IrcMeetings = Basic info = * Time: Wednesday 15 May 2024 at 13:00 CEST (11:00 UTC) * Place: #openvpn-meeting channel on !LiberaChat IRC network = Topics = == Current topics == * **Updated, closed: change time of community meeting to one hour later**\\ ''In general it seemed most people are okay with this.''\\ ''For the next few weeks, community meetings will be at 2PM CEST/CET instead of 1PM.''\\ ''For real this time.''\\ * **Updated: release openvpn 2.6.11**\\ ''It seems like it makes sense to do a 2.6.11 release after Windows tunnelcrack mitigations are merged.''\\ ''From the looks of it this isn't a major disruptive change so could be merged and released in 2.6.''\\ ''For the proposed Linux tunnelcrack mitigations, going for policy routing and such, it may need to go to 2.7 and it's quite a big change.''\\ ''Waiting for cron2 to do a review/merge pass on Windows tunnelcrack patch.''\\ * **Updated: forums topics**\\ ''rob0 and novaflash will work to get access and then find some time to look at solving the cloudflare related issue.''\\ ''Plan is to soon switch URLs so new forum is on forums.openvpn.net and old forums is on archive address.''\\ ''- email confirmation on registration was suggested.''\\ ''- mod permissions, guide, hard or soft delete (chuck board?), what to do with GDPR, etc. (write it down and actually make it available to mods, maybe a hidden topic)''\\ ''- access for mods to logs so one can see what others did''\\ * **Updated: Security mailing list procedures**\\ ''We unfortunately let the key expire last week and had to quickly issue a renewed key.''\\ ''This was done and the renewed key has been distributed.''\\ * **mattock topics**\\ ''PR created to add t_server_null tests to buildbot.''\\ ''There's a parallelism issue to fix between t_server_null.sh and t_client.sh - will work on that.''\\ * **Tunnelcrack progress [wiki:TunnelCrack TunnelCrack community wiki article]**\\ ''Status update on TunnelCrack mitigations:''\\ ''Windows, openvpn2: ready to merge. openvpn3: in code review.''\\ ''Linux, openvpn2: in progress. openvpn3: in progress.''\\ ''macOS: to be determined.''\\ ''iOS: to be determined.''\\ ''Android: not vulnerable.''\\ * **DCO and Linux upstreaming, API change**''\\ ''Upstreaming DCO to Linux is proceeding, it is in review stage at the moment.''\\ ''ordex will send a patchset v3 based on feedback received today.''\\ ''There will be an API change that makes it incompatible with the current implementation.''\\ ''A graceful solution to that was already discussed and in motion. giaan will be working on this.''\\ ''(in a nutshell, make OpenVPN understand old and new API, DKMS and kernel versions both will then use new API, then we drop old API)''\\ * **donation collection**\\ ''From earlier exploration it is clear that setting up a legal entity is not worth the expense at this point. We're just starting out with donations.''\\ ''What we can do is start out with an existing company that can collect the money and puts it to good community use. ordex volunteers to take this on.''\\ ''There are some options to consider. There may be existing solutions that we want to consider.''\\ ''PayPal seems overly expensive with all their fees.''\\ ''Stripe could be worth considering for credit card processing.''\\ ''GitHub Sponsors was mentioned as a possible solution, this is worth investigating.''\\ ''Open Collective was also mentioned, that needs some investigating how that exactly would work for us.''\\ * **OpenVPN community meetup 2024**\\ ''Naming: We decided to rename from 'Hackathon' to 'OpenVPN community meetup'. This has a more open spirit to it.''\\ ''Where: Karlsruhe, Germany. Meeting room location to be determined.''\\ ''When: At the moment tentatively set to 20-22 September 2024.''\\ ''Who: We'll do an open invitation to openvpn-devel mailing list, but also CC: specifically past attendees and people of interest.''\\ ''Shirts: There is plenty of time still to prepare a shirt design.''\\ ''There's a wiki page up now where we can coordinate: https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024 ''\\ * **website release process**\\ ''Waiting for faster way to update community downloads and security advisories on main site.''\\ ''Again postponed due to issues. Now planned for this week. We'll see.''\\ * **Status of SBOM**\\ ''There was a discussion between MaxF and djpig and others.''\\ ''For OpenVPN2 / OpenVPN-NL, there is not much overlap, as OpenVPN2 doesn't ship much in terms of libraries, but OpenVPN-NL does.''\\ ''The interesting use-case for an SBOM is really the OpenVPN Windows GUI client.''\\ * **status of trac/wiki**\\ ''No progress since last meeting.''\\ ''This will probably have to wait until "--dev null" is done''\\ ''Should have access controls so only approved members can edit.''\\ * **Static-key mini how-to is outdated.**\\ ''This page is outdated badly: https://openvpn.net/community-resources/static-key-mini-howto/ ''\\ ''company will send this to tech writer to redo based on https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/example-fingerprint.rst info\\and also retain a link to that github doc.\\having a simple guide online will help adoption''\\ * **OpenVPN 2.6 performance results.**\\ ''tests should cover: gre, ipsec, userland, dco''\\ ''linux, freebsd, windows''\\ ''requires time to be dedicated to doing this, when time available will do it''\\ * **What's going on with new taskbar icons?**\\ ''matt provided icons in https://github.com/OpenVPN/openvpn-gui/issues/595 ''\\ ''last update: will be picked up by selva when he has time''\\ * **software code signing topic**\\ ''company switched EV code signing to cloudhsm, this is same cert type we use for driver signing, is also suitable for binary signing.''\\ ''in future we could possibly switch community to that same key. saves having to maintain 2 different keys.''\\ ''depends on how hard/easy it is to access company key signing thingee from community infrastructure.''\\ ''also no high priority at the moment, we have a working solution now.''\\ * **Management interface documentation on main website will be updated with info from doc/management-notes.txt**\\''novaflash will pick this up at some point'' = Mattock topics = == --dev null server testing == Latest status in [[ServerSideTestingImprovementPlan]]. Additional details in https://github.com/mattock/openvpn/blob/dev_null/doc/dev-null-test-suite.rst. Current PoC code is available in mattock's "dev_null" branch. A good starting point is [https://github.com/mattock/openvpn/blob/dev_null/tests/t_server_null.sh t_server_null.sh]. Potential next steps: * Expand the test suite * Integrate into Buildbot (i.e. get to production) * Support multiple client versions (depends on Buildbot integration) Git commit history needs to be cleaned up and there may be other small fixes / improvements here and there to be done: * Enable disabling the test suite (requires root so we can't run it by default) == !Debian/Ubuntu snapshot publishing == * In a previous meeting we agreed to publish snapshot !Debian/Ubuntu packages on *build.openvpn.net* * The tool to use to publish is [https://www.aptly.info/ aptly] * aptly does not have direct support for running commands (e.g. rsync, scp) after publishing packages, e.g. to a local filesystem on the buildmaster * ''Option 1 (hacky)'': use ''inotifywait'' with ''rsync'' or ''scp'' to copy the published repo to build.openvpn.net * ''Option 2 (less hacky):'' use ''NFS'' to publish "directly" to build.openvpn.net * Both options require a fair amount of tinkering * Mattock moved this forward a bit at the buildbot end (get the files out from workers)