View Source

<ac:macro ac:name="toc" />


<li>Date: 04 April 2012, 18:00-19:00 UTC</li>
<li><ac:link><ri:page ri:content-title="2012-04-04 Meeting Agenda" /><ac:link-body>Agenda</ac:link-body></ac:link></li>
<li>Moderator: Matthew Weier O'Phinney (nickname weierophinney)</li>
<li>Next meeting: 11 April 2012</li>


<h3>OAuth 2.0 integration and where it should live</h3>

<p>(Search for &quot;18:01:44&quot; in the log.)</p>

<p>Gary Hockin (Spabby) is working on OAuth2 support for the framework. This support will include both client and server implementations. For the client side, things get dicey as (a) server-side implementations differ and vary from the specification, and (b) require round trips by the end-user to and from the provider. As such, Gary is unsure whether to develop OAuth2 as a service component, a module, or a ZF2 component.</p>

<p>Debate showed that the core functionality surrounding the computational aspects could likely live within the framework, but that for consumers and even providers, it may make sense to have drop-in modules that simply accept some configuration to make work.</p>

<p>Overall, the only consensus reached was that an RFC is needed to better illustrate the issues so that we can have a truly informed vote. Dolf Schimmel (Freeaqingme) volunteered to begin the RFC, and have Gary and Mike Willbanks (mwillbanks, who plans to work on the provider aspect of the component) review.</p>

<p><strong>tl;dr</strong>: Expect an OAuth2 RFC shortly.</p>


<p>(Search for &quot;18:22:36&quot; in the log.)</p>

<p>Enrico Zimuel (ezimuel), in getting feedback on his Zend\Crypt proposal, was given the suggestion to move the Zend\Crypt\BigInteger component under Zend\Math. This re-opened the discussions around Zend\Math. Enrico suggests going forward with the Zend\Crypt proposal, but moving math-related code under the Zend\Math namespace, but without waiting for approval on the Zend\Math component. This had unanimous support.</p>

<p>Marco Pivetta (ocramius) raised some more questions about Zend\Crypt's API, suggesting to make it even simpler; specifically, he wanted the possiblity of specifying all parameters, including the key, via class options rather than passing them to the enc()/dec() methods. Enrico agreed to consdier this change.</p>

<p><strong>tl;dr</strong>: We'll have a Zend\Math component as part of Zend\Crypt refactoring.</p>

<h3>Changing meeting times</h3>

<p>Finally, Matthew (weierophinney) suggested changing the time for IRC meetings. Originally, meetings were set for 17:00 UTC, but when DST ended last fall moved forward to 18:00 UTC. Now that DST is back, he suggested changing the time again. While a good number voted for 17:00, some late comers indicated that the new time did not necessarily work, and several others at that time also indicated the same. Matthew suggested asking on the ML and creating a poll based on suggested times.</p>

