Basic info

• Time: Wednesday 19 April 2023 at 13:00 CET (12:00 UTC)
• Place: #openvpn-meeting channel on LiberaChat IRC network

Topics

Current topics

• OpenVPN 2.6.3
  this was released april 13.
  djpig noticed an issue with the gpg signing key.
  accidentally used recently revoked key instead of new key from recent key rotation.
  also apparently latest debian release's gpg does not like sha1 anymore.

• When going back to normal operating mode?
  new features and refactors in master,
  bugfixes to master + release/2.6,
  serious bugfixes also ported to 2.5
  
  this would hit the selva pkcs11 unit test series first

• Status of PoC using Gerrit for code review.
  there's a workflow proposal here: ​https://community.openvpn.net/openvpn/wiki/Proposed%20Gerrit%20Workflow
  this was reviewed 3 weeks ago
  want to have something like this appear on the mailing list:
  initial patch notification mail, daily digest mail, final patch+discussion+who acked mail
  anything new on this topic?

• Security assessment of OpenVPN2 codebase.
  what is current status?
  there are 2 items not directly related to the codebase that we're arguing against putting into the report.
  they're both 'informational' level so not particularly worrisome. but in our opinion weird to have in the report.
  dazo will send an updated version to cron2 for review.

• IPv6 to community.
  cloudflare ipv6 compatibility is turned off on openvpn.net because company is worried it might break something.
  community wants date when this is resolved.
  novaflash working to get a date that company will commit to.
  expect to have a date when ipv6 is turned on globally on openvpn.net this week.

Topics on standby

• License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues
  current status is that individual contributors are being contacted, and approvals gathered.

• security@… mailing list
  company is trying to get to soc2 compliance.
  probably will need a simple nda to be signed by recipients of emails to security@…
  this seems reasonable, company will investigate and prepare such a thing.

• Can we have someone at OpenVPN create nicer windows traybar logos (#1276)?
  matt is currently working on it in ​https://github.com/OpenVPN/openvpn-gui/issues/595

• Website release process woes
  website team did not deliver solution as promised in february. then march. still not delivered. now they promise april. we will see.

• SBOM topic
  cron2 was asked if openvpn has a software bill of materials. answer was no.
  coincidentally, in openvpn inc a security requirement is to have an SBOM so this is on our list of things to do
  when we pick up this task we can coordinate on it.

• 2.7 plans, if any?
  are there any features that we have in mind that will not make it into 2.6.*?
  signal handling respin
  2.6 refactor
  bloom filter ddos reflection protection.

• Forums machine on community infrastructure is only non-Linux system.
  mattock made a new forums system that runs on rocky linux 8 as agreed with ecrist.
  ecrist has looked at it but the current state of the migration is unknown.

• OpenVPN 2.6 performance results.
  We should work on an article to publish some performance results when 2.6 is out as stable. but first press release.

• Management interface documentation on main website will be updated with info from doc/management-notes.txt
  novaflash will pick this up again now that he is back.

• https://openvpn.net/community-resources/openvpn-quickstart/ will be updated from /doc/man-sections/example-fingerprint.rst information.
  Static-key will be deprecated and contents updated with peer-fingerprint stuff.
  novaflash will pick this up again as time permits and other more important topics are done.