Date

Call-in Information

Time: 11:00 am, Eastern Daylight Time (New York), 4pm Central European Time

To join the online meeting:

  • https://lyrasis.zoom.us/j/84378615572?pwd=bGUxSjlyRTdjOGl5U1B6L0Yva3RQdz09

    Meeting ID: 843 7861 5572
    Passcode: 556561
    One tap mobile
    +16699006833,,84378615572#,,,,*556561# US (San Jose)
    +19292056099,,84378615572#,,,,*556561# US (New York)

    Dial by your location
            +1 669 900 6833 US (San Jose)
            +1 929 205 6099 US (New York)
            +1 253 215 8782 US (Tacoma)
            +1 301 715 8592 US (Washington DC)
            +1 312 626 6799 US (Chicago)
            +1 346 248 7799 US (Houston)
            877 853 5257 US Toll-free
            888 475 4499 US Toll-free
    Meeting ID: 843 7861 5572
    Passcode: 556561
    Find your local number: https://lyrasis.zoom.us/u/kerqtGDrJ4

Calendar invitation - ICS file

Slack

Attendees

(star)  Indicating note-taker

  1. Dragan Ivanovic 
  2. Brian Lowe 
  3. Michel Héon 
  4. Ivan Mrsulja 
  5. Miloš Popović (star) 
  6. Kshitij Sinha 
  7. Sai Pavan K
  8. Benjamin Gross 
  9. William Welling 
  10. Garrett Armstrong

Agenda

Notes

  • ORCID Global participation fund

We decided to postpone the application and do it in March or April next year.

  • Resolved issue

Dragan asked Garret What is the plan for the issues.

Garret said he should investigate a bit and then he should come with better questions.
 Dragan: There are two official VIVO service providers. The Lyrasis board discussed offering hosting at Lyrasis infrastructure, but it is not yet in place.

Benjamin said in the chat: We offer hosting but TBH it will be significantly cheaper to host yourself.

  • M1 mac issue

Dragan created M1 Mac issue ticket and asked everyone to paste the issue that anyone has with building vivo on M1 chip laptop

Garret said that he has progress about docker, and he will paste his progress in issue 

  • Responsive wilma theme

Dragan: There was a comment from Georgy about bootstrap.min.js file that should be kept because it is used in extended search pull requests, but Milos can’t find how it is used in the extended search.
There was probably misunderstanding, and Dragan will get in contact with Georgy to discuss if that change is still necessary

  • I forgot my password

Last week we discussed with the committers’ group and decided that we should make some changes in the front end. Ivan shared his screen and demonstrated the solution.

Ivan created a new page when you clicked the forgot password link.
There is a box to enter your email, also it checks if the email form is valid.

It is also available in all different languages. Since Ivan only speaks English and Serbian, Ivan asks other participants to check other languages because it is translated via google translate. 

Dragan: Michael, can you please check the French part.
Michael: Yeah, Sure not a problem.

Ivan: I had some ideas to implement configuration for cooldown time until the next request, etc..
William: I haven’t looked at the PR itself but assume that’s a good practice. I assume that’s adequate, I am more interested in the link. Is that using a token or a session? How do they get back to them to change their password?
Ivan: It was already implemented in the Vitro. I did not really look at the implementation but I believe it’s some kind of a token that will redirect you to the page for password change.

Benjamin warned about the situation where a password reset form could reveal if some account exists.
William suggested implementing a captcha to prevent one user from sending a lot of password reset to random emails.
Dragan: I think it is not that big of a security issue, it is not a bank or some high-risk security system.
Brain: I could just intuitively imagine that for example if some hacker gets a list of emails and account names that were leaked, they're just trying to find other systems where they have accounts.

Welling: Do we have a mechanism to lock an account after a few failed attempts to login?
Dragan: Not at the moment.

Ivan: Email is also displayed in the individual profile page, they have a lot of ways in which people can gather information, but I agree with everybody, we can make one neutral message.

Milos: What if somebody tries to reset the password or for the mail that he does not have registered? Maybe it would be good to send a mail also in that case that he does not have a linked account with that email.

Brain: We could add a paragraph at the end saying if you don't receive the email after some period of time or if it's not in your spam, please contact administrators (and provide a link to contact form).

  • Time difference 

Next week we will be aligned again between North America and European time standard time zone difference (6 hours between Eastern Time and Central European Time).

Draft notes in Google Docs

Task List

  • Ivan Mrsulja to align implementation of "I forgot my password" PR in accordance with discussion - create a neutral message, return back link to contact form, investigate whether CAPTCHA can be used
  • Dragan Ivanovic to discuss with Georgy Litvinov and Miloš Popović whether bootstrap.min.js is needed or not in the new responsive wilma theme
  • Garrett Armstrong to share his solution about using Docker to overcome issue with Mac M1 chip and VIVO

Previous Tasks 

  • Dragan Ivanovic to add columns in the project board for Priority and Difficulty.
  • Sprint participants to read description of issues and think about their preferences. 
  • No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.