Basic info

• Time: Wednesday 13 December 2023 at 13:00 CEST (11:00 UTC)
• Place: #openvpn-meeting channel on LiberaChat IRC network

Topics

Current topics

• Updated: OpenVPN 2.6.9 release
  In discussion with community members looks like next week would be a good time for a 2.6.9 release.
  

• Updated: forums topics
  Pippin_ and novaflash reported lots of spam on the forums. rob0 got into contact with ecrist, looks like anti-spam module had expired. It was renewed.
  ecrist suggests to decouple authentication system for forums from community PWM. almost all forum users never use other community resources, so it makes sense.
  There is the pending migration from BSD to Linux for the forums machine.
  In collaboration with ecrist, we'll look into arranging for OpenVPN Inc. to provide a new VM and a license for vBulletin. ecrist can then convert the existing forums content.
  Regarding CloudFlare?; currently not enabled on forums, but we will enable it on the new VM.
  

• New: community funding
  ordex has an initiative he wants to bring up regarding dev resources to be added to community.
  This may tie into the donations topic.
  In short ordex convinced OTF (Open Tech Fund) to provide a "test FOSS funding scheme" to OpenVPN.
  This would for example allow to pay for allocated hours for mattock and cron2 to work on OpenVPN community tasks.
  This is to be worked out more and in collaboration between OpenVPN Community, OpenVPN Inc., and OTF.
  

• Updated: Donations for OpenVPN community
  There is currently no place to donate money to the community, and we do want to allow that.
  We need to figure out how to deal with that legally, and what payment methods to accept and how.
  Probably credit card is a must. Maybe paypal as well. Bitcoin seems to encounter some resistance in the discussions.
  We definitely do not want the donation thing to be forced - have a mechanism to do it, but keep it out of the way.
  Random things yelled out (to investigate): legal entity? stripe? paypal? creditcard? open collective? github sponsors? linux foundation? sf conservancy?
  ordex suggested that he will take a look in january to figure out what legalities etc are involved in getting a legal entity for OpenVPN community.
  

• Website release process woes
  Website team continues to report that they are on the verge of launching the new stuff.
  But there is a release freeze planned for last weeks of December so we may not actually get it this year.
  

• TLS 1.0 PRF problem
  A patch for this has been created and it needs reviews.'
  

• License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues
  For new contributions the new license already applies.
  The --tls-export-cert code was removed, and plaisthos will reimplement it.
  Then it is up to dazo to review things so we can work on finalizing this.
  One of the last tasks is reviewing if remaining items are trivial patches, and maybe get legal advice on those if necessary.
  

• Tunnelcrack progress TunnelCrack community wiki article
  Current status: when mitigations start appearing we will mention them in meeting notes.
  

• OpenVPN community meetup 2024
  Naming: We decided to rename from 'Hackathon' to 'OpenVPN community meetup'. This has a more open spirit to it, as we want to encourage developers and those interested in contributing to feel welcome.
  Where: Karlsruhe, Germany. It is a relatively central location in Europe and is fairly easily reachable by train. A meeting location is yet to be arranged.
  When: At the moment tentatively set to 20-22 September 2024.
  Who: We'll do an open invitation to openvpn-devel mailing list, but also CC: specifically past attendees and people of interest.
  Shirts: There is plenty of time still to prepare a shirt design.
  

• Static-key mini how-to is outdated.
  This page is outdated badly: https://openvpn.net/community-resources/static-key-mini-howto/
  company will send this to tech writer to redo based on ​https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/example-fingerprint.rst info
  and also retain a link to that github doc.
  having a simple guide online will help adoption
  

• OpenVPN 2.6 performance results.
  tests should cover: gre, ipsec, userland, dco
  linux, freebsd, windows
  requires time to be dedicated to doing this
  when time available will do it

• What's going on with new taskbar icons?
  matt provided icons in ​https://github.com/OpenVPN/openvpn-gui/issues/595
  last update: will be picked up by selva when he has time
  

• security@… mailing list
  company is trying to get to soc2 compliance.
  probably will need a simple nda to be signed by recipients of emails to security@…
  company guy took standard nda we use for contractors, suggests to use that.
  novaflash thinks we should review that first to see if it's really suitable or not, community members are not contractors after all.

• Another key signing topic
  company switched EV code signing to cloudhsm, this is same cert type we use for driver signing, is also suitable for binary signing.
  in future we could possibly switch community to that same key. saves having to maintain 2 different keys.
  depends on how hard/easy it is to access company key signing thingee from community infrastructure.
  also no high priority at the moment, we have a working solution now.

• SBOM topic
  cron2 was asked if openvpn has a software bill of materials. answer was no.
  coincidentally, in openvpn inc a security requirement is to have an SBOM so this is on our list of things to do
  when we pick up this task we can coordinate on it.

• Management interface documentation on main website will be updated with info from doc/management-notes.txt
  novaflash will pick this up at some point