<p><strong>tl;dr</strong>: DST messes with everybody's schedules.</p>


<ac:macro ac:name="html"><ac:parameter ac:name="output">html</ac:parameter><ac:plain-text-body><![CDATA[
pre.log {
white-space: -moz-pre-wrap; /* Mozilla, supported since 1999 */
white-space: -pre-wrap; /* Opera 4 - 6 */
white-space: -o-pre-wrap; /* Opera 7 */
white-space: pre-wrap; /* CSS3 - Text module (Candidate Recommendation) */
word-wrap: break-word; /* IE 5.5+ */
border: 1px solid darkgray;
padding: 0.5em;
<pre class="log">
17:59:34 &lt;weierophinney &gt; Greets, all!
17:59:37 &lt; Spabby &gt; hi!
17:59:38 &lt;weierophinney &gt; time to start!
17:59:45 &lt; ezimuel &gt; hi all!
17:59:46 &lt; ocramius &gt; hiall
17:59:47 &lt; Bittarman &gt; Evening chaps :)
17:59:55 &lt;weierophinney &gt; Reminder: agenda is here:
18:00:14 &lt; Thinkscape &gt; wiki is back!
18:00:17 &lt;weierophinney &gt; Meeting is _logged_ so that we can post a log and summary later, so don't say anything you don't want public.
18:00:23 &lt; ocramius &gt; ezimuel: /me goes to read Math rfc... forgive me ezimuel :\
18:00:26 &lt;weierophinney &gt; Thinkscape: yep, I kicked it good a few minutes ago. :)
18:00:44 &lt; ezimuel &gt; ocramius: ok
18:00:46 &lt;weierophinney &gt; ocramius: math rfc was written by WalterTamboer originally, and has been posted for months.
18:01:16 &lt; Thinkscape &gt; Calendar & updates : I don't understand what's written in the wiki...
18:01:23 &lt; Thinkscape &gt; Is it spanglish ?
18:01:26 &lt;weierophinney &gt; Looking at the agenda.. first topic we're skipping, due to more votes against discussing than for, plus technical reasons not to consider it.
18:01:27 &lt; ocramius &gt; weierophinney: then I probably missed the correct rfc
18:01:30 &lt;weierophinney &gt; Thinkscape: see above. :)
18:01:40 &lt; Thinkscape &gt; ugh
18:01:44 &lt;weierophinney &gt; Next topic, though, is good: OAuth 2 integration.
18:01:49 &lt;weierophinney &gt; Spabby: you around to take this one?
18:01:58 &lt; Spabby &gt; yep
18:02:08 &lt; EvanDotPro &gt; weierophinney: actually i had just tied the vote, but A) it was after the meeting started by a minute and B) i'm okay with skipping that topic.
18:02:17 &lt;weierophinney &gt; EvanDotPro: noted. :)
18:02:40 &lt;weierophinney &gt; EvanDotPro: ezimuel wanted to change his vote anyways. :)
18:02:44 &lt;weierophinney &gt; Spabby: GO FOR IT
18:02:53 &lt; Spabby &gt; basically, we have been trying to get some momentum going for OAuth 2.0 integration into the framework, starting with a client but extending to a server as well
18:03:27 &lt; Spabby &gt; we've bashed out some of the architecture issues this week, but the question is where should this component live, in the framework proper, as a service module, or somewhere else?
18:04:16 &lt;weierophinney &gt; My take is that this is a nice _utility_ class, in that it might be consumed by a variety of services, and, with the server, allow providing an oauth2 provider. As such, I'd vote for inside the framework.
18:04:25 &lt;weierophinney &gt; But, as you note, where? :)
18:04:26 &lt; ocramius &gt; I'm fine with having it as module, it really is just a Module additional class in the namespace
18:04:49 &lt;weierophinney &gt; ocramius: do you prefer having it as a module, or are you simply "fine" with having it as a module?
18:04:57 &lt; ocramius &gt; I prefer it as a module
18:04:57 &lt;weierophinney &gt; and what's the argument for making it a module vs. a component?
18:04:59 &lt; Spabby &gt; there has been some support to have it in the framework proper, but also some support to have it as a ZendService module, my favourite so face has been to have Zend\Oauth\OAuth1 \OAuth1A and \OAuth2 but we are then tied into having it only updating on framework releases
18:05:12 &lt; ocramius &gt; a module could provide some initialization logic (bootstrap) that helps devs getting started
18:05:14 * Thinkscape_ is back...
18:05:23 &lt; Thinkscape_ &gt; umm... wouldn't it be better to create an Auth component with adapters? i.e. for openid, browserid, oauth, windows live id etc.
18:05:28 &lt; ocramius &gt; OAuth is not always easy, and some guidance by the module maintainer isn't bad
