SSWG - Meeting Notes 8th August
Attendance: @tomerd, @IanPartridge, @Logan_Wright, @tanner0101, @johannesweiss
Swift.org Blog post
- previously, we were thinking to post just before the ServerSide.swift conference
- Allen would like to see it sooner
- possibly for the try! Swift NYC (ie. 7th September)
- Tanner will try to do a draft for 1st September
- ACTION [@johannesweiss]: communicate with Allen
Badges shields.io
- VOTE: unanimously yes
- added as optional item to the 'best practises' section of the SSWG process
Joannis's MongoDB driver
- IBM have a Mongo offering in their public cloud
- they offer the MongoKitten driver
Joannis's Async DNS client
- minimum requirement of two developers
- talk about who could sponsor it, ...
- ACTION [@tanner0101]: reach out regarding eventual plan: in NIO vs as separate package
Security vulnerabilities
- everybody agrees it's a good idea to formalise how developers can report
- we should find a channel to report all vulnerabilities
- important that we document it in our process how we decided to report vulnerabilities
- Tanner: would like it to be in github's security tab
- Tom: apart from what they use (github's thing or gitlab's thing) they should send it to the SSWG
- Tom: we can't force people into one system but we could formalise minimum requirement (eg. URL + notify the group) & recommend a certain system
- ACTION [@tomerd]: make amendment proposal
Communication of changes to requirements
- existing rules: change management: requires SSWG super majority
- opinion: when we create a PR to change the requirements (non-trivially) we want to also create a forum post and have the community voice their opinion
- SSWG are not required to do the posts but we aim to always do them
- how long do we want to keep the post up?
- minimum time for the post to be live before merge: 2 weeks
- which forums category? 'workgroup meeting notes' (we're trying to rename to 'workgroup updates'
- ACTION [@tomerd]: Ask about rename of the SSWG category to 'workgroup updates'
SSWG library adoption by the SSWG partners
- semi-regular updates what are people using; any blockers?
- Apple: using (in real prod): swift-nio, async-http-client, swift-log; getting started with swift-metrics; swift-metrics, statsd backend, and postgres also in use (the latter three in smaller projects)
- Vapor: swift-log (in pretty much all packages for Vapor 4), swift-metrics as a dependency (no implementations yet; goal is before release of Vapor 4), postgres, redis, async-http-client is the default client for Vapor 4, APNSwift is the backend for the official Vapor 4 APNS add-on package
- IBM: Kitura 2.8 coming any day now, adopts swift-log API, released HeliumLogger as a swift-log backend, async-http-client (through a package that used to delegate to URLSession; release pending), would love to redo redis driver and make use of swift-metrics
- ACTION [@ianpartridge]: Add Helium backend to swift-log readme
Update to not use unsafe (unless C interfacing)
- seems non-controversial
- ACTION [@johannesweiss]: make PR and forums post
Vote stats metrics client
- Tom: there's another package (supports UDP+TCP), Tom reached out for collab
- Tom: there are some technical issues in the other package (around shutdown/ELG usage)
- Ian: does he want to go through the process?
- Tom: he hasn't pitched/proposed to SSWG yet
- VOTE: unanimously: yes (to sandbox), pending on minimum
- partner: Konrad
- sponsor: Apple
- ACTION [@tomerd]: check minimum reqs & give correct access
- note: this does not mean the other one won't be accepted. Totally possible to have two Statsd clients.
SSWG Overview
- swift.org page should list authors, probably more prominently than sponsor
- ACTION [@tomerd]: change the overview
Vote on Prometheus
- VOTE: unanimously yes (to sandbox), pending minimum requirements
- ACTION [@Logan_Wright & @tanner0101]: check minimum reqs & write access