From 3c774fcd01feafef9170364da701411bcf6c0fcc Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 26 Oct 2025 18:25:55 +0000 Subject: [PATCH 1/3] Add community/minutes/2025-10-29.md --- community/minutes/2025-10-29.md | 51 +++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 community/minutes/2025-10-29.md diff --git a/community/minutes/2025-10-29.md b/community/minutes/2025-10-29.md new file mode 100644 index 0000000000..3a12b02171 --- /dev/null +++ b/community/minutes/2025-10-29.md @@ -0,0 +1,51 @@ +--- +tags: [meeting-notes] +title: '2025-10-29' +--- +# conda-forge core meeting 2025-10-29 + +Add new agenda items under the `Your __new__() agenda items` heading + +- [Zoom link](https://zoom.us/j/9138593505?pwd=SWh3dE1IK05LV01Qa0FJZ1ZpMzJLZz09) +- [What time is the meeting in my time zone](https://dateful.com/convert/utc?t=5pm) +- [Previous meetings](https://conda-forge.org/community/minutes/) + +## Attendees + +| Name | Initials | GitHub ID | Affiliation | +| ----------------------- | -------- | --------------- | --------------------------- | +| | | | | +| | | | | +| | | | | +| | | | | +| | | | | +| | | | | +| | | | | +| | | | | +| | | | | + +X people total + +### Standing items + +- [ ] + +### From previous meeting(s) + +- [ ] + +### Active votes + +- [ ] + +### Your __new__() agenda items + +- [ ] + +### Pushed to next meeting + +- [ ] + +### CFEPs + +- [ ] From 458b1e8061ace88382931a800c88e5def7047b0f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 17:53:48 +0000 Subject: [PATCH 2/3] Update community/minutes/2025-10-29.md --- community/minutes/2025-10-29.md | 59 ++++++++++++++++++++++++++++----- 1 file changed, 51 insertions(+), 8 deletions(-) diff --git a/community/minutes/2025-10-29.md b/community/minutes/2025-10-29.md index 3a12b02171..e4412e3fb7 100644 --- a/community/minutes/2025-10-29.md +++ b/community/minutes/2025-10-29.md @@ -14,12 +14,12 @@ Add new agenda items under the `Your __new__() agenda items` heading | Name | Initials | GitHub ID | Affiliation | | ----------------------- | -------- | --------------- | --------------------------- | -| | | | | -| | | | | -| | | | | -| | | | | -| | | | | -| | | | | +| Cheng H. Lee | CHL | chenghlee | Anaconda/cf | +| Jaime Rodríguez-Guerra | JRG | jaimergp | Quansight/cf | +| Mark Allen | MHA | markhallen | GitHub/Dependabot | +| Sylvain Corlay | SC | QuantStack | | +| Rob Aiken | RA | robaiken | Github/Dependabot | +| Daniel Ching | DJC | carterbox | NVIDIA/cf | | | | | | | | | | | | | | | | @@ -40,8 +40,51 @@ X people total ### Your __new__() agenda items -- [ ] - +- [x] CHL/MHA/RA: GitHub/Dependabot team + - (MHA) Have a plan to version updates using dependabot, independent of vulnerability feed + - Queries the conda API for package versions + - How to gather & provide CVE/vulnerability data for conda-forge packages? + - (RA) Get information from GH Advisory database; do have support for Python security advisories + - (RA) Unsure of how to add new ecosystem to advisory database + - (MHA) Dependabot running within GHA runner; not feasible because of large download size + - Could we consdier tapping into the PyPI data feed and find matches in conda-forge? + - (JRG) Add upstream PURLs into recipes; current name mapping is heuristic and subject to error + - (JRG) complexities: not all versions available; multi-output packages; package renames (need to annotate which versions we switched) + - (SC) Been looking into integrating conda-forge into repology. + - XREF: https://conda-forge.org/community/minutes/2025-06-11/ + - (JRG) Need to be careful about burdening volunteer maintainers + - (CHL) Will invite the GitHub/Dependabot team to Zulip; create GitHub issue +- [X] JRG: `zlib` -> `zlib-ng` migration: https://github.com/conda-forge/zlib-ng-feedstock/issues/10 + - CPython 3.14 upstream