**Session Date/Time:** 08 Feb 2022 19:00 # [TOOLS](../wg/tools.html) ## Summary The TOOLS working group discussed significant progress on infrastructure upgrades and migrations, including the IETFA server refresh, SVN to GitHub migration, and the impending launch of tools.ietf.org. Key security enhancements were also a focus, particularly regarding the Data Tracker and XML2RFC. Discussions highlighted operational decisions, such as a preference for building a new IETFA server, and ongoing challenges, like the broader adoption of Zulip due to archiving concerns. Plans for community engagement through workshops and a sandbox for the Data Tracker Bootstrap 5 update were also outlined. ## Key Discussion Points * **Meeting Logistics**: Participants were encouraged to use Mediko's dual mute buttons to stay connected to the primary mixer for smoother audio interactions. The meeting notes page was taken as read for many sections to expedite the meeting. * **IETFA Refresh (ietfa.ietf.org)**: * **Discussion**: The current plan is to build a new version of IETFA on different hardware with a new OS (Zen) and hypervisor. This allows for development testing before a cutover, mitigating risks associated with an in-place OS upgrade on older hardware, which had caused issues in the past. This approach, while slower, offers more flexibility and safety. The expected timeline for development testing is early March, with a cutover planned after IETF 113. * **Decision**: The group agreed to proceed with building the new server. * **RFC Editor Lists**: The plan to move the RFC Editor lists over to IETFA was noted as read. * **SVN to Git/GitHub Migration**: * **Progress**: Small repositories have been moved. The `xml2rfc` repository was moved to GitHub, with several embedded repositories split out. `cly` will become the main branch, and others archived. * **New Tools/CI/CD**: Significant work has been done on GitHub, including tools for secure private signing keys for PyPI package pushes, and extensive CI/CD pipelines (e.g., using `rfc-to-html` as a testing ground for automated testing and release processes). * **Community Engagement**: The migration enables broader community participation via GitHub. A plan was made to dedicate 5 minutes at the IETF 113 plenary to encourage community members to contribute directly via GitHub. * **tools.ietf.org Launch**: * **Author Tools Site**: The author tools site is essentially ready for live deployment. Minor maintenance items remain (e.g., word joiner template error, Bob Briscoe's suggestions). A sense of those present indicated no showstoppers. * **Daily Dose & BAP**: `daily-dose` provision and a replacement for `bap` (being developed by Kasar) are expected to lag slightly behind the main cutover. * **BibXML Service**: This is the current "long pole" for the `tools.ietf.org` launch, with hot and heavy activity on edge cases, particularly regarding semantic conflicts with Relaton names (used by Ribose). Deployment on IETF devices is expected in the next couple of weeks, with a cutover hoped for within three weeks, timed to avoid the hard draft submission press before IETF 113. * **External Impact**: The lead at Ribose (also involved with ISO) has raised questions about ISO reference formatting into IETF documents due to semantic conflicts, leading to an email thread with IETF leadership. * **Zulip**: * **Status**: No progress was made in the last month due to a deadlock on who should advance the deployment, specifically regarding the "Note Well" content and its presence in new rooms. Jay agreed to follow up on an unanswered email regarding configuration. * **Medico Integration**: A plan to switch Mediko's backend from Jabber to Zulip between IETF 113 and 114 was mentioned, but participants were invited to voice discomfort. * **Leadership Concerns**: ISG and IAB expressed concerns about Zulip, preferring Slack, primarily due to the lack of unarchived/private channels and one-on-one conversation features, which prevents mirroring private lists and impacts community feeling. Message retention policies were discussed as a potential solution for archiving concerns, with Jay investigating further. * **Workshops**: * **Purpose**: A call for a general tools workshop will be scheduled in the coming weeks to prioritize and schedule future development workshops. Community contributions for new workshop ideas are encouraged. * **Strategic Importance**: These workshops are deemed crucial for planning future work, including addressing technical debt and exploring forward-looking initiatives such as VS Code plugins for IETF document creation. * **Author Tools & Vactel Website**: Shareable URLs for i-draft and RFC comparisons are now available. The Vactel website has been updated to a new active version. * **Data Tracker**: * **Cloudflare**: The Data Tracker is successfully running behind Cloudflare, showing significant, though not massive, performance improvements for non-authenticated users. * **Infrastructure Migration**: In the next few days, migration from Apache/mod_wsgi to Nginx/Gunicorn is planned. * **Bootstrap 5 & Time Zone Aware Branch**: A recent change in direction will bring in