 Alright, welcome everybody. This is the Drupal.org panel and a Q&A session. So we're going to be talking about it's kind of an expansion on the conversation that happens during the public board meeting yesterday. We'll go over some of the same updates and provide a little bit more technical detail on some of those topics. We'll also talk about some of the things that didn't make it into that presentation time that we've been doing in the past six months or so. And then we'll talk a little bit about roadmap for the future and just open up questions to all of you and have some conversations. We hope that this will be more of a conversational session than just a pure presentation. So, and with that said, I'd like to encourage you to feel free to raise your hands to ask questions or come up to stand at the mic, even if you have questions kind of in the middle of the presentation, but we'll also spend time at the end. So, as we get started, I'd just like to do a few introductions of the folks that you see up here on the panel. So I'm Tim Lennon, a Hestanet on Drupal.org. I'm a director of engineering for the Drupal Association. I have been on Drupal.org for something like 11 years now so I've been around and about. Let's see, Neil, what do you go ahead. This is true. I will introduce the team. All right. So yeah, Neil Dome is the sort of architect of Drupal.org and helps maintain all the features and issues and everything that we use every day. Ryan Aslet makes a logic on Drupal.org. All things Q&A, Drupal CI, Composer. Brendan Blaine is a Drupal developer and IT support for the Drupal Association team and has been doing work recently on some of the documentation features and on Drupal jobs and various things that you've seen here and there. And then we also have Michael Hest joining us as a infrastructure volunteer, also a member of the security working group to talk about a few things that he's been helping us out with. So sort of our unofficial fifth man. So I also want to say thank you in particular to our technology supporters, the technology supporters or particular category of supporting partner in our supporting partner program that help us specifically with either integrations that we use on Drupal.org or simply to help fund the technology team here. Oops. So I'm structuring the conversation here around two areas of work that we do. You'll recognize this image from the presentation in Drupal on Dublin talking about features around the adoption journey that is supported by Drupal.org and features around the contribution journey. The concept behind these is providing the tools for evaluators to start their Drupal journey, whether they're developer evaluators or end user evaluators of Drupal.org. And then leveling people up into a place where they can contribute back to the project, whether those contributions of code, design, financial support, whatever that type of contribution may be. So I'll start with some of the adoption journey topics and as we go on we'll get into sort of more technical and more technical topics as we go. And as I said before, please feel free to interrupt me at any time for Q&A. So we recently launched, as I mentioned in the board meeting, new industry pages on Drupal.org. The pilot launch was a higher education page, a media and publishing page and a government page to promote to technical evaluators of Drupal in these fields, the ways that Drupal can be used to build a solution. The kind of story and user journey of these pages focuses on the particular vertical, in this case the higher education example, giving the kind of basic pitch for Drupal, but then also highlighting specific features about Drupal that are relevant to the market and statistics about kind of adoption in that market for Drupal. We talk about how Drupal is just part of a combination of technologies that's used to find a solution in a particular industry. We feature case studies from Drupal.org about each of these vertical areas and these are geotargeted to the Americas, AMEA and APAC regions. We promote events like the higher education summit that happened here at Baltimore and the ones that are coming up in the next cons. And for the selected partners whose case studies are featured, we are experimenting for the first time with sort of matchmaking people who have an interest in these areas with service providers. And so we selected partners who are from kind of a list of criteria based on their contributions of code and contributions to the association and participation and presence on Drupal. So that's new for us and an interesting experiment in funding the work that goes into the tooling and the rest of Drupal.org. And that extends as well to case studies and it's something that might become a feature more widely for other organizations as we kind of experiment with it further and see how that goes. So we raise the improvements to organization profiles at large in a similar way. So talking briefly about the technical implementation of these pages. If you're all into Drupal, you're familiar with most of these concepts, but for Drupal.org some of this is pretty new because we've been focused on very developer oriented content before. So this is some of the first evaluator content that we've provided. So these are all built with panelized pages. We take the GUIP information in from our CDN, stash that in a header and use pain visibility rules to personalize the content based on the region that our visitors are coming from. Yeah, and a special thanks to Diana who's sitting in the back there for helping us out with the design of these pages and implementation. We appreciate all the help there. So, and the next set of updates for the kind of adoption journey side of things, since we last gave an update in Dublin, a few additional changes to documentation primarily targeted at controlled maintenance and more tools for them to use the new and more robust documentation systems available on Drupal.org. So the most basic one is you can now attach documentation guides directly to your projects and have them available kind of in line in place right in the project sidebar. You can see it highlighted there. We also have, it was about a month ago, maybe a month and a half ago, we finally enabled the migration of contrib documentation out of the old book pages into this new system. So any contrib maintainer can start doing that and doing that migration. And that's a pretty good activity for Friday Sprint if you're looking for something else to do in your documentation. And we want to give a shout out to TDM was not in the room at the moment but who kind of spearheaded the whole documentation initiative. Another improvement that you may not have seen yet, but it's something that's helpful if you maintain a lot of documentations. There's now documentation callouts. We're calling them. These are warning notes or version specific notes that you can include in documentation pages. So you can do things like say, hey, don't do this in production and make it stand out from the rest of your documentation pages, and you can provide in context highlights of like minor version specific changes within a larger documentation page. And these are styles that we've reused throughout your book or other places. So if you've looked at the community discussions page that well the community homepage now provides a link to that information highlighted using that second style. So we're using it to draw attention and reuse that pattern in few ways. Also, the community initiative to drive forward the droop late