Development process

• Background
  • The first phase of the development process (work done in "testing") is handled properly
  • The last phase of the development process, official releases, are handled by James, but the process / requirements for a release are not documented
  • Right now "testing" is effectively a fork of James' "stable" SVN tree
  • There is no roadmap for next 2.x release

• Which tree to base releases on?
  • Option 1: Basing releases on James' "stable" tree
    • There's no process to move code from "testing" (git) to "stable" (svn)
    • The release process is not documented
  • Option 2: Basing releases on David's "testing" tree
    • Currently James makes his modifications to his SVN tree and David pulls his changes to "testing". In this regard, James' SVN tree is no different from any other external tree
    • Only David's "allmerged" branch contains all code (James', external trees, etc.)
    • The "testing" tree should get widest testing, especially after we start releasing testing snapshots and linking to them from openvpn.net

• How to verify stability of the "testing" code (for moving to "stable" or prior to a release?
  • Publishing or linking to "testing" releases on openvpn.net is essential to get wider use for "testing"

Other

• Bridging issues
  • From ​http://openvpn.net/index.php/open-source/faq.html#bridge1 : "Another bridge disadvantage should be that layer2 is insecure by design, opening your layer2 exposes to arp poisoning and the like. Make sure to only bridge TAP interfaces with private ethernet interfaces which are protected behind a firewall. Never bridge a TAP interface with the same ethernet interface you use to connect to the internet, as that would create a potential security hole."
  • Question (from krzee): does that mean users should have 2 NICs in a bridge server...? And if im not mistaken i remember that sample-scripts/bridge-start needs a line at the bottom to readd the gateway