[p2pu-dev] tech call notes 2012-04-25

Zuzel VP zuzel at p2pu.org
Wed Apr 25 15:11:05 UTC 2012


*April 25*


   - Zuzel's list of responsibilities:
   http://pad.p2pu.org/p/detailed-responsibilities


   - I cleaned it up more


   - also defined more the sysadmin section


   - When is the next release - can we have Dirk manage the next one?


   - I am documenting the current release


   - I will share the docs with Dirk and get feedback from him about what
   is clear and what isn't


   - I was thinking of involving Dirk in the release planned for May 4th


   - We need to schedule the time for the release in advance (so both of us
   are awake) and collaborate in the pre-release preparations


   - Will all of the conversion tracking stuff be deployed with this
   release?


   - adwords, analytics, and chartbeat should be up


   - refferer?


   - have to figure out how to pass the info between the time the user hits
   the site with http and the time (s)he logins with https


   - @Dirk / Zuzel: Automated Releases?


   - Will keep an eye on things that can be automated, would be nice to get
   this to a single step deploy eventually


   - Next steps:


   - Schedule chat about release process with Zuzel


   - Walk through setup process with Zuzel on the 3rd of May (before
   community call -- will wake up early and ping you on skype)


   - Do release on the 4th of May


   - What's needed to resolve https issues?


   - logged in users have to refresh page (cookies are secure) - logged in
   users over http


   - (ideal) research if it is possible to put a non-secure cookie
   (accessible from https and http) that just says (this user is loged in)


   - if we can do this then we can redirect users to https when we detect
   the cookie


   - (alternative simpler solution) redirect all our website trafic to https


   - direct access to https://www.p2pu.org or other subdomains produces an
   error


   - can't redirect - certificate gets requested before redirect


   - reconsider our selection of ssl certificate for the next year


   - currently we have a
   http://www.rapidssl.com/buy-ssl/ssl-certificate/index.html


   - short term solution currently in place for when they start at
   http://www.p2pu.org (https?) is to redirect them to http://p2pu.org
   (https?) so when they click login they end up at https://p2pu.org


   - Next steps:


   - John to check DNS records to force redirect / add CNAME for
   www.p2pu.org to resolve error at https://www.p2pu.org


   - Remove wildcard *.p2pu.org record


   - Add a CNAME for www.p2pu.org to point to p2pu.org


   - John do some research -> Still need a resolution for secure cookies
   (users get logged out when they switch to http)


   - Contributor agreement - do we ask all contributors to assign ownership
   to P2PU?


   - Shared the last version we had through google docs, should we paste it
   on a pad?


   - Either put on a pad, or make a public google doc (non-editable)


   -
   https://docs.google.com/document/d/1HnKw34U-PV0_pxuU_JjCAISOhnkJ9CUtL4jK3iccxa0/edit


   - MPL allows us to use code in proprietary situations. Do we want to
   re-license?


   - Contributing should be as simple as submitting coa pull request - no
   red tape


   - According to our lawyers we need the signed agreement for code
   contributions


   -
   http://p2pu.lighthouseapp.com/projects/70576/tickets/22-contribution-agreement#ticket-22-10


   - Contributions by paid staff and consultants are covered by their
   respective contracts already.


   - Two questions we had in the past:


   - Does each contributor need a customized version or can we make one
   generic version (e.g. signed by me with today's date) that contributors can
   download and complete?


   - Yes


   - Is there a way to make the agreement "implicit" in joining the
   project? Similar to the checkbox that states you agree "terms and
   conditions" that most commerce sites use.


   - No


   - P2PU is based on batucada, ownership of batucada code remains with
   Mozilla (maybe Paul Osman)


   - Even if we wanted to enforce the license, we would need Mozilla to
   assign ownership of the core code to P2PU as well


   - http://www.ohloh.net/p/lernanta --
   http://www.ohloh.net/p/lernanta/contributors --
   http://www.ohloh.net/p/lernanta/analyses/latest -- we can leave our dev
   stats to this site, the charts look cool


   - Key reasons why contributor agreements are useful


   - Relicensing - From MPL to LGPL (for example)


   - We can't really do this, because MPL is infectious and batucada
   "infected" lernanta... we're obligated to keep the MPL


   - We can do this if we own the code - we'd have to get ownership from
   Mozilla


   - Why will we want to do this?


   - Enforcing License


   - John: I don't think there's any chance of people using lernanta (as it
   stands) in a way that we would be unhappy with. We're using the MPL because
   of Mozilla


   - Right now it's not an issue. This would be setting us up for the
   future.


   - Strategic considerations


   - We may not "care" about others using our code in ways that the license
   doesn't permit


   - We may not want to put resources into enforcing the law but think the
   public opinion will againts other people using the code in ways the license
   doesn't permit


   - Weigh up the downside of making contributions harder (red tape) vs.
   the ability of enforcing the license at some point in the future +1


   - Are we even able to get ownership of the underlying batucada code?


   - There is little legal risk that others will use the code in ways that
   MPL does not allow (the MPL may discourage that use in the first place)


   - More information http://www.harmonyagreements.org/index.html


   - What about SaaS and AGPL, is the MPL like the AGPL?


   - I don't know.


   - https://github.com/p2pu/lernanta/blob/master/LICENSE.txt


   - Next steps:


   - Philipp to contact Brian how OBI handles this.


   - Philipp to sum up and send to lawyers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.p2pu.org/pipermail/p2pu-dev/attachments/20120425/52d0f8c5/attachment-0001.html>


More information about the p2pu-dev mailing list