user guide with something that was happening, sort of between Dublin and now. And I want to give a particular thanks to the documentation working group and to Jay Hodgson for all the work, putting that together. If you're not familiar with it. The user guide is a kind of a higher editorial standard than just broadly edited documentation that's organized by the documentation working group with kind of more tight editorial control. And the goal was to have a kind of completely understood. Journey for learning to use dribble to grade in particular, more up to the standard of an industry publication, then kind of ad hoc pieces of documentation and that was implemented with drum and Jay Hodgson's help. Using a bridge module is the actual documentation is created and asked about that we're bridging it to the documentation guides and documentation pages on triple or So what's what else is coming up with relating to the adoption journey side of what we do. There's going to be some more industry pages coming up healthcare is probably going to be the next launch but we're looking to others we want to promote those things that we've seen in in our sort of search logs and things are the things that evaluators particularly anonymous users go in and look for and land on which modules they're looking at which parts of the marketplace. And we want to make sure to provide content for them that hasn't existed in the past. We're going to start creating improvements to project discovery and some of these which we're going to be what's coming have actually already been done. So for example, you've seen that you can now star favorite projects. Once we've built up enough of a volume of things there we're going to be adjusting the search ranking to take those into account. It's going to be one way of kind of filtering out the most used and most popular modules and helping people make decisions. We've also finally started waiting search of based on module usage. So an example people have liked to try it out in the past is searching for views didn't always bring up views as the first result. And that's something that's finally fixed. And again, you'll see now the more widely used modules coming right up at the top of socials. And then we're going to do a lot of more a lot more work on project pages having to do with project discovery around providing code quality signals, doing some static analysis of the code base and providing static analysis results. So the goal of giving people who are evaluating what modules to use the information they need to understand what's well maintained, what means coding standards, what's part of the security process, all of those things. So they can make good decisions about how to build their sites. And one thing that we're thinking about is there's a discussion in the issue cues, going on about how we, how we can avoid leaving behind the sort of site build the audience with the latest state of droop late being heavily composer dependent heavily command line based on whether we could build perhaps a dedicated application for doing dependency management, pulling everything in and giving someone something they can use, even if they don't have command line access on the host. Brian, would you like to talk about that one a little bit more just. Basically, the idea is that we've kind of droop late cycle is in the bar raise a little bit from people being able to just download a tarball and upload it to a site with FTP or using using kind of a Windows Explorer interface and that was really easy but now more and more modules are starting to depend on things like Composer to be able to pull in all the dependencies, which is more of a command line interface build tool, which if you're not comfortable with command line or you're not used to that sort of a build environment. It can be difficult for kind of a certain class of users where it's like we, you know, wherever we're drawing the line of Drupal ambition, you can pull it down just a little bit so that we have kind of a greater swath of people who can use Drupal. And so it is to have a build tool that would allow people to create or manage the Drupal site with all of the complexity abstract away from them so they don't have to run Composer don't have to run the command line. And so that sort of tool, you know, trying to wrinkle a lot of people in the community to figure out like how, you know, let's start with the UX of this tool and start with the design of it and start with how what's the ideal workflow for somebody in that situation. And, you know, kind of define who we're targeting with that. So, but yeah, that's So, before I talk a little bit more about sort of contribution tools and their contribution journey side of our work. Any other questions about kind of work around adoption around features provided for evaluators and things of that nature. All right, I will keep moving along. Okay, so let's talk about some of the work we've done around the contribution journey. And there's some big things here. There's some controversial topics. There's a lot of things that I think we can kind of dig into a little bit here. So, first one I'll start with, because it's a little bit more straightforward. Again, expanding on the conversation that we had in the board meeting is about contribution credits and the marketplace ranking on how that system is built and how that works. So we use these factors to rank organization contributions in the marketplace issue credits weighted by the wide the use modules. The presence of droop late case studies associated to the organization, whether they're supporting partners whether their organization members, and whether they've been listed as supportive project by maintainers of those projects. And so this is a little bit of a broader base a little bit of a more sophisticated way to recognize the different kinds of contributions made up an organizational level. At the same time as we're looking at contributions on an individual level. Is there anything you'd like to say about kind of how we built that. Yeah. Yeah, more or less allows us to put together kind of a background algorithm that assigns weights to these different kinds of user activities and puts time limits around some of them and gives us an internal score that we use in these. The source. The. That's from the start. There'd be dragons, but Yeah, certainly on the individual level, we have a lot of that stuff recorded that goes through user profiles, but some of it we do some of what we don't documentation edits and things that we do, but, but time those kinds of things into like organization. Something we'd have to think about because right now when we do those activities we don't have a way to attribute them so that's something we need to. Yeah. That's where. Yeah, and that's another thing we do want to focus on the individual contributor. We do have a little bit of a recognition, a little bit through and we've been having a few good conversations here at the con about ways to do that. In some ways it's a trickier problem because we don't just put a rank of users and other ways to recognize those contributions. But, you know, on the individual level one that was just brought up, I had a conversation maybe an hour ago was that there's a lot of good work with the issue credit stuff but for maintainers themselves for people who are making direct commits to their projects there actually currently isn't a way to just do that commit if it's not related to an issue and credit that sort of thing. So that might be something that we'll fix up soon