AWSF TAC Meeting - January 30, 2020

In person meeting following ASWF Plenary Meeting and State of Open Source at Academy Museum of Motion Pictures.

Voting member attendance

Attendance is likely not completely accurate.

Other Attendees

Emily Olin, Linux Foundation
John Mertic, Linux Foundation
Andrew Grimberg, Linux Foundation Release Engineering
Patrick Hodoul, Autodesk
Mitch Prater, Laika
Michael Rochefort
JT Nelson - Pasadena Open Source consortium / SoCal Blender group
Doug Walker, Autodesk
David Morin - ASWF

Apologies

Agenda

Goals for TAC: Year 2 [0:00-0:20]
- Python 3
  - Reference Platform Python 3 status survey, publicly editable document: https://docs.google.com/spreadsheets/d/10XG92byepTD-LEeXx4mBjhGaNPtJsd_QaXlZ866wj7k/edit#gid=0
  - Contemplating moving from ASWF projects being Python 3 ready, to formulating a Working Group to help studios and projects outside the ASWF. Heard today about requirements for a successful Working Group.
  - John: happy to help with setting up structure of goal, timeline, deliverables. Can come up with a candidate proposal.
  - Daniel: is there anyone willing to volunteer to lead this process?
  - Gordon: may be easier to find a leader once we’ve defined the goals.
  - Daniel: does anyone have experience to share across our projects? Some interesting questions raised on TAC list, specifically transition to pybind11.
  - Will there be cross pollination with the VFX Reference Platform group? Daniel: yes.
  - JF is liaison with VFX Technology Committee.
  - Wave: is there a notion of the deliverable of this group? Is it guidelines, code, best practices? Daniel: that sounds like the agenda of a first meeting.
- Documentation
  - Daniel, Project visibility at a high level, but also a useful resource for active and incoming developers.
- Diversity & Inclusion
  - Useful discussions during earlier session, need to do work to summarize those results
- Developer Engagement
- Priority Discussion on Working Groups
  - Gordon: we talked about a number of other Working Groups today, would be useful to come up with a more formal list, prioritize the work, where do we have the energy / resources / knowledge.
  - Wave: USD is not an “actionable topic”, need specific action items. Under the heading of “USD” need specific ideas.
  - Gordon: do we need to have these Working Group approved by the Governing Board? John: not needed, unless there’s budgetary approval required. The TAC has the authority to decide what it wants to work on.
  - We need to determine what constitutes a Working Group. Part of the issue with USD is that it belongs to Pixar, and may not have the desire to give up control (but OTIO is counter example). John: there may be an opportunity to have something similar to the Project Lifecycle Document for Working Groups (not as much depth).
  - Daniel: there may be 2 categories. One is a clear area of interest for the TAC, the other is more aspirational about reaching some of our long term goals. Cost is low for a Working Group, don’t want to take it too lightly, but want to take advantage of energy and enthusiasm.
  - Gordon: would it be interesting to set a goal for next meeting to have a list of possible Working Groups, create some proposals, and have a vote? It can be hard to come up with that list just in a meeting.
  - John: can work to produce a lightweight document for Working Group lifecycle. Typically an idea for a Working Group needs a champion behind it.
Google Summer of Code (Larry) [0:20-0:30]
- https://github.com/AcademySoftwareFoundation/tac/blob/master/gsoc/README.md
- Larry: have taken on the work of the application process, describing our organization, pointers to our resources, submitted yesterday.
- Saw PR feedback today (https://github.com/AcademySoftwareFoundation/tac/pull/119 – https://github.com/AcademySoftwareFoundation/tac/tree/master/gsoc), landing page where students end up with a list of potential projects. Feb 5 is the deadline.
- Bottom section of the page are placeholders for each of the member projects, would like to see 3-5 ideas per project for summer student projects. Need a mentor for each project. Also list any special skills required.
- Larry: TSC chairs please submit PRs with ideas for their individual projects.
- Feb 20 is when Google announces which projects are accepted into the program.
- Previous experience is that this dramatically increases the exposure of a project. Students might propose their own ideas as well.
- Left a slot to allow flexibility to suggest ASWF members or students to suggest cross-project idea, or an idea that falls outside our own projects, for instance integrating one of our projects into an external open source project.
CI updates [0:30-0:40]
- Working group
  - Haven’t had working group meeting since last TAC meeting, so no specific new activities to report.
  - But good time to discuss what direction we might want to steer the CI working group
  - Model has been a long running group, but with periodic goal review.
  - We targeted GPU as an important requested feature, work by JF to build a prototype to build that support.
  - Still waiting on support to dynamically manage a pool of resources
  - Andrew: there has been pushback on static deployment of a GPU instance, so LF RelEng doesn’t currently manage static instances. Had call with GitHub Actions team today, roadmap for dynamic build capabilities at the end of this quarter. Not clear if that will also translate to Azure Pipelines. GitHub may be able to give access to larger instances than the default, with the caveat of perhaps longer latency for access to those instances. That may not be an issue for our types of projects.
  - Daniel: use case was OCIO, asking Michael what would be the requirements from OCIO?