18:06:01 &lt; ocramius &gt; Also, (I don't know if this fits the topic) the OAuth 2 current impl should probably be splitted into client and server probably...
18:06:02 &lt; Thinkscape_ &gt; there are also a few "modern" coming soon ...
18:06:03 &lt;weierophinney &gt; ocramius: you're talking about it in terms of integration, due to the need to do redirects, etc.?
18:06:12 &lt; ocramius &gt; weierophinney: yes, indeed
18:06:24 &lt; Spabby &gt; if I can provide some background, the idea is to have a default Options class, with bespoke Options classes for the popular vendors so you can connect it into the popular sites very quickly
18:06:27 &lt; ocramius &gt; weierophinney: providing some simple options like "initialize for google"
18:06:28 &lt; ezimuel &gt; We can have other service components that use OAuth so I vote to put it in a component
18:06:42 &lt; ocramius &gt; Spabby: saw your example for google
18:06:49 &lt;weierophinney &gt; Thinkscape_: we have an adapter-based authentication component already... but I thinmk the point being made is that oauth differs from the other adapters due to the request/response lifecycle necessary.
18:06:54 &lt; ocramius &gt; it is nice, but it could be provided with a module config
18:07:09 &lt; Thinkscape_ &gt; weierophinney: I disagree. There are other protocols similar to it.
18:07:11 &lt; EvanDotPro &gt; Thinkscape_: honestly thats kinda what ZfcUser does: providing a more powerful auth component (extending Zend\Authentication) so that adapters can be made for oauth, browserid, etc.
18:07:22 &lt; Bittarman &gt; I think it makes more sense as a module...
18:07:26 &lt; Thinkscape_ &gt; weierophinney: and the new ones that will come in the next few months will sometimes even use tokens (i.e. mobile apps)
18:07:40 &lt; ocramius &gt; Spabby: also, I am not sure if this fits the topics, but for now the client and the OAuth lib are one thing, right spabby?
18:07:42 &lt; Bittarman &gt; then it makes sense to consumers of it why it has some features which integrate with the MVC
18:08:03 &lt;weierophinney &gt; Thinkscape_: yes, but the tokens can be injected into the adapters, which then simply provide validity of identity and identity.
18:08:09 &lt; Bittarman &gt; because if it doesn't do that, its going to mean alot of people writing essentially the same boilerplate in order to use it.
18:08:14 &lt; Thinkscape_ &gt; ezimuel: other components should use Authentication component --- the choice of adapter, oauth or otherwise - should be left to the user.
18:08:20 &lt; EvanDotPro &gt; Thinkscape_: there's ones that require an app where you scan the QR code on your mobile device and stuff... lots of clever two-factor auth services, which Zend\Authentication does NOT cleanly support.
18:08:24 &lt; mwillbanks &gt; I believe that the base "Component" so to speak should be in the core, with vendor specifics being in modules
18:08:36 &lt; Spabby &gt; if it is a component, it should return something that lets the calling class know they need to perform a redirect, rather than do the redirect, if it's a module then it can be configured to do that redirect
18:08:40 &lt; Thinkscape_ &gt; EvanDotPro: my point: OAUTH living in vacuum won't be a good component.
18:09:02 &lt; Thinkscape_ &gt; Regardless of how protocol works..
18:09:38 &lt; Bittarman &gt; s/component/module/ :)
18:09:44 &lt;weierophinney &gt; Thinkscape_: right... I think good points have been made at this point to have it as a module for that reason. But it raises the question of whether or not we need to make changes to the Authentication component.
18:10:10 &lt; Bittarman &gt; have it as a component, then by the rules we are working to for other components, it will be unaware of the MVC.
18:10:19 &lt; ocramius &gt; weierophinney: the adapter could be provided by the module, this reduces dependencies in the framework
18:10:23 &lt; Bittarman &gt; and therefore more complex for developers to use.
18:10:27 &lt; Thinkscape_ &gt; Bittarman: we can always make it aware with strategies.
18:10:30 &lt; Bittarman &gt; as a module, its more drop in, and go.
18:10:32 &lt; DASPRiD &gt; meeting!