too. But we'd like to, again, the whole point of this is trying to be reaching out beyond code both on the organizational level and the individual level. And among other things, it lets us measure who participates in building Drupal and who participates in these other areas, both on an individual organization or ways that we haven't been able to before. So that data has been very helpful. Have you ever looked at, would it be possible to modify it to get changed? That's, we probably couldn't do that. That's tricky actually. Yeah, so let me talk about a little bit about sort of, so there's all sorts of concerns about contribution in terms of what the scope of a valuable contribution is and that notion of kind of a drive by re-roll. That's what people have been talking about recently. So there's a lot to say about that, right, because we don't want to be, we don't want people to be farming contribution reputation based on low quality contribution. But at the same time, we want to recognize that for some people, even at an organizational level. It may be their first introduction to contribution at all. And it may be an opportunity to educate them on better ways to contribute, on new ways to contribute. So we don't want to assume malice when we're responding to that kind of situation. I had a great conversation with XJM about how core has started to kind of evaluate this issue and how they're building some internal policies about how those different kinds of contributions and when they choose to reach out to someone and she said they've had, they've had some success and hey, you know, these re-rolls. Sure, they're kind of nice, but could you, you know, if you're going to, or if you're going to make a specific kind of coding standards change. For us, it's valuable once you've done that throughout the whole subsystem, not one for each individual change, you know, that kind of thing, little things to encourage people to make them genuinely useful. Small contributions are contributions to, but there's ways that we can use this as an on-rant to greater contribution as long as we don't consider it, as long as we don't come at it from an antagonistic perspective from the start. At the same time, we do need to protect the integrity of the process. So, so yeah, this is more or less what I was just saying, we just want to have some caution and some empathy. There are some tooling things that we might be able to do to help a little bit with managing, you know, who's in the credit matrix and different kinds of things like that. There's some ideas being thrown around. There's not a silver bullet there necessarily because, you know, the maintainer has the human eyes on the contribution. There's some things that we can detect automatically and some things we can't. One of the things that will help from my technical point of view is when we have, you know, an automatically generated coding standards fixed patch already being posted by the CI system. So that whole category of kind of drive-by contribution is just no longer exists because it's being done by the bots. Yeah, it is not a whole lot. Take SA05. Yeah, something so significant. Yeah, I mean, so part of it was when it comes to trying to like automatically evaluate the quality of a code contribution, if we could do that really well in an automated way, I think the bots would be writing the code themselves. So, it's a little bit, it's a little bit tricky, but there is more we can do. And actually, if you have ideas on ways to do that, we'd love to hear them, whether that's through tools in the CI system or other things that we can do. I want to give Joe a quick shout out because you came in after we talked about some of the docs stuff. So, just wanted to say thank you for the, between the user guide and some of the organization around, you know, putting together the guides and pages in the new systems. So, another big topic, and one that is certainly somewhat controversial is this change that recently happened to project applications and essentially the elimination of a project application gate on the creation of full projects for releases in favor of an opt-in process to security coverage and some a variety of new signals being provided on project pages to help that we're still working on to help evaluators know what kinds of projects to use. So, let me step through kind of the process and what the decision making was, and you've probably seen some announcements about this before, but I'd be happy to answer some more questions. So, this was a sort of a four phase project as we were tackling the question of how to how to drop that project application gate from contribution on Drupal.org. We wanted to start with preserving signals about security advisory coverage as strongly as we could. We wanted to transition that process to an opt-in process so that we could, so that the security team can manage the workload a little bit better if everything is instantaneously covered. That's can be a flood and that this allows them to have the opportunity to either use their own application process for coverage or potentially, I don't know if you knew the team we've talked about other other ways to evolve the opt-in going forward. Yeah, so do you want to describe that? So, eventually the current opt-in process, which is, as I agree, somewhat fundamentally broken, will be replaced by a somewhat random question quiz where you will answer questions a little bit on Drupal.org policy and then a little bit on security questions themselves with a much higher focus on the security questions. So if you have that, you'll be given the role. Yeah, so we'll talk about what that looks like and what it means to have that role, that ability to opt-in to security advisory coverage in a minute here. So let me, I'll run a little bit further through these phases. So these are the kind of security coverage signals that we're talking about. So you've seen these already by now because they're on Drupal.org projects kind of all over the place. So one of the projects that's not opted in or doesn't have the stable release is going to have this not covered message up the top of the page and one down by the download table. I don't know where you're looking at things, a warning about the lack of coverage and providing informational links about the advisory policy. And in progress core patch to provide some information for those who are, you know, in their actual Drupal installations about whether or not they're using modules that do receive advisory coverage or that will have any security issues publicly disclosed. So we want to be informative. And then in that issue, currently we're working with members of the UX team in particular to figure out how to make that messaging kind of responsible so that it's loud enough and informative enough but not frightening people away from Drupal. So this is what it would look like on the project page when you do have coverage. So you'll see there's the indication about what a shield icon means stable releases covered by the advisory policy and then in the download table. Those releases which are covered have a corresponding icon. And so, and this is if your project maintainer this is what the opt-in looks like, assuming you have access to opt-in the project. And it has the in context information not applying to to be given access to do that. Finally, we added one more feature. We really want. So one of the consequences of this change is that we've decoupled the notion of a stable release from a security advisory covered release. And that's a