ships zlibg-ng for Windows, with compatiblity mode; Pillow, various Linux distros switched to zlib-ng + - Currently not building compat mode on c-f because it would create conflicts with existing `zlib` + - (DJC) Continue to support non-compat mode and ask maintainers to explicitly enable zlib-ng + - Could make compat-mode a `zlib` variant, using `blas` as a reference model + - (CHL) Does zlib-ng support dynamic dispatch for vector instructions? If not, could break on older systems. +- [X] DJC: Tegra support (demanded in robotics) + - CTK 12.9 packages for Tegra sm87,sm101 devices are now live + - Third-party packages may start building for Tegra + - arm-variant not required for CUDA 13 (newer devices are SBSA), but we're not ready yet. + - Once CUDA 12 is dropped, arm-variant can be retired. (No other packages are known to use `arm-variant`.) +- [x] DJC: nvidia-virtual-packages + - A conda virtual package plugin which detects the minimum CUDA architecture available on the system + - Source: https://github.com/NVIDIA/nvidia-virtual-packages + - RFC: https://github.com/conda-forge/conda-forge.github.io/issues/2623 + - Motivation: Deep learning packages often have minimum supported CUDA archs which don't align with the CTK + - https://github.com/conda-forge/cudnn-feedstock/issues/124 + - https://github.com/conda-forge/flash-attn-feedstock/blob/b6e3742a7343268a33a285c593753fd49b46d268/recipe/meta.yaml#L23 + - Motivation: Would be possible to break large binaries into smaller variants along CUDA arch + - CHL: Apply for conda incubator + - CHL: CUDA virtual packages should all live in the same place; though we can decide later exactly where. + - JRG: There is a draft CEP about standard names for virtual packages + - How to address bootstrap problem + - conda-forge and Anaconda could just make `conda` depend on this/these plugins + - pixi doesn't have a plug-in system, but could integrate virtual packages directly into pixi +- [x] CHL: continued support for Windows 10? + - [Regular security support](https://endoflife.date/windows) ended on 14-Oct-2025 + - Took a quick look for `main` and `conda-forge` download data; as of 15-Oct, 25%-ish of downloads from `conda ... Windows/*` user agents are still on Window 10. Roughly matches what [Firefox reports](https://data.firefox.com/dashboard/hardware#operating-system-metric-overview-1) + - Will open an issue on conda-forge.github.io to further discuss +- [X] WV: Huge refactor of the `cache` output in rattler-build. More versatile, experiments with the staging output idea. + ### Pushed to next meeting - [ ] From 342aea50f070f43684a1a7166cb843e481f008b9 Mon Sep 17 00:00:00 2001 From: jaimergp Date: Thu, 30 Oct 2025 10:59:54 +0100 Subject: [PATCH 3/3] Update community/minutes/2025-10-29.md Co-authored-by: jakirkham --- community/minutes/2025-10-29.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community/minutes/2025-10-29.md b/community/minutes/2025-10-29.md index e4412e3fb7..0720332cd2 100644 --- a/community/minutes/2025-10-29.md +++ b/community/minutes/2025-10-29.md @@ -47,7 +47,7 @@ X people total - (RA) Get information from GH Advisory database; do have support for Python security advisories - (RA) Unsure of how to add new ecosystem to advisory database - (MHA) Dependabot running within GHA runner; not feasible because of large download size - - Could we consdier tapping into the PyPI data feed and find matches in conda-forge? + - Could we consider tapping into the PyPI data feed and find matches in conda-forge? - (JRG) Add upstream PURLs into recipes; current name mapping is heuristic and subject to error - (JRG) complexities: not all versions available; multi-output packages; package renames (need to annotate which versions we switched) - (SC) Been looking into integrating conda-forge into repology.