18:11:04 &lt; Thinkscape_ &gt; Ok, that leaves the questions: what is the use case for _the component_ without a module then ?
18:11:05 &lt; Spabby &gt; I may be missing the point, but OAuth doesn't actually provide authentication information for the user, it only provides the token to acquire that information
18:11:19 &lt; ocramius &gt; Spabby: yes, but an auth adapter could consume oauth services
18:11:31 &lt; Spabby &gt; ocramius: yes indeed
18:11:37 &lt; ocramius &gt; Spabby: so it would be "helpers" provided by the oauth module
18:11:43 &lt;weierophinney &gt; Spabby: the Authentication component does two things: verify identity, and _provide_ identity.
18:12:01 &lt; Thinkscape_ &gt; Spabby: are oauth services used outside of auth component ?
18:12:18 &lt; Spabby &gt; Thinkscape_: sorry, I don't understand what you mean
18:12:27 &lt; mwillbanks &gt; Thinkscape_: absolutely; especially when you get into the server component
18:12:31 &lt; Thinkscape_ &gt; if not - then it could be Auth\Adapter\Oauth
18:12:41 &lt; Spabby &gt; ^^^ ta mwillbanks
18:12:51 &lt; Thinkscape_ &gt; Instead of Zend\Oath - which is detached and quite useless... i propose Zend\Authentication\Adapter\Oauth + common framework for that
18:12:55 &lt; DASPRiD &gt; weierophinney&gt; Looking at the agenda.. first topic we're skipping, due to more votes against discussing than for, plus technical reasons not to consider it. &lt;&lt;&lt;&lt; 7 yes, 5 no :x
18:13:12 &lt; EvanDotPro &gt; Thinkscape_: i'd say yes... for example, we could have with a normal email/password account system, but then you can simply add/link your github account to your existing account.
18:13:18 &lt; SpiffyJr &gt; Thinkscape_, OAuth also has a provider component on top of the consumer (auth) portion.
18:13:22 &lt;weierophinney &gt; DASPRiD: I was looking at it prior to the meeting. Votes have changed since then.
18:13:32 &lt;weierophinney &gt; DASPRiD: that said, I know of at least one switch from yes to no.
18:13:33 &lt; SpiffyJr &gt; Thinkscape_, I'm not sure if Spabby is implmenting a provider portion but Zend\OAuth seems reasonable to me.
18:13:49 &lt; Spabby &gt; EvanDotPro: that would be the job of ZendService\GitHub, which would consume Zend\OAuth
18:14:01 &lt; ocramius &gt; Spabby: just to know, do you have plans to separate the client within the OAuth module?
18:14:02 &lt; Spabby &gt; I guess a key question is, are we going to support all 3 version of OAuth?
18:14:04 &lt; mwillbanks &gt; The PROVIDER in an OAUTH component also provides ACL what you can and what you cannot do... when talking SPECIFICALLY about the CONSUMER portion yes; that could CONTAIN an Authentication adapter
18:14:05 &lt; EvanDotPro &gt; Thinkscape_: in that case, they'r already authenticated as far as the site is concerned, but oauth is used in a different capacity to aquire a token for accessing the GitHub API via that user.
18:14:05 &lt; mwillbanks &gt; :)
18:14:10 &lt; DASPRiD &gt; weierophinney, i wonder what's the general consensus there is about moving all atlassian product to "hosted"
18:14:11 &lt; ocramius &gt; currently, OAuth itself is the client
18:14:18 &lt; DASPRiD &gt; weierophinney, but different story, ignore me
18:14:29 &lt; ocramius &gt; (and the OAuth server side libs out there really suck :( )
18:14:45 &lt; Spabby &gt; mwillbanks will be leading a server side lib I believe
18:15:03 &lt; mwillbanks &gt; Freeaqingme also volunteered to help :)
18:15:06 &lt; ocramius &gt; hmm, and shouldn't that be under the same ns?
18:15:21 &lt; Spabby &gt; if we are going to support OAuth 1, 1A and 2 then I propose Zend\Oauth\OAuth2\Client
18:15:35 &lt; ocramius &gt; that's why I'm asking if there's plans for separating the client (even just naming could do)
18:15:41 &lt; mwillbanks &gt; ocramius: it would be... there might need to be some additional separation but there will likely be some commonality to things.
18:15:46 &lt; Spabby &gt; or ZendService\Oauth\OAuth2\Client
18:15:53 &lt; Freeaqingme &gt; Spabby, for a provider, I could see some adapter based pattern
18:15:58 &lt; Freeaqingme &gt; uhm, s/provider/client
18:16:00 &lt; Spabby &gt; Freeaqingme: agreed
18:16:11 &lt; Freeaqingme &gt; that's a bad typo...