significant significant change and it's something that needs to be communicated well understood because we want, we want people to understand these signals and we want them we want to incentivize them to participate in the process. So another thing that we've done is we've added release warnings. So when you go to roll a release, if you don't have coverage if you're trying to make a stable release, you'll get this process that gives you just general information about best practices for when you roll a release, and also kind of warns you, hey, do you think maybe you want to go ahead and opt into that process. Yes, please. So we've been talking about taking a look at the data on on whether we're seeing like a flood of dangerously insecure modules or whether we want to we want to we want to gather, we want to know what's changed since we open this up. And we want to know what what the consequences going to this change because our hope is what what will happen is we'll have new contributors people who weren't able to get through the old process will have a broadening of the user base. But that possibility exists that will see significant negative consequences so I'd like to. We've talked about going ahead about six months after the change I don't know is that four months from now this point it's already been two months. It doesn't feel like it but yeah is is, you know, we can query pretty easily to see how many products have been made by the non credit users by people who haven't opted in and get some information about this. So, yeah, we'll take a look. Again, we're hoping that the strength of the signals will kind of counterbalance. And in fact, I mean this is just speaking in my opinion but and from some anecdotal conversation but I think that some of these. Some of this messaging on project pages has made people much more aware of what the security advisory process is and they've ever been before. So to that extent I think. So far that seems successful. And so obviously once we have those signals and players. This random gift demonstrates that yes you can in fact go ahead and make a full project. Yeah we still have some you know documented recommendations about hey maybe it's still good to use a sandbox project if you're not ready to start thinking about a release candidate and all that kind of stuff. But that's all available when we've started to see some of that activity. Yeah I'm asking you to refer to we want to we want to measure that we want to make sure it's having the effect it's intended to have, which is broadening the contribution base, and not diluting the reputation for security and quality to an acceptable degree. A million people to thank as I did during the board meeting. There's tons of people involved. Not everybody involved in this. You know, is people who were just young home let's go ahead and do this but these are all the people that we have to have some difficult conversations with to figure out how to implement this and what I think is a responsible way what I think will prove out to be a good change. So, okay, any more questions on. We've been thinking. Yeah, yeah, yeah, we've been thinking about adding a number of different things that's that's one of kind of the obvious ones to affect the way right something that has stable releases that's opted in. Those are all factors that that should generally suggest that's the one you should use over the one that doesn't have those things. So yeah, they're clearly, clearly important elements. Any more questions about project applications or security. Oh, sure. I think as a person who makes the core fixing the spelling of URL. What I'm trying to do when that is to make it more. So it's not just things this one standard space is let's see what other standards issues about. Like you said, don't take it as a joint project on why do some of the games. Yeah, exactly. Right. Yeah, and I think that's, I mean, I think that's good advice in general it's very similar to what I did feedback that I heard from next jam earlier just here at the conference is that that's one way of addressing that problem is is taking small things and saying well what in the same category builds this up into something that we consider a significant enough contribution and ramping them up in that way. Any more questions there. Okay, I'm going to go on and talk about Drupal CI or maybe make this guy talk about Drupal CI. So, in very general terms, especially over the last four months or so, testing for Drupal has significantly more sophisticated significantly more robust in a few different ways. There's a much more flexible testing matrix. This is something on a random nail if you want to talk about this but we kind of label the environments that you can select to test your code based on what is kind of current for core and the variety of environments available. We mark the defaults the course tested against and we have scheduling options to better let you set up regular testing on a one off basis on a daily basis on a commit basis or just for issues. And weekly, yes, we have weekly as well. So there's just a lot more flexibility and how you can manage the testing for your module at this point, and local testing's gotten a little bit easier. So there's a vagrant box provided in the CI test runner repo. So rather than having to figure out how to configure the whole thing you can vagrant up and kind of go off to the races. And then it's testing is available. Is this something you want to talk about a little bit? Sure. We can talk about that. So part of what's happened in the Drupal CI world is we've kind of underwent a little bit of rearchitecture of the first proof of concept that we're using to get your blade out the door. And as a result of that, we were able to add in some more plugins to run all the different coding standards check. So we want to run a core and a good trip. And so we've got ES lens, CSS lens and HP code sniffer. And these things are available for module maintainers to use by providing config files or they don't have a config file or default to whatever core has provided. And it's just a really good way for us to be able to encourage people to maintain, you know, people coding standards and eventually get to the point where we can actually like fail patches if they don't match coding standards. So we're doing that now in core with ES lens because everything in core has, you know, all of their JavaScript looks good. And so they want to keep it that way. And so that this way they this way it also reduces human time to have to manage these, these sorts of issues when someone submits a patch, you don't want to go back and I'm like, Well, you're missing some spaces and you know it's like, it's just kind of a nobody feels good about pointing out those kind of errors to people and so it's just nice that there's a robot that does it has to, you know, what's time on that so but yeah that's that's one of the things and then there's other other plugins coming soon to be able to Yeah, do more testing stuff. Yeah. Yeah, it's another part of this code quality. And, and I'm pretty sure in trees is keynote he was talking about how as we move forward to modules using deprecated API is this codes never tool actually I believe can find those and let you know that oh you're using a different API. I'm trying to use a lot of automation on that code quality stuff as much as it's possible. So, and I want to say thanks here mile 23 is not here at the calm, but he was really instrumental in getting coding standards work available in Drupal CI so