simply be posted in the current mobile wallet repos directing devs here or elsewhere. It sounds like that is what Tron is talking about doing?

[5:02 PM] Tron: You are right, the accepted PRs should be integrated, built and deployed. I will start with iOS. I don't think I have the credentials needed for Android deployment, but I can ask around.

[5:04 PM] Tron: Just got a message back from CertiK. CertiK isn't able to do a security review until Sept or Oct. To me, that seems too late. Thoughts?

[5:05 PM] Jeroz: Ah thanks. I wanted to bring up the exact same issue after someone raised these concerns on Reddit. He said that he posted an issue first to see if there was any action/development going on before actually committing to submitting code. He was disappointed that he did not receive any response for quite some time and that other issues have long been ignored.

[5:05 PM] kinkajou: That would be great! Seems like Ben put a lot of hours in there so would be nice to reap the benefits of his hard work heh

[5:06 PM] Jeroz: Late indeed

[5:06 PM] kralverde: Did we want certik for some reason? What about ISE?

[5:07 PM] Tron: ISE is also going to give me an estimate. (next week)

[5:07 PM] Jeroz: ISE only reviewed the specific P2SH part

[5:07 PM] Jeroz: If I understand correctly

[5:08 PM] Tron: Correct. The estimate is for the as-yet-not-security-reviewed-by-ISE non-P2SH code.

[5:08 PM] Jeroz: Yeah, which seems a bit weird now (since there is way more new code) but when it was initiated, I think the only new part was P2SH submitted to the develop tree

[5:16 PM] Tron: I'll get the estimate from ISE (time & money) and we can decide from there.

[5:16 PM] Jeroz: Cool

[5:18 PM] Jeroz: Do we have a time schedule yet on what and when we want to release the new stuff? I’ve been mostly occupied elsewhere lately

[5:21 PM] Jeroz: I guess too many peeps are on vacation around this time :p

[5:22 PM] kralverde: ^

[5:24 PM] Tron: I think it is dependent on getting it reviewed. Once we have info from ISE we can decide from there.

[5:27 PM] Tron: I'm still fighting to get an EV code signing cert. Phone number listed on Dun and Bradstreet isn't the one I submitted for EV so it has been rejected. I was told that even a non-EV code signing cert requires third-party verification of a phone number. Working with the Foundation Treasurer to sort this out.

[5:30 PM] Panoramix: Too late indeed. Queue them up for the next audit though, having that extra parameter on CMC matters in the grand scheme

[5:33 PM] Tron: I'll let them know.

[5:36 PM] Tron: Thank you everyone. I'm going to close the meeting, so these don't drag on into the evening for some. I'll work on iOS PRs this week.