18:16:20 &lt; EvanDotPro &gt; my vote is that OAuth code pertaining to the implementation of the OAuth spec can live under Zend\OAuth, then vendor-specific integrations can be delivered as modules.
18:16:42 &lt; Spabby &gt; Freeaqingme: because we will be providing both client and server I think it should live in it's own sub-namespace
18:16:51 &lt; Freeaqingme &gt; EvanDotPro, that's a discussion that will need to be held later. Another option would be to put it in components under zendservice
18:17:04 &lt; mwillbanks &gt; EvanDotPro: that is what i was thinking... inside of there as well could be an authentication adapter as well that could then allow for more loose coupling
18:17:08 &lt; Spabby &gt; EvanDotPro: I disagree, it would mean creating a load of ZendService modules that contained only option classes for the OAuth client
18:17:10 &lt; Freeaqingme &gt; Spabby, but 1.0 and 1.0a will have largely overlapping code
18:17:27 &lt; Freeaqingme &gt; Spabby, why would that be a problem?
18:17:38 &lt; Spabby &gt; Freeaqingme: I don't know about that if I'm honest, I defer to you knowledge
18:17:49 &lt; Freeaqingme &gt; 1.0 and 1.0a are largely the same
18:18:07 &lt; Spabby &gt; Freeaqingme: I think so, we will have some ZendService modules that are complete, some which are just an options file
18:18:13 &lt; Spabby &gt; may cause confusion in userland
18:18:15 &lt; Freeaqingme &gt; I'd rather have an adapter/factory pattern that uses an option class to determine what class to use
18:18:29 &lt;weierophinney &gt; so... what consensus do we have, if any? What I'm seeing here is that we may need an RFC for OAuth, since it's clearly a big domain. Thoughts?
18:18:37 &lt; Spabby &gt; have you seen the stuff in github Freeaqingme?
18:18:45 &lt; Freeaqingme &gt; Spabby, not in detail
18:19:00 &lt; Mike_ZF2xMag &gt; +1 for RFC
18:19:02 &lt; Freeaqingme &gt; (btw my apologies for my interruptions, thought I was talking in #zftalk.2)
18:19:09 &lt; Spabby &gt; just take a look at how the Options class works
18:19:14 &lt; Freeaqingme &gt; I'm +1 for rfc too
18:19:23 &lt; DASPRiD &gt; +1
18:19:26 &lt; ezimuel &gt; +1 for RFC, with the possibility to use as adapter of Zend\Auth, a module or a component
18:19:26 &lt; Spabby &gt; RFC is fine, I won't have time to do it until next week
18:19:38 &lt; Freeaqingme &gt; Spabby, I'll help ;)
18:19:44 &lt; DASPRiD &gt; (mh, i should write a vote plugin for zend\bot, hehe)
18:19:46 &lt; Spabby &gt; unless mwillbanks or Freeaqingme want to take it ;)
18:20:05 &lt;ralphschindle &gt; RFC +1
18:20:27 &lt; EvanDotPro &gt; it just seems strange to me to have some OAuth\Configuration namespace where we have like, Facebook, Google, Vimeo, Ohloh, Github, Myspace, Twitter, Flickr, Yahoo, Meetup, OpenSocial, Photobucket, etc, etc, etc, etc
18:20:36 &lt; EvanDotPro &gt; Spabby: ^^
18:20:47 &lt; Spabby &gt; EvanDotPro: I don't see a problem :P
18:20:58 &lt; mwillbanks &gt; Spabby: i'll see if i can find some time but i won't be sure till i get there
18:21:00 &lt; ocramius &gt; EvanDotPro: maybe they could live on a separate NS
18:21:10 &lt;weierophinney &gt; EvanDotPro: part of it is making it easy for developers to identify the path they need to take to make things work.
18:21:10 &lt; ocramius &gt; OAuh\Util\Config\WhateverBook
18:21:30 &lt;weierophinney &gt; having service-specific options classes makes sense to me.
18:21:32 &lt; Freeaqingme &gt; seems like there's consensus for an RFC. Spabby mwillbanks: I'll draft something up so we have something to discuss if you guys are okay with that
18:21:44 &lt; Spabby &gt; it would be "wow" when you could just create new OAuth(new Vendor\Github\Options());
18:21:55 &lt;weierophinney &gt; cool, thanks, Freeaqingme, for taking on the initial rfc work.
18:21:55 &lt; Spabby &gt; Freeaqingme: perfect
18:22:02 &lt; Mike_ZF2xMag &gt; weierophinney: further, developers attracted into the framework must find its components "logical", rather than having to hunt
18:22:02 &lt; Spabby &gt; thanks :)
18:22:03 &lt; EvanDotPro &gt; i'm +1 for an RFC.. i'd like to see the larger picture before getting too opinionated ;)