Thanks. Let's talk about composer this is kind of going to be you as well but Yeah. Yeah, after a lot of kind of sitting on it and watching it run in December. We just said okay, this is good. It's working. We have the composer Assad now and so Developers are able to use composer to include composer packages in their modules and also use composer to build Drupal sites, which is sort of a one of the off the island ideas that Drupal 8 started to adopt early on and it's really cycle by incorporating symphony packages. And but this this let's allow us to do a lot of nice things like not have to rewrite code that somebody else on in the PHP community has already written so you know there's because there's a lot of problems that everybody's already solved and it would be nice to just be able to leverage that and so That that exists now and it works and There's been a lot of sessions a lot of trainings online and seeing about kind of build site composer now and how to use that as part of your building deployment workflow. As we mentioned earlier, this does kind of raise the bar for some folks and say we have to use command line or you have to have enough memory to run composer because it's long and it's slow and so It also, you know, you solve some problems and new ones crop up so it's a problem like an old engineering always is And then just this week we Leveraged a tool from maybe in potencer of symphony called subtree split The subtree split SH program that he wrote and go to take the Drupal core repository look for composer json's within that repository which underneath Drupal source components You have all of these pieces of Drupal that were designed from the beginning to be able to use in any other PHP project So there's one called my core UU ID. So if you're a Laravel developer, you could use this core UU ID piece and have a chunk of Drupal in your site And so we built these subtree splits. They got pushed over to GitHub and then packages consuming them So now anybody in the PHP community can use parts of core and one of the first consumers that is going to be people see I because we Had copied and pasted the whole plug-in and annotation architecture out of the blade and Now we can get rid of all that code and just compose or acquire the plug-in annotation architecture so we can use that piece of people see I And there's a note there. Yeah Yeah, that's still We're still some review that you're sort of kind of soliciting because this is very very recently added so You may find some things with the subtree splits that still need. Yeah, there's there's a couple of a composer Like the project name doesn't match the penalty names in a couple spots Missnamed and it's really trivial patches to fix it for yeah, and the kind of road to composer was pretty long So there's a number of different people to to thank so Yeah These are the folks who helped us out just from the from the very beginning of creating composer support and also more recently with the subject such response Oh, yes So Yeah, I've been thinking about that a little bit because the way that we package and ship Drupal core right now, which I call Drupal Drupal is a little bit a Little bit wonky compared to like how it should be packaged and ship like we ship with a lock file and that Introduces problems later on when people want to upgrade their site and so some of the things I've been thinking about is we need to kind of like restructure and re Repath everything in in in the way that the core repository set up so that when you do a composer install They can go and get all the scaffolding files and place them in the right place and build your web root for you And if we have something like that then we can dependencies on these four modules But one of the things that is not real clear how we how we have split up is right now We have slash core and all the modules are already underneath there And so if you're including that then you just get everything and so those would have to be moved somewhere That wouldn't be under slash core or slash core itself would have something different. So It's almost like we need to break core off of the rest of it so that we have that as a separate thing But yeah, that is possibility. You can they go break the whole thing together Oh So the other thing I wanted to talk about briefly was the developer tools evaluation that you've heard Kind of going on in the background if you're at the public board meeting or maybe just a conversations around sprints Or in the blog posts the first one coming out last October another one in March, and there'll be another one coming soon Basically, we've been asked to look at In commerce in concert with the technical advisory committee, which is most widespread and G Byron and Steve Francia Look at ways to quote modernize the developer tools of triple other work and in many ways that means You know the notion of a polar moose request It means using standardized workflows that will be more familiar to triple outsiders. Perhaps it could mean any number of things So we're still very much in a kind of exploratory explorer and evaluate Situation but This is sort of a rough Kind of the outline of how we're proceeding through this process So we've done some initial evaluation and you cannot support London did sort of a deep dive with us with us on staff to just like Hammer through tools and lists of features and do gap analysis and do the kind of philosophical gap analysis in terms of You know, what's our what's our decision to each other? Do we do we Do we choose a more accessible tool when we lose a more flexible tool for the purpose of reaching a wider audience? Or you know, what do we prioritize and thinking thinking some of those things through and not all of those questions are answered So in the last blog post we communicated kind of a short list of the sets of tools that we're looking at I'll talk about that in a moment and we're moving to what will hopefully be the next step which will be kind of a prototype or pilot of One of the tooling options probably with a single project to start depending on how it goes may be opening to a few others to evaluate and the goal is Tooling is so big such an important and fundamental part of the Drupal workflow That we want people to actually get like up to their elbows in the new tool and like really use it So that they can actually tell us what's wrong with it. What are the gaps? What are the things that needs to be fixed and what's awesome about it? What are they like? What do they want to continue using? So the main options as you've seen from the Valkos the render evaluation get out get lab and the issue workspaces proposal for Drupal.org and some notion of kind of, you know, the hybrid between You know, there's things that we established that we know would always stay and always will enter for Project pages are not going anywhere. Drupal is the home of those projects Releases are going to be in Drupal.org. There's many things that are tied into it that are tied into credit and security Process and all sorts of things that we want to preserve So there's some things we know so we have to find ways to do certain kinds of integrations when we're doing this kind of analysis in this kind of pilot So again, some of the stuff is preliminary. There's a there should be another blog post If a little bit more detailed, we've had some meetings here at the con and I've talked to people in sprint rooms and just had some one-off conversations But hopefully there'll be another blog post talking a little bit more about this And maybe two