wiki:Topics-2023-10-11

Basic info

  • Time: Wednesday 11 October 2023 at 13:00 CEST (11:00 UTC)
  • Place: #openvpn-meeting channel on LiberaChat IRC network

Topics

Current topics

  • OpenVPN 2.6.7 release
    CMake backport is in.
    Some small bugfixes waiting to merge.
    Planned release date: 18 October.
  • Hackathon 2024 planning
    When? Not sure but we should do a date range of about 3 weeks so we can do availability polling.
    Where? In last discussion Karlsruhe was mentioned.
    Who? We should compile a more comprehensive list and send initial availability polling early.
    Shirts''
  • Weekly meeting summaries
    It was decided novaflash will do meeting summaries on wiki and send copy to devel mailing list.
    So novaflash will join devel list and do the needful starting next week.
  • Security assessment of OpenVPN2 codebase.
    update 27 September: publishing this is currently being handled, it requires some preparation and internal reviews that is ongoing.
  • License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues
    Update 11 October: we want dazo to review things so we can decide if we can finalize this.
    One of the tasks is reviewing if remaining items are trivial patches, and maybe get legal advice on those if necessary.
  • Website release process woes
    Update 11 October: website team reports they've migrated existing content to a new CMS
    Apparently this week planned for release.

Topics on standby

  • openvpn release process topics
    there was a request in https://github.com/OpenVPN/openvpn/issues/397 to have releases on github as well.
    djpig seems to think it would be fairly doable to copy/paste that info to github as well.
    we could do this during a next release.
  • OpenVPN 2.6 performance results.
    tests should cover: gre, ipsec, userland, dco
    linux, freebsd, windows
    requires time to be dedicated to doing this
    when time available will do it
  • security@… mailing list
    company is trying to get to soc2 compliance.
    probably will need a simple nda to be signed by recipients of emails to security@…
    company guy took standard nda we use for contractors, suggests to use that.
    novaflash thinks we should review that first to see if it's really suitable or not, community members are not contractors after all.
  • Another key signing topic
    company switched EV code signing to cloudhsm, this is same cert type we use for driver signing, is also suitable for binary signing.
    in future we could possibly switch community to that same key. saves having to maintain 2 different keys.
    depends on how hard/easy it is to access company key signing thingee from community infrastructure.
    also no high priority at the moment, we have a working solution now.
  • SBOM topic
    cron2 was asked if openvpn has a software bill of materials. answer was no.
    coincidentally, in openvpn inc a security requirement is to have an SBOM so this is on our list of things to do
    when we pick up this task we can coordinate on it.
  • Forums machine on community infrastructure is only non-Linux system.
    mattock made a new forums system that runs on rocky linux 8 as agreed with ecrist.
    ecrist has looked at it but the current state of the migration is unknown.
  • Management interface documentation on main website will be updated with info from doc/management-notes.txt
    novaflash will pick this up at some point
  • https://openvpn.net/community-resources/openvpn-quickstart/ will be updated from /doc/man-sections/example-fingerprint.rst information.
    Static-key will be deprecated and contents updated with peer-fingerprint stuff.
    novaflash will pick this up again as time permits and other more important topics are done.
Last modified 7 months ago Last modified on 10/11/23 11:23:02