  - Michael: can run tests locally, but the goal is to be able to do it “in the cloud”, it’s a critical piece of OCIO, especially with working happening on OCIO v2. Need help on the Azure side, as far as GitHub Actions it looks fairly similar to Azure Pipelines, so could potentially try that.
  - John: sounds like there are instances outside of Azure Pipelines? Andrew: Offer is credits from AWS, but billing can be complicated, primary issue is that it is a managed instance of a flavor that LF releng doesn’t currently support.
  - Daniel: sounds like we may need to take this issue offline (next wednesday CI meeting), so may need to forward with standing up instances dynamically.
  - Daniel: ideally CI environment should be a component of the Python 3 transition, some projects have managed to set up a dual Python 2 / 3 testing environment. OpenEXR went for approach where you can build Python 2 and 3 bindings, parallel availability of Python versions.
  - Larry: is that extra work something that we want to support / recommend? For OIIO it supports one or the other.
  - Gordon: sounds like a good question for the Python 3 Working Group!
  - Daniel: how do large DCC applications manage this?
Update on candidate projects [0:40-0:50]
- Gordon: ideas for projects to bring into ASWF, or work projects for ourselves?
- Daniel: specific candidate projects as Rez. Some of what came from survey:
  - Rez: Alan is still interested to move project towards adoption, has opened up contribution process, wider group of people involved in maintenance. Is a Working Group a good way to guide this project further?
    - Larry: anyone concerned with Rez licensing? LGPL 3 (licensing migration topic was discussed).
    - LGPL may be just as difficult as GPL to push through a studio legal organization.
    - John: will follow up.
  - USD: top of the survey.
    - Gordon: the message is that we’re not trying to be predatory. We’re not trying to “acquire” external projects, in this case just help.
  - Media player (discussed in previous TAC meeting)
    - DJV, some work to integrate with OTIO
    - Why is this an area of perceived need, especially if there isn’t a clear candidate
  - John: we had slowdown in submissions to the Landscape project, so if we spot any missing projects, please engage the maintainers to submit. Also trying to transfer the opensourcevfx.org domain to point to this.
Additional Topics
- We moved away from having predefined slots for our projects, but anyone is free to add topics from the projects. For example Cary asked about help on defining the scope of where OpenEXR should go (was somewhat of a rhetorical device to state the goals of the OpenEXR project).
- Gordon: some amount of funding was applied to CI last year, but we should discuss if that’s what we want to do this year. A clear list of tasks for each projects (or across projects) helps to define our priorities and where funds could be applied.
- Daniel: OCIO has been effective at defining a clear roadmap, good first issues, where resources are needed. Michael: we had discussed creating a web page to freely explore project needs. OCIO has created “First Issue” tags on GitHub (relevant for Google Summer of Code). But some of the issues are rather big. Tagging is good, but a landing page would be useful as well.
- John: main page on TAC repo is to use a badging system, including a Good First Issue tag. https://github.com/AcademySoftwareFoundation/tac/
- Michael: somewhere where projects can summarize bigger needs, digging through GitHub issues can be cumbersome.
- John: standard tag scheme for projects might help. JF: needs to be documented in template project.
- Daniel: reporting and accounting of engineering resources.
- Cary: what about security? That was discussed a fair amount early on, OpenEXR feels they’ve gotten to a “good place”, but it seems the topic has fallen off the radar. Also Larey reminded splitting imath as a separate project from OpenEXR: still very much thinking about this, several components to this:
  - Straightforward modernization of the code
  - Mechanics of moving code to a new repo without losing history
  - How do you motivate doing this kind of work when it’s “not your day job”
  - Would be good for projects to state that they would want to use imath separate from OpenEXR as a clear use case, specifying the deliverables.
  - Previous discussions have veered off into a number of discussions on the general topic of vector / matrix libraries.
  - Need to modernize implementation of Python bindings. Use of Boost Python is a thorn in our side, CMake does not play well with it. But waiting for someone to have the time and dive in.
- John: on the security topic there was a failed attempt to get a security working group going, now that we are putting in place a slightly more formal structure for setting priorities we might make more progress. Initial impetus was reactionary, based on OpenEXR having outstanding CVEs. Should define what downstream consumers for our projects expect. Further define what our graduated projects should offer as security-related guarantees.
- OpenVDB is struggling with similar issues, hard to define what is meant by “security issues”. Cary: what does a “vulnerability” mean (maliciously constructed images that cause buffer overflows).
- Daniel: initial discussions were triggered by CII badge requirements, but didn’t explicitly record the feedback from Foundry engineer as to what is a reasonable security posture.
- Andrew: what happens if a project “loses” its CII status? Can it be “ungraduated” / lose its badge?
- Larry: if that happens, it indicates that a project isn’t getting the attention it needs. It seems unlikely that an active project would let lapse the work that was done to get the CII status. Daniel: a clear case of failure would be not meeting the SLA for addressing security vulnerability.
Next meeting: February 12, 2020