three weeks after the con What we're thinking but yeah, as I said the next step is just to learn by actually trying to do it and not just try and hold the whole problem space in our head All at one time So prototype level integration, pilot simple projects, do around the feedback and gap analysis, see if we hit a brick wall Maybe pilot something else or maybe started spending that So Talking about just the whole Wealth of contribution journey relate to work that we've been doing and what might come next Related to Drupal CI, although it's not necessarily just about Drupal CI There's this notion of of doing branch labels so that as you may know We mass update core issues with the birth and the new version number that everyone's developing against basically every six months And it'd be great to use standard labels that say like current develop and current stable Just to make things a little bit more clean and that would also make it easier in the test matrix To be testing against what you know is the current current level of core I Misspelled reimagining Reimagining with composer, there's an opportunity to look at how distributions work in a different way There's a kind of a significant opportunity there's a lot of Frustrating and kind of hacky work around stuff that goes on with building and maintaining a distribution and so You know, there's a question of just distribution become more or less a Composer JSON with a little bit of sort of structure around it What could that be something that should be look into now that that's kind of the core protocol Another thing that we haven't had time to talk about in much detail is There's some Documentation for the JavaScript API for Drupal. That's currently hosted by a community member. It'd be great to bring that into So those are just a few things that that may come up as we do some of our forward planning Any questions about this kind of stuff, all right Keep going a little bit talk about the infrastructure. It makes the whole thing run. This is my favorite gift and we've seen it before The great machine There are there's not like a huge amount to to talk about in terms of strict detail Michael might speak to a little bit So I don't know I perhaps know But you know, we standardized on our virtualized infrastructure Most of the instances of our pre-production direction by most are actually now VMs and then on our bare metal hardware We updated our config management our puppet and how to tree and Something that is a little bit more outward facing. There's now HTTP to support On Does anyone have infrastructure specific questions Yeah Yeah Yeah, it's mostly just keeping doing things to make to make the work a little smoother, so Let's hear so here's the last topic that is Right now we're at the open source lab for Oregon State University is well Just about everything is except for the Drupal CI test lots because those are spun up in AWS You may have heard in the public board meeting We're currently doing an RFP process looking for other sort of managing for structure partners Oh, we're in the middle of that process those there's no decisions or news on that Sorry, yeah, it's not free. Oh, yeah, no, no, it's not for Well some of our as I went I'd have to go back a lot of slides some of our technology supporters that you saw Some of those will discount or comp services for the association, but there's a lot of stuff that we simply have to pay for for example the Drupal CI test pots that runs in the region of four grand a month to buy testing for the project Every once in a while we get a small grant from Amazon, but They don't they don't have a nonprofit program to comp that kind of service. Yeah So that's that's part of what memberships of what supporting partnerships of what programs like the industry pages and they're You know, they have sponsorships. We're all engineers. We don't normally think about the kind of sponsorship space It's been important, but it helps us helps us fund the test and it helps us fund the bots. So Some bandwidth mail transport mail transport's a big one they give us some elements of this Yeah, you want to come on it? Yeah, their their model is evolving um, but yeah, that's kind of Yes Yes So presuming Is Uh That's a really good question As an engineer i'm a little bit less prepared to than are some of our kind of strategic partnership folks At the association, but it is so that is part of the point is Whatever option we select there will have to be sustainable. We only have so much budget And we have to make it work So it's part of the evaluation process has has a lot to do with whether these potential open source tooling partners Are willing to give as well and contribute themselves to making that possible That's going to be something that can close some of that gap It's there's also a little bit of a question of scope, right because we talked a little bit about You know, when we if we pilot an integration having a single project way over there, we'll be able to understand a little bit further The scope of how much how how significant a level of integration we're maintaining and like how complex that's going to be Um, right. There's a there's a spectrum of what that could look like. Um, and what it could take to to implement that so Um, yeah And then one of the thing that we you know have to also take an account is like how much it would cost to take our current Um infrastructure that we have now our custom built one and upgraded to droop wait, right? So eventually that is something that we're going to want to do on dribble at org And so there's a large development cost there too. So we're looking at a development cost down the road one way or the other And so it's really the delta between the two that we have to concern ourselves with like it's significantly more expensive for Yeah One of the questions this kind of like the You work that they might have issued back from the patient of mice Ah To Yeah, but no, that's I mean it's totally on the list. Um, it's for us It's kind of been a balance of prioritization and sprinting towards the con but it's getting very close. It's much closer than it's been In a long time. So Oh, yeah, the new irc bot has will not die when there's a When there's an emoji, um That's a big question. Um, so it kind of depends on what area of contribution you're sort of talking about but In the most general terms, um, we have the dribble at org customizations. Q There's kind of a variety of issues in there and things that might be fixed You can contribute patches back to that the way that you can contribute patches to any other issue q and we also Produce development environments Remotely, this development environments that we can give to people who want to contribute that have a sanitized Uh instance of dribble at org so that you can develop against that to roll your patches and contribute them back Um, we've had some folks who have hacked up today. The database is massive Really wanted to try to run locally you cook server. You can yeah, yeah We just in some text me for somebody it was a uh, uh, it's like a text mate window where you're editing on text mate locally and it just changes on server Yeah, yeah Yeah, don't don't we have like that contributor? Yeah Yeah But we're not taking on google 8 yet Yeah, um, okay, so last topic um that I wanted to uh raise based on some kind of stand-up conversations that were happening here Is about the governance of dribble at org? Um, and as a community we're talking about the governance of dribble the project in general um, and um, I just think it's