= Basic info = * Time: Wednesday 8 November 2023 at 13:00 CEST (11:00 UTC) * Place: #openvpn-meeting channel on !LiberaChat IRC network = Topics = == Current topics == * **Updated: OpenVPN 2.6.7 release**\\ ''There is a div-by-zero bug and a critical bug we were waiting to get fixed before proceeding.''\\ ''The patch for fixing both is on security mailing list and has acks so will go in now.''\\ ''The release is expected to happen today.''\\ * **Updated: Publish security assessment of OpenVPN2 codebase on main website.**\\ ''Expected to be published either this or next week.''\\ * **Tunnelcrack published now https://tunnelcrack.mathyvanhoef.com **\\ ''A post was published at [wiki:TunnelCrack TunnelCrack community wiki article]''\\ ''More details are in the wiki:Hackathon2023 meeting summary.''\\ ''A security advisory went up on the main website https://openvpn.net/security-advisories/ ''\\ ''Current status: when mitigations start appearing we will mention them in meeting notes.''\\ * **License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues**\\ ''The OpenSSL James Bottomley stuff is resolved now.''\\ ''The --tls-export-cert feature needs to be removed by dazo and reimplemented by plaisthos.''\\ ''Then it is up to dazo to review things so we can work on finalizing this.''\\ ''One of the tasks is reviewing if remaining items are trivial patches, and maybe get legal advice on those if necessary.''\\ ''For new contributions the new license already applies so maxf is unblocked to implement mbedtls3 support on master.''\\ ''maxf mentioned he will look into how much work it is to backport mbedtls3 it to 2.6.'\\ * **OpenVPN community meetup 2024**\\ ''Naming: We decided to rename from 'Hackathon' to 'OpenVPN community meetup'. This has a more open spirit to it, as we want to encourage developers and those interested in contributing to feel welcome.''\\ ''Where: Karlsruhe, Germany. It is a relatively central location in Europe and is fairly easily reachable by train. A meeting location is yet to be arranged.''\\ ''When: At the moment tentatively set to 20-22 September 2024.''\\ ''Who: We'll do an open invitation to openvpn-devel mailing list, but also CC: specifically past attendees and people of interest.''\\ ''Shirts: There is plenty of time still to prepare a shirt design.''\\ * **Website release process woes**\\ ''There is actual movement on this now, they're moving the Community Downloads content now to another CMS.''\\ ''They will also move Security Advisories to this other CMS as well so both can be updated independently from website updates.''\\ * **Static-key mini how-to is outdated.**\\ ''This page is outdated badly: https://openvpn.net/community-resources/static-key-mini-howto/ ''\\ ''company will send this to tech writer to redo based on https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/example-fingerprint.rst info\\and also retain a link to that github doc.\\having a simple guide online will help adoption''\\ * **openvpn release process topics**\\''there was a request in https://github.com/OpenVPN/openvpn/issues/397 to have releases on github as well.\\djpig seems to think it would be fairly doable to copy/paste that info to github as well.\\we could do this during a next release.'' * **OpenVPN 2.6 performance results.**\\''tests should cover: gre, ipsec, userland, dco\\linux, freebsd, windows\\requires time to be dedicated to doing this\\when time available will do it'' * **What's going on with new taskbar icons?**\\''matt provided icons in https://github.com/OpenVPN/openvpn-gui/issues/595\\**update:** will be picked up by selva when he has time'' * **security@openvpn.net mailing list**''\\company is trying to get to soc2 compliance.\\probably will need a simple nda to be signed by recipients of emails to security@openvpn.net\\company guy took standard nda we use for contractors, suggests to use that.\\novaflash thinks we should review that first to see if it's really suitable or not, community members are not contractors after all.'' * **Another key signing topic**\\''company switched EV code signing to cloudhsm, this is same cert type we use for driver signing, is also suitable for binary signing.\\in future we could possibly switch community to that same key. saves having to maintain 2 different keys.\\depends on how hard/easy it is to access company key signing thingee from community infrastructure.\\also no high priority at the moment, we have a working solution now.'' * **SBOM topic**\\''cron2 was asked if openvpn has a software bill of materials. answer was no.\\coincidentally, in openvpn inc a security requirement is to have an SBOM so this is on our list of things to do\\when we pick up this task we can coordinate on it.'' * **Forums machine on community infrastructure is only non-Linux system.**\\''mattock made a new forums system that runs on rocky linux 8 as agreed with ecrist.\\ecrist has looked at it but the current state of the migration is unknown.'' * **Management interface documentation on main website will be updated with info from doc/management-notes.txt**\\''novaflash will pick this up at some point''