18:22:06 &lt;weierophinney &gt; Spabby: +1! that looks cool. :)
18:22:17 &lt; Spabby &gt; weierophinney: that's how it works at the moment
18:22:21 &lt;weierophinney &gt; nice
18:22:24 &lt;weierophinney &gt; kk, next topic
18:22:32 &lt; mwillbanks &gt; Freeaqingme: go for it
18:22:36 &lt;weierophinney &gt; Zend\Math RFC and, tangentially, Zend\Crypt
18:22:39 &lt; Spabby &gt; 1 second, for those who haven't seen it git repo is here:
18:22:41 &lt; Spabby &gt; I'm spent
18:22:55 &lt;weierophinney &gt; ezimuel: you have the floor
18:23:02 &lt; ezimuel &gt; ok, thanks
18:23:08 &lt;weierophinney &gt; (math rfc is here:
18:23:25 &lt; ezimuel &gt; the basic idea is to refactor Zend\Crypt\Math in Zend\Math
18:23:41 &lt; ezimuel &gt; and add all the math stuff in Zend\Math
18:24:13 &lt; ezimuel &gt; that means we have to refactor all the usage of Math classes to Zend\Math, in the RFC is reported some example
18:24:45 &lt; ezimuel &gt; right now the Zend\Crypt\Math contains only BigInteger components
18:25:23 &lt; ocramius &gt; ezimuel: reading from the wiki... Why would something like Haversine not fit?
18:25:29 &lt; ezimuel &gt; the question is: do you agree to split the Zend\Crypt\Math in Zend\Math ?
18:26:19 &lt; ezimuel &gt; ocramius: formulas are fine, so Haversine fit perfectly
18:26:24 &lt; Mike_ZF2xMag &gt; What taxonomy do you wish to derive in Zend/Math?
18:26:25 &lt; ocramius &gt; ezimuel: I'd surely move all the math stuff in Zend\Math if there is any possible usage for it... (not that I'm gonna use it, please keep me away from math :P )
18:26:45 &lt; ocramius &gt; for example, a hashing algorithm probably doesn't fit math
18:26:46 &lt; ezimuel &gt; ocramius: ahaha
18:26:51 &lt; ocramius &gt; while collisions probability could
18:27:06 &lt; ezimuel &gt; an hash algorithm uses Zend\;ath
18:27:10 &lt; ocramius &gt; I really don't know what is in Zend\Crypt\Math now
18:27:11 &lt; ezimuel &gt; sorry Zend\Math
18:27:31 &lt; ezimuel &gt; ocramius: right now is for the management of big integers
18:27:45 &lt; ocramius &gt; yes, I see
18:27:51 &lt;weierophinney &gt; I'm happy with moving math classes to Zend\Math. IIRC, the main reason we have them outside is that they were developed specifically for given consumers (openid, crypt). As long as those consumers can use the functionality, it's good; worst case scenario, they extend and wrap the functionality.
18:27:53 &lt; ocramius &gt; +1 for moving that
18:28:26 &lt;weierophinney &gt; any other feedback/votes/concerns from people?
18:28:56 &lt; ocramius &gt; yes, one, but it is not about the Math sub ns
18:28:59 &lt; Mike_ZF2xMag &gt; I'm wondering where cryptography will end up
18:29:16 &lt; Mike_ZF2xMag &gt; Zend/Math/Crypt namespace?
18:29:18 &lt; ocramius &gt; ezimuel: your current interface for encrypting and decrypting considers parameters
18:29:26 &lt; ocramius &gt; Mike_ZF2xMag: I would keep Zend\Crypt
18:29:39 &lt; ocramius &gt; ezimuel: I wish it was just a bit simplified
18:29:57 &lt; Mike_ZF2xMag &gt; ocramius: I /think/ I agree
18:29:58 &lt; ezimuel &gt; ocramius: i'm trying to write simple API for encrypt and decrypt
18:30:03 &lt; ocramius &gt; ezimuel: most of the time, the usage is $someEncryptorDecryptor-&gt;configure($stuff)
18:30:18 &lt; ocramius &gt; $someencr...-&gt;enc($data) or -&gt;dec($data)
18:30:26 &lt; ocramius &gt; I wish all other params gone if possible
18:30:26 &lt; ezimuel &gt; ocramius: something like encrypt($data, $key)
18:30:34 &lt; ocramius &gt; ezimuel: yes
18:30:43 &lt; ezimuel &gt; ocramius: all the other params are optional
18:30:44 &lt; ocramius &gt; ezimuel: keeping the number of params as small as possible
18:31:01 &lt; ezimuel &gt; ocramius: i will do
18:31:03 &lt; ocramius &gt; ezimuel: not sure if the key hould be also optional
18:31:08 &lt; ocramius &gt; ezimuel: that could be part of the config
18:31:28 &lt; ezimuel &gt; ocramius: the key is the core concept in cryptography :)
18:31:33 &lt; ocramius &gt; yes
18:31:50 &lt; ocramius &gt; but sharing a key across, let's say, controllers
18:31:51 &lt; ocramius &gt; meh
18:32:03 &lt; ocramius &gt; I'd prefer to have some adapter configured to work with the key
18:32:09 &lt; ocramius &gt; in a single point