an interesting software and one worth exploring That's one where I don't I'm not proposing answers to all the concerns that currently exist around it I'm just I'd like to start of surface some of the questions um So let's first of all talk about what's in scope for the dribble association engineering team What our mission is and what how that translates into our mandate? um So you've probably heard the refrain over and over but the mission of the dribble association is to unite the global local source community to build and promote dribble um But what work is implicitly mandated by that for the engineering team? So that includes providing the canonical source of software providing the home for a community that's globally accessible Providing tools that let the community continue to develop dribble Promoting dribble to developer evaluators promoting dribble to user evaluators Fostering that ecosystem of service providers in ways like through the marketplace rankings and to hosting case studies and things like that at the industry page initiative And also supporting the fiscal welfare of the association itself um With whatever kind of future development we need to do that In order to simply fund with the rest of that work and that available um, so these are at least It's probably not a complete list, but in my mind these are the implicit mandates for the association engineering team that come out of our mission And um From there you can sort of ask well, what what are the ways that we can fulfill those mandates and what are What's well, how do we tread the like kind of level of authority? So um Yeah, so managing the scaffolding of the project is relatively Obvious, right? We run dribble.org. We maintain the collaboration space the tool set We need make sure security updates get deployed on dribble.org Run the testing infrastructure We also focus on trying to clear blockers that just empower their their community to solve certain issues on their own um, that comes into play I mean a lot of conversations with uh core for example about how they should be managing composer within core Relate to work that we do providing the composer the slides. There's overlap and some of the mandate in cases like that Um, it can also mean taking on work ourselves that when the nature of that work Means it's the easier for a dedicated team or it's something that's not a great use of volunteer time Right, we don't want the people who are here to contribute to the project to spend all their days, you know fight and spam Because that's a too much gets through And then uh, the last one is the complicated one and that's where I think the difficult question is about community departments coming in because there are um Problem spaces where our mission to support and promote the project actually intersects with the software itself um, and so where does our authority play In that space and again the composer facade is one such example the way that we implement the composer facade that everybody uses Uh now for building jubilee sites is a direct product impact and it requires Um, you know changes to the repo URLs that were shipped with core and all that kind of stuff. So um It's an interesting question and the last point is this this notion of these intersectional problem spaces and managing where our authority lies is a difficult one because The page on drupal.org that has our mission statement Has a bold sentence at the bottom of very strongly worded sentence that says the drupal association has no authority over the planning functionality and development of the drupal software Because there is a well intentioned and important firewall between We you know, we don't manage drupal the project which we we manage the ability for people to contribute and to you know We provide that that home for these activities to happen. But unfortunately You know The very nature of providing that scaffolding has an impact On product decisions Whether it's in the changes that happen in the project application process how we provide security signals The way the updates are provided and managed The composer facade all of these things fundamentally linked to the software So right now when the community is in the space that we were thinking about governance um You know, these are questions that become important and they're just things that we're thinking about reflecting on Not things that appear proposing any kind of fundamental answers about how we address those um But I did want to talk about kind of oversight of our work What kind of bodies exist and what we're responsible to on a sort of official and legal level and in a more general case so Kind of wrote my own sort of mini mission statement, which is that we work in service of the community at the direction of ours at the director and our board and So our direction our direction comes from the d our direction comes from the board But um, you know, large prior larger prior organization decisions But everything that we do is intended to be in service to the community and into Of the needs of the community that they've surfaced to us So, um, how do we try and provide visibility into the working decisions? We're trying to do our work in public issues as much as possible The change notifications that you're probably subscribed to that we do at the beginning of each two Sprint we usually change it when we do the two week to match our sprint process the blog posts that we put out um And as much as possible we try and work with volunteers and the subject matter experts that are within the community pulling in people like michael pulling in others there's a whole group of folks who are part of the Uh, what we're the jubilee or workie groups and what's now those members are part of a body called the jubilee advisory body so Many of the people that like we approach when we have these questions kind of came out of that body But it's just oftentimes it's you know, the person in core who knows things about this and you know, we try and find Those people who are experts in these areas um Yeah, so like I said, I'm not presenting this comp this uh section on governance to propose um A specific delineation of responsibilities or an answer about where the authority of association lies over the project Or the tooling or the like where those lines blur, but I just simply like to surface how they overlap each other And yeah with that I'd like to go to any additional q&a If there's other questions about what we've just talked about or any other topics We'd be happy to field them Thank you And Okay Yep Of making That's a really big question. It's an interesting question. Um Well, yeah, the droopalate user guide for example is um, which is It gets imported into the new documentation guides and the new documentation pages is localized as we remember languages And in some ways that's a precursor to potentially allowing the rest of documentation to be localized Um, which would be I think a good step One of the concerns in a sort of general way is moderating content Because again, we were a very small staff and even among the volunteers finding the ability to moderate in a variety of languages might be difficult um, and You know, if you have the documentation about the best way best practices for using I don't know Best practices for using tokens and droopalate or something like that And that's in english and something changes the english page is updated and the spanish page gets updated And then maybe there's a number of other localized pages that fall out of date and fall further behind So you have