...

1. Dragan Ivanovic 
2. Brian Lowe 
3. Michel Héon 
4. Ivan Mrsulja 
5. Miloš Popović  
6. Georgy Litvinov
7. Kshitij Sinha 
8. Sai Pavan K
9. Benjamin Gross 
10. William Welling 
11. Garrett ArmstrongAndreas Czerniak

Agenda

• ORCID Global participation fund
  • https://info.orcid.org/global-participation-program/global-participation-fund/
• Resolved issue
  • https://github.com/vivo-project/VIVO/issues/3911
• M1 mac issue
  • https://github.com/vivo-project/VIVO/issues/3915
• Responsive wilma theme
  • https://github.com/vivo-project/VIVO/pull/3909
  • https://github.com/vivo-project/VIVO/issues/3912
• I forgot my password
  
  • https://github.com/vivo-project/Vitro/pull/421
• Time difference 

Notes

• ORCID Global participation fund

We decided to postpone the application and do it in March or April next year.

• Resolved issue

Dragan asked Garret What is the plan for the issues.

Garret said he should investigate a bit and then he should come with better questions.
Dragan: There are two official VIVO service providers. The Lyrasis board discussed offering hosting at Lyrasis infrastructure, but it is not yet in place.

Benjamin said in the chat: We offer hosting but TBH it will be significantly cheaper to host yourself.

• M1 mac issue

Dragan created M1 Mac issue ticket and asked everyone to paste the issue that anyone has with building vivo on M1 chip laptop

Garret said that he has progress about docker, and he will paste his progress in issue 

• Responsive wilma theme

Dragan: There was a comment from Georgy about bootstrap.min.js file that should be kept because it is used in extended search pull requests, but Milos can’t find how it is used in the extended search.
There was probably misunderstanding, and Dragan will get in contact with Georgy to discuss if that change is still necessary

• I forgot my password

Last week we discussed with the committers’ group and decided that we should make some changes in the front end. Ivan shared his screen and demonstrated the solution.

Ivan created a new page when you clicked the forgot password link.
There is a box to enter your email, also it checks if the email form is valid.

It is also available in all different languages. Since Ivan only speaks English and Serbian, Ivan asks other participants to check other languages because it is translated via google translate. 

Dragan: Michael, can you please check the French part.
Michael: Yeah, Sure not a problem.

Ivan: I had some ideas to implement configuration for cooldown time until the next request, etc..
William: I haven’t looked at the PR itself but assume that’s a good practice. I assume that’s adequate, I am more interested in the link. Is that using a token or a session? How do they get back to them to change their password?
Ivan: It was already implemented in the Vitro. I did not really look at the implementation but I believe it’s some kind of a token that will redirect you to the page for password change.

Benjamin warned about the situation where a password reset form could reveal if some account exists.
William suggested implementing a captcha to prevent one user from sending a lot of password reset to random emails.
Dragan: I think it is not that big of a security issue, it is not a bank or some high-risk security system.
Brain: I could just intuitively imagine that for example if some hacker gets a list of emails and account names that were leaked, they're just trying to find other systems where they have accounts.

Welling: Do we have a mechanism to lock an account after a few failed attempts to login?
Dragan: Not at the moment.

Ivan: Email is also displayed in the individual profile page, they have a lot of ways in which people can gather information, but I agree with everybody, we can make one neutral message.

Milos: What if somebody tries to reset the password or for the mail that he does not have registered? Maybe it would be good to send a mail also in that case that he does not have a linked account with that email.

Brain: We could add a paragraph at the end saying if you don't receive the email after some period of time or if it's not in your spam, please contact administrators (and provide a link to contact form).

• Time difference 

Next week we will be aligned again between North America and European time standard time zone difference (6 hours between Eastern Time and Central European Time).

Draft notes in Google Docs

Task List

•  Ivan Mrsulja to align implementation of "I forgot my password" PR in accordance with discussion - create a neutral message, return back link to contact form, investigate whether CAPTCHA can be used
•  Dragan Ivanovic to discuss with Georgy Litvinov and Miloš Popović whether bootstrap.min.js is needed or not in the new responsive wilma theme
•  Garrett Armstrong to share his solution about using Docker to overcome issue with Mac M1 chip and VIVO

Previous Tasks 

•   Dragan Ivanovic to respond to the email https://groups.google.com/g/vivo-tech/c/3rSwC3ywXlI and request more details about environment (VIVO version) and maybe some logs. 
•  Dragan Ivanovic to announce next week presentation of BrCRIS
•  Ivan Mrsulja and Miloš Popović to complete implementation of "I forgot my password" feature
•  All - to review PR assigned to them
•  Dragan Ivanovic to create a PR fixing the issue with CodeQL GitHub action - https://github.com/vivo-project/VIVO/issues/3902
  • https://github.com/vivo-project/VIVO/pull/3903
•  Don Elsborg will continue testing new VIVO with different versions of Solr and report back about the result. 

...