|
| 1 | +# Node.js Foundation LTS Meeting Minutes 2015-06-18 |
| 2 | + |
| 3 | +## Present |
| 4 | + |
| 5 | +* Joao Reis |
| 6 | +* Julien Gilli |
| 7 | +* Michael Dawson |
| 8 | +* Steven Loomis |
| 9 | + |
| 10 | +## Minutes |
| 11 | + |
| 12 | +### Upcoming releases |
| 13 | + |
| 14 | +#### node v0.10.39 |
| 15 | + |
| 16 | +Julien: What's left to do: I suggest to revert |
| 17 | +https://github.com/joyent/node/pull/25511. |
| 18 | + |
| 19 | +Michael: We have another security release with logjam fixes scheduled for |
| 20 | +v0.12, so that's ok with me to move that until next couple of v0.10/v0.12 |
| 21 | +releases. |
| 22 | + |
| 23 | +Julien: I might have time to start the release process for v0.10.29 today. |
| 24 | +Once v0.10 is released, I can move on to releasing v0.12.5. |
| 25 | + |
| 26 | +#### node v0.12.5 |
| 27 | + |
| 28 | +Julien: We have [a PR to upgrade npm to |
| 29 | +2.11.2](https://github.com/joyent/node/pull/25517). It seems to be a small |
| 30 | +change from the current version, so I would advocate for landing that now. |
| 31 | + |
| 32 | +Michael: Playing devil's advocate: would it delay the OpenSSL upgrade? If so, |
| 33 | +then we could postpone it to 0.12.6. If the risk is low, and it's fairly quick |
| 34 | +to land it, I'm ok with that. |
| 35 | + |
| 36 | +Julien: Breaking changes for v0.12: the OpenSSL upgrade prevents TLS clients |
| 37 | +to connect to servers that use DH params with keys that are too short to be |
| 38 | +safe. |
| 39 | + |
| 40 | +Michael: Yes, and deferring the change to prevent servers to use shorter keys |
| 41 | +until next release. |
| 42 | + |
| 43 | +### Moving this weekly call to the LTS WG call |
| 44 | + |
| 45 | +Julien: We have [a new |
| 46 | +doodle](https://github.com/nodejs/LTS/issues/6#issuecomment-112976451) to try |
| 47 | +to come up with the best time slot to have these meetings, please fill it out |
| 48 | +if you haven't yet. |
| 49 | + |
| 50 | +### Having more than one person managing releases |
| 51 | + |
| 52 | +Julien: having only one person who manage releases is not sustainable, I would |
| 53 | +like to have a team of release managers for v0.10.x and v0.12.x releases, and |
| 54 | +future LTS releases. |
| 55 | + |
| 56 | +Julien: I've made some good progress on documenting the release process and |
| 57 | +improving some of the build scripts and Jenkins jobs to make them usable by |
| 58 | +other people than me. Hopefully that will be ready not too long from now. |
| 59 | + |
| 60 | +Julien: In the meantime, I'd like to raise that to the broader LTS group and |
| 61 | +see who would be interested in being a release manager. |
| 62 | + |
| 63 | +Steven: I have some experience with releases in the ICU project and other open |
| 64 | +source projects, so I can definitely help, even to review and give feedback on |
| 65 | +the release process. |
| 66 | + |
| 67 | +Julien: I'll create an issue in nodejs/LTS to gather initial feedback and see |
| 68 | +who could be interested. |
| 69 | + |
| 70 | +### Deprecation of shorter keys in DH param server side |
| 71 | + |
| 72 | +Michael: The OpenSSL upgrade to 1.0.1o prevents clients from connecting to |
| 73 | +servers using DH parameters that have a key that is too small to be safe. We |
| 74 | +should deprecate passing DH params that are unsafe when creating TLS servers |
| 75 | +too. I suggested [some changes to do that on |
| 76 | +GitHub](https://github.com/joyent/node/issues/25509#issuecomment-112596586), |
| 77 | +could you please provide feedback on these changes? |
| 78 | + |
| 79 | +### Transition from v0.12 to next converged LTS release |
| 80 | + |
| 81 | +Michael: Julien started documenting breaking changes between v0.12.x and |
| 82 | +what's currently in the converged repository. Julien, is there any way we can help? |
| 83 | + |
| 84 | +Julien: Documenting the changes is really the first step. What I need from you |
| 85 | +and other members of the LTS working group is to review this list and give |
| 86 | +feedback. Once we're confident that we have an accurate list of breaking |
| 87 | +changes, the next step is to reach out to various user communities and |
| 88 | +determine what we need to do to make the transition as smooth as possible. |
| 89 | + |
| 90 | +Michael: It seems that there were some productive discussions during Nodeconf |
| 91 | +about requirements from users regarding LTS releases. |
| 92 | + |
| 93 | +Julien: Yes, and there are other additional ways we can reach out to the |
| 94 | +broader community: leveraging the Node.js Advisory Board, reaching out to |
| 95 | +Joyent's Node.js Incubator participants, the broader community on GitHub, etc. |
| 96 | +We will need some coordination between a lot of entities within the Node.js |
| 97 | +project. |
| 98 | + |
| 99 | +Michael: I would suggest reaching out to nan maintainers to identify V8 |
| 100 | +breaking changes that would be handled by nan. |
| 101 | + |
| 102 | +Julien: Sounds like a good idea! |
| 103 | + |
| 104 | +Michael: Maybe instead of commenting in an existing issue, Julien could create |
| 105 | +new issue on GitHub to get more attention with all details that he |
| 106 | +mentioned. |
| 107 | + |
| 108 | +Julien: agreed. |
| 109 | + |
| 110 | +Julien: One other thing that I'd like to use to make the transition even |
| 111 | +smoother is release candidates. I had started some work around that a while |
| 112 | +ago and unfortunately I haven't had the time to continue working on it. I |
| 113 | +think that Rod Vagg did some work around that for io.js and it might be ready |
| 114 | +there. Anyway, having release candidates for the next cycle of LTS releases |
| 115 | +would probably make things easier. |
| 116 | + |
| 117 | +Michael: Definitely, this is a broader topic for the LTS working group that we |
| 118 | +should probably even consider separately. |
0 commit comments