a little bit of a forking of information problem that said as that slide said before Where our mission is to unite a global community. It's not to focus just on the people who speak english So it's a tough. It's a tough problem at all. Um Yeah Yeah, they have this Right, exactly. If you look at localized Wikipedia articles, um, the same topic. You know, have a very, very different presentation and discussion in different so Yeah, organizing people to support it So yeah, I mean, I think it's a really important topic. Um, and um It's something where Again, yeah, from a technical point of view, we can do it. We might need to compute a kind of a community body that could help It's it's all that that kind of moderation work. That's going to be the harder We kind of hope just google solves of course That we can wait for the ai no, um Any other questions Yeah, actually each of those examples has some discussions going on in particular. So Or some issues go ahead Drupal.org forward slash project forward slash Yeah, and those to speak to those particular ones. Um, uh, you mentioned reddigger, for example, mark carver is here right now working on He's doing work to try and port reddigger features as things that you Are just exist on Drupal.org and that you can Enable as individual boxes via your account rather than using it as a separate extension Yeah, it's something he's working on here. He's looking for people who might help sprint on that. Um Um, he's been working on it for a little while as he's had time available. Um Um, we've had internal conversations about user profiles just because we want to do another pass on those as well And we've certainly welcomed Some thoughts Yeah, we need to kind of clean that up and you let a lot of things that Yeah, there's there's a lot and unfortunately You can see that you can see the team so we're sort of triaging and trying to go through the time But you know, if you want if you want us to roll up a dev site and you want to kind of help clean up some user profiles That could be very helpful Yeah, I'll have that Well any other questions? We actually are using most of this time. It's good For the next few years. I hope so in the next few years. I don't want to do it. It's on my list of something Yeah, in the next year Yeah, I don't think I don't think it has been explicitly written into our page. Well, I don't think I've updated our roadmap page Uh, quite recently. I think it would be Great and really actually important in the context of that site builder. Totally. We're talking about it. I don't think it checks them It's not doing the checking for you But that that actually could be mitigating pretty easily with a closer script or a closer plug in and Package signing information in the extras field and it would check for you So Yeah sell back. Yeah Yeah, I mean, yeah, there's there's still just a lot of ideas that shaw hashes are useful or not I Think it's Yeah, I think it's more on the Yeah, everything else Yes, okay So We're also surfacing it on the profiles for organizations So when you're when you go to look at any organizations profile, whether they're a service provider or they're a community organization It's there. Um, I don't think we're using that kind of programmatic Oh, well, yeah, we're using that information for the For the industry page a partner selection That was based on credits and and whether they worked in the Relative industry But those are the main places we're doing them right now. And then just a curiosity Yeah, there's a few there's a few open issues that are about there's one that's specifically about just I think it's kind of a generic plan Issue for the ranking algorithm That just has a few things captured in it And then there's a couple issues floating around for things like capturing the per commits rather than just for the credited in the UI credits, but Yeah, they're floating around in a few places. It's not necessarily totally well organized You can certainly pick them up. Yeah, absolutely I'll just make this comment in case this report is Sure, I just wanted to bring up the issue of governance because yeah, it seems like we had sort of I need the evolution from a lot of working groups that were having input on will happen in order to now Sure, and if I agree, maybe there's something sort of problematic to me that you know It's not me. I also thought especially the first week of the interest experience levels and people evaluating what really the priority is and I don't This is sort of not your responsibility happy systems in place, but sure Working guys be the strongest community governance project that's helping you guys decide what the right party Yeah, I just wondering if you have any thoughts on that or is that something that needs Megan or the right person Raise a question like why why is it on the front room community group or should there be like an electing community body or How do we get people engaged motivation or authority or whatever Yeah, I mean, it's a really good question. Um When I talk to when I spoke to your governments a little bit earlier Like as I said, there's those those particular places where Our decision-making as it respects to the tooling and as it was as respect to the tooling and with respect to the Kind of the scaffolding of the project have significant impacts on the project itself and how people work I don't necessarily know the right channel to raise that Concern it's it's good to raise it with us because I can talk to you know The board and I can talk to Megan and talk about that a little bit I think it's good to raise it within the context of the larger project governance discussion It's going on right now. Um, I think it's it's certainly relevant to that um Yeah, I mean what we'll need to think about next steps. We'll need to think about what'll work What's interesting about the working groups. Um is the working groups? um I had to go back and dig through some history, but you know They weren't originally formed strictly as a governing body So much as literally working groups with the notion that they would be taking on some of these tasks and doing some of these things and it kind of That changed over time to be more kind of a discussion group or a betting group and or or an oversight idea in some cases and the different groups happen in different ways and kind of You know, it just evolved in a different direction. So I don't know what the right model is You know, that one seems like it didn't sustain but there probably is one and and you know this notion of I've been asking myself about the larger governance question is How do we know who speaks the authority about diverse community, right? Just in general, not just for jubilee or for the project of large Notion of kind of community elected positions is that is one way of knowing there's some authority behind a voice So maybe that's a thing to explore. But um Yeah, I'm still looking for the right idea for sure Yeah Okay Which is a hard way to make decisions sometimes. Yeah, that's certainly true Yeah, but at the same time opens figuring out ways to improve that because there's we've seen places where it's fallen down We've seen we've also seen places where it's been very successful, but it's just hard to It's hard to figure out how to cover every case Okay All right, thank you very much for attending Um For information here as well And uh, you can let us know what you think about the con and find this information about the session and hopefully I will get a recording up and all that kind of stuff Thanks again, everyone