18:32:15 &lt; ocramius &gt; just my preference, heh
18:32:26 &lt; ezimuel &gt; ocramius: good point, I will think about it
18:32:53 &lt; ocramius &gt; nice :)
18:33:12 &lt; ocramius &gt; so if you can reduce it to encrypt($data) and decrypt($data) as minimum requirement it would be awesome :)
18:33:57 &lt; ocramius &gt; for the rest I am completely unaware of this math world and hopefully I won't have much to do with it :P
18:34:29 &lt; ezimuel &gt; ok, vote for Zend\Math ?
18:34:32 &lt; ezimuel &gt; +1
18:34:37 &lt; Freeaqingme &gt; (I'm leaving the discussion and as such not voting. back to work.. )
18:34:51 &lt; Bittarman &gt; +1
18:34:51 &lt; EvanDotPro &gt; +1 for Zend\Math
18:34:58 &lt; ocramius &gt; +1
18:34:58 &lt; DeNix2000 &gt; +1
18:34:58 &lt;weierophinney &gt; +1
18:35:23 &lt; Mike_ZF2xMag &gt; Mike_ZF2xMag: abstains
18:35:31 &lt;ralphschindle &gt; +1
18:36:03 &lt;weierophinney &gt; kk, last item. And it's not on the agenda, but was suggested a few times in the past weeks.
18:36:20 &lt;weierophinney &gt; Now that we're in DST, do we want to move the meeting time back 1h?
18:36:31 &lt; Mike_ZF2xMag &gt; +1
18:36:35 &lt; Bittarman &gt; +1
18:36:37 &lt; ezimuel &gt; +1
18:36:37 &lt; ocramius &gt; yes, indeed
18:36:39 &lt; ocramius &gt; +1
18:36:42 &lt; ocramius &gt; +2
18:36:44 &lt; ocramius &gt; :D
18:36:50 &lt; EvanDotPro &gt; i'll give a +1 even though i'm exempt from DST ;)
18:36:57 &lt;weierophinney &gt; EvanDotPro: you don't count. :)
18:36:59 &lt; ezimuel &gt; ocramius: actually +4
18:37:19 &lt;weierophinney &gt; no binary addition, please. :)
18:37:23 &lt; ocramius &gt; I've already missed 2 or 3 meetings because of getting home from work :P
18:37:52 &lt; EvanDotPro &gt; ocramius: leave earlier... clearly zf2 meetings are far more important than any career.
18:37:57 &lt;weierophinney &gt; DASPRiD: dmitrybelyakov Freeaqingme hhatfield kobsu mwillbanks ralphschindler Spabby SpiffyJr_ wilmoore ....
18:38:00 &lt;weierophinney &gt; any thoughts, folks?
18:38:05 &lt; mwillbanks &gt; whoa!
18:38:05 &lt; ocramius &gt; EvanDotPro: can't, not always driving :P
18:38:13 &lt; DASPRiD &gt; weierophinney, ?
18:38:16 &lt; DASPRiD &gt; sorry have been afk
18:38:20 &lt; mwillbanks &gt; weierophinney: +1
18:38:24 &lt;ralphschindle &gt; i was plus 1 above ^
18:38:29 &lt;weierophinney &gt; DASPRiD: thoughts on moving meeting time back an hour?
18:38:30 &lt; Freeaqingme &gt; 'moving back' = earlier?
18:38:32 &lt; SpiffyJr_ &gt; +1, keeping them noon is probably best for me too
18:38:34 &lt; mwillbanks &gt; 1pm is a bit difficult
18:38:35 &lt; ocramius &gt; EvanDotPro: otherwise I'd love to leave earlier :P
18:38:37 &lt;weierophinney &gt; Freeaqingme: yes, one hour earlier.
18:38:39 &lt; DASPRiD &gt; weierophinney, uhm, so one hour earlier?
18:38:41 &lt; DASPRiD &gt; mhhh
18:38:48 &lt;weierophinney &gt; aka, 17:00 UTC
18:38:57 &lt; DASPRiD &gt; but only for DST, right?
18:38:57 &lt; Freeaqingme &gt; +1
18:38:57 &lt;ralphschindle &gt; oh, different question
18:39:02 &lt;ralphschindle &gt; I'm still +1
18:39:04 &lt;weierophinney &gt; DASPRiD: yes.
18:39:16 &lt; DASPRiD &gt; weierophinney, mh okay
18:39:17 &lt;weierophinney &gt; we moved the meetings forward to 18:00 UTC when DST ended last year.
18:39:24 &lt;weierophinney &gt; ralphschindler: yes?
18:39:26 &lt; Spabby &gt; +1
18:39:28 &lt; Mike_ZF2xMag &gt; Seems like everyone wants to go forward an hour, not back
18:39:48 &lt;ralphschindle &gt; im more or less with the community whichever way they chose to go, at 12 or 1, its all the same to me
18:39:50 &lt;weierophinney &gt; Mike_ZF2xMag: LOL
18:39:56 &lt; EvanDotPro &gt; lol Mike_ZF2xMag
18:39:57 &lt; Mike_ZF2xMag &gt; ;)
18:40:04 &lt;weierophinney &gt; took me a moment there. :)
18:40:07 &lt; ocramius &gt; Mike_ZF2xMag: one hour later would be good for me, that means 21:00, which means I've started doing interesting stuff :D
18:40:11 &lt;weierophinney &gt; ralphschindler: you had a question?
18:40:32 &lt;ralphschindle &gt; no, i was referring to the fact that the question had changed ;)
18:40:35 &lt; ocramius &gt; meh, I guess I missed the joke if there was :P