the Bootstrap 5 branch first, followed by the time-zone aware branch work. The time-zone code will be re-implemented by the current team to ensure familiarity. * **User Interface Impact**: The Bootstrap 5 update will lead to a "massively different" look and feel. * **Community Feedback**: Plans include running the updated Data Tracker in parallel with a sandbox for community feedback before moving to production after IETF 113. * **XML2RFC**: * **Local References**: By default, local references for files in source or template directories are now allowed, addressing past errors. * **XInclude Restrictions**: To mitigate security risks identified in the Data Tracker security review, a plan is underway to restrict the set of domains from which `xml2rfc` will fetch `xincludes`. Allowed domains will include `xml2rfc.ietf.org`, `rfc-editor.org`, other SDOs, and potentially wildcarded GitHub sites for arbitrary diffing (though this might not apply to `xml2rfc` itself). * **Process for Adding Domains**: This will be an operational decision, coordinated with leadership, potentially handled via secretariat requests or PRs against the code. The metric for adding new domains will likely focus on stable places, SDOs, and trusted administrators, rather than arbitrary individual domains, due to potential for "slow loris" and other attacks. This topic will continue to be discussed on the `tools-discuss` list. * **YANG Catalog**: Work is progressing on a priority list of 10 items. A significant effort involves compressing long `schema-id`s into smaller integers, which also involves fixing issues in an ISG-approved draft. A discussion with proponents and the YANG catalog team will be scheduled to address this and other items. * **Data Tracker Security Review**: * **Remediation**: The dev team is completing the remediation of minor issues identified in the security report. Major issues were addressed before the last call. * **Reporting**: A companion document will be prepared to note how addressed issues (which the original report still lists as unaddressed) were resolved, to be published alongside the final report. * **Next Review**: Work has begun to schedule an IETFA-wide security review with Zx. * **Decision**: The group agreed to proceed with publishing the security report and companion document, noting transparency as a guiding principle. No objections to direct publishing were raised by those present. * **Meeting Cadence**: The "take as read" approach for agenda items was found to be effective. A sense of those present indicated that the current monthly cadence is appropriate. * **IETF 113 Sprint**: A code sprint is planned for the Saturday before IETF 113 (hybrid). ## Decisions and Action Items * **Decision**: Proceed with building a new IETFA server rather than an in-place OS upgrade. * **Action Item**: Glenn (or Robert) to closely track the new IETFA server build and report any delays in reaching the dev testing phase. * **Action Item**: Plan to dedicate 5 minutes at the IETF 113 plenary to encourage community participation in tools development via GitHub. * **Decision**: Proceed with making the author tools site live, as no showstoppers were identified. * **Action Item**: Jay to investigate Zulip's message retention policies and the possibility of private/unarchived channels. * **Action Item**: Schedule a general tools call/workshop in the coming weeks to prioritize and schedule future development workshops. * **Action Item**: Release the Data Tracker Bootstrap 5 update in a sandbox for community feedback before production deployment (after IETF 113). * **Action Item**: Robert to coordinate with leadership and the `tools-discuss` list to define the process for adding new domains to the `xml2rfc` `xinclude` allowed list. * **Action Item**: Schedule a discussion with key participants (Eric, Michael, Carson, Benoit) to address the YANG Catalog `schema-id` compression issues. * **Decision**: Publish the Data Tracker security review's final report along with a companion document detailing the remediation of identified issues. * **Action Item**: Robert to finalize plans with Jay to get on Zx's schedule for an IETFA-wide security review. * **Decision**: Maintain the current monthly meeting cadence for the TOOLS WG. * **Action Item**: Robert to implement a "consent agenda" approach for future meetings, clearly marking items to be "taken as read" unless flagged. ## Next Steps * Continue IETFA new server build and prepare for dev testing in March and cutover post-IETF 113. * Launch the author tools site. * Finalize `bibxml` service deployment and prepare for `tools.ietf.org` transition. * Address Zulip archiving and private channel concerns to re-evaluate its broader IETF adoption. * Organize and conduct community tools workshops to plan future development. * Implement Bootstrap 5 and Nginx/Gunicorn migration for the Data Tracker, leveraging community feedback. * Refine and deploy `xml2rfc` `xinclude` domain restrictions. * Advance the YANG Catalog development priority list. * Complete Data Tracker security review remediation and proceed with the IETFA-wide security review. * Participate in the IETF 113 code sprint.