18:41:05 &lt; EvanDotPro &gt; weierophinney: you know, really my vote should count 2x here.. for everyone else this is about keeping the meeting time the same as it was, for me it's about actually changing the meeting time.
18:41:39 &lt; Spabby &gt; with your sleeping pattern you vote should count half
18:42:05 &lt;weierophinney &gt; Spabby: +1
18:42:06 &lt;weierophinney &gt; :)
18:42:06 &lt; EvanDotPro &gt; (regardless, i'm still +1, not that we're close to a swing vote or anything.)
18:42:21 &lt;weierophinney &gt; kk, I'll announce the time change on the list, then.
18:42:26 &lt; Freeaqingme &gt; Id say there's 50%+1 votes
18:42:45 &lt; ocramius &gt; who were the people involved in oauth then? Freeaqingme, mwillbanks and Spabby ?
18:42:52 &lt; ocramius &gt; just to know
18:42:53 &lt;weierophinney &gt; ocramius: correct.
18:43:01 &lt; ocramius &gt; thx
18:43:03 &lt; mwillbanks &gt; ocramius: yes; but Spabby has been leading the charge :)
18:43:05 &lt; Spabby &gt; everyone in zftalk.2
18:43:08 &lt;weierophinney &gt; So, some updates, while you're here and we have time to spare.
18:43:18 &lt; mwillbanks &gt; yay updates!
18:43:37 &lt;weierophinney &gt; Forms: I'm just about done with the InputFilter -- working on the factory now and should finish that today. The rest is easy stuff.
18:43:56 &lt;weierophinney &gt; ServiceLocator nee InstanceManager: ralphschindler and I prototyped it this past week.
18:44:09 &lt;weierophinney &gt; ralphschindler did the hard work, and then I integrated it into the skeleton app
18:44:34 &lt; ocramius &gt; aha
18:44:37 &lt;weierophinney &gt; The good news: simpler configuration, simpler index.php. Bad news: we'll need to get that ServiceLocator RFC approved by next week. :)
18:44:49 &lt; ocramius &gt; is it in master or still on your branches?
18:45:00 &lt;weierophinney &gt; ezimuel completed Log, and also the JSON and YAML config adapters, and they're now in master.
18:45:06 &lt; EvanDotPro &gt; ocramius: in their branches.
18:45:08 &lt; ocramius &gt; ok
18:45:12 &lt; Akrabat &gt; can you post branch info to contributors?
18:45:13 &lt;weierophinney &gt; ocramius: still in branches. We'll drop an email today on th e contrib list about it.
18:45:14 &lt;ralphschindle &gt; branches, in fact, the ideal place to examine it is inside weierophinney's skeleton branch
18:45:18 &lt;weierophinney &gt; Akrabat: yes
18:45:31 &lt; ocramius &gt; ok, will do
18:45:35 &lt;weierophinney &gt; Akrabat: btw, we voted to do meetings 1h earlier.
18:45:43 &lt; Akrabat &gt; gah!
18:45:45 &lt; Akrabat &gt; oh well
18:46:07 &lt; Akrabat &gt; I trust you lot
18:46:11 &lt;weierophinney &gt; maybe we need a bigger vote than just the channel.
18:46:23 &lt;weierophinney &gt; we need some CR team folks here to reign me in. :)
18:46:33 &lt; Akrabat &gt; LOL
18:46:37 &lt; wilmoore &gt; weierophinney: sorry, I just got back in from lunch
18:46:43 &lt; Akrabat &gt; loosely, I can't do 5pm -&gt; 7pm my time
18:46:50 &lt;weierophinney &gt; Last item: ralphschindler also got a bunch of DB stuff merged to master this week, so if you had issues before, pull and see if they're fixed.
18:46:54 &lt;weierophinney &gt; Akrabat: aha
18:47:03 &lt;weierophinney &gt; Akrabat: I'll initiate a poll, then.
18:47:16 &lt;weierophinney &gt; perhaps an hour later makes more sense.
18:47:36 &lt; Freeaqingme &gt; weierophinney, that would make sense as well. but perhaps should be discussed on the ml
18:47:43 &lt;weierophinney &gt; so, that's it for updates for now. Was hoping Thinkscape would be here to discuss Console progress, but oh well.
18:47:48 * EvanDotPro grumbles about that overlapping his 1200 nap.
18:47:48 &lt; Freeaqingme &gt; people who cant attend this time, may be likely to be able to be here 2 hrs later
18:47:54 &lt;weierophinney &gt; Freeaqingme: yep -- as I said, I'll initiate a poll.
18:48:10 &lt;weierophinney &gt; EvanDotPro: LOL
18:48:10 &lt; Akrabat &gt; 7:30pm BST works well for me :)
18:48:13 &lt; Freeaqingme &gt; EvanDotPro, I some times skip a night. Can imagine it being easy to skip just 30 mins ;)
18:48:28 &lt;weierophinney &gt; kk, meeting is over. I'll get the log up later today.
18:48:31 &lt;weierophinney &gt; thanks, everyone!