Hi,
Here's the summary of the IRC meeting.
---
COMMUNITY MEETING
Place: #openvpn-meeting on libera.chat
Date: Wed 9th February 2022
Time: 10:30 CET (9:30 UTC)
Planned meeting topics for this meeting were here:
<https://community.openvpn.net/openvpn/wiki/Topics-2022-02-09>
Your local meeting time is easy to check from services such as
<http://www.timeanddate.com/worldclock>
SUMMARY
cron2, dazo, d12fk, lev, mattock and ordex participated in this meeting.
---
Noted that IPv6 on community has not progressed, despite poor excuses.
Dazo promised to start pushing it internally to get this embarrassment
fixed for good.
---
Noted that 2.6 is moving forward at slow but steady pace. The DNS and
DCO patches can be reviewed and tested independently by different
people, which can help speed things up.
---
Talked about a few patches being crafted on the security list. Agreed
that we should do 2.4 and 2.5 releases soon after the patches are
merged, even though there's no reason to rush.
---
Talked about missing 2.5/2.6 man pages on the main website:
<https://patchwork.openvpn.net/patch/2064/>
Mattock opened an internal ticket for the website team to fix this.
---
Talked about buildbot. Production buildbot is running and mattock is
finalizing the Windows Server 2019 buildbot worker. Enabling Spectre
mitigation broke building some time ago and he's adding VS components to
fix that breakage. Due to esoteric WinRM-related reasons code-signing
might be broken in EC2, but that remains to be seen.
--
Full chatlog attached
(11.32.29) d12fk: morning
(11.33.08) cron2: meow
(11.33.22) dazo: ey!
(11.33.55) mattock: hi
(11.34.42) ordex: hi
(11.34.57) ordex: I may not be 100% present because the heater technician is
coming anytime soon
(11.35.03) ordex: but will follow as I can
(11.36.54) lev__: guten tag
(11.37.04) d12fk: Page Topics-2022-02-09 not found
(11.37.25) dazo: ordex: https://youtu.be/sXyciR5oE8o?t=22
(11.37.29) cron2 ha scelto come argomento:
https://community.openvpn.net/openvpn/wiki/Topics-2022-02-09
(11.37.54) mattock: oh yes, a new month again
(11.37.56) mattock: time flies
(11.38.07) mattock: let me fix that
(11.38.10) cron2: a new month, and still no IPv6...
(11.38.42) dazo: cron2: We're replanning internally, we'll be ready for IPv7
when that arrives
(11.38.44) d12fk: it _is_ the future
(11.38.58) ordex: dazo: exactly
(11.39.30) cron2: not sure how often I've heard *that* excuse in the last 20
years, but no, it's not a new one... ("IPv6 has so many shortcomings, let's
just wait for the next thing, it will be much better")
(11.39.31) mattock: https://community.openvpn.net/openvpn/wiki/Topics-2022-02-09
(11.40.22) dazo: Sync up!
(11.40.59) mattock: yep
(11.41.39) cron2: 2.6: not much has happened here... I've reviewed and tested
most of the remaining frame patches, but got stuck at some point and need to
discuss the way forward with plaisthos (who had more important priorities for
the last days). But, making progress.
(11.42.04) ordex: should we plan for those 2 patches on sec@ ?
(11.42.04) cron2: I've seen dazo+ordex' work on the plugin stuff, will look
into that tomorrow-ish
(11.42.09) ordex: kk
(11.42.12) cron2: yes, soon
(11.42.23) cron2: "really soon", not "openvpn corp ipv6 soon"
(11.43.11) ordex: hehe
(11.44.52) ordex: moar?
(11.45.14) d12fk: the --dns option PR
(11.45.44) d12fk: I ported it to ovpn3 and it might be merged into master
soonish
(11.45.58) ordex: I presume that will need to wait more available review cycles
(?)
(11.46.02) ordex: wait for*
(11.46.07) dazo: Just wondering ... once we're ready to merge the seclist
patches, should we plan for a 2.4 and 2.5 release related to that?
(11.46.20) ordex: maybe just 2.5 ?
(11.46.22) cron2: yes (but not "rushed")
(11.46.25) dazo: It's not that urgent, but once the cat is out of the bag ....
(11.46.38) cron2: we had intended to do a 2.4.12 anyway, and then formally
close that train
(11.46.43) dazo: yeah
(11.47.09) d12fk: ordex: sure, but it is time to start thinking about the way
forward
(11.47.35) d12fk: thus, I want to start a rfc on -devel
(11.48.04) cron2: d12fk: how big is the patchset?
(11.48.14) cron2: ("what granularity")
(11.48.33) d12fk: atm very overseeable
(11.48.40) ordex: let's not forget that after the frame patches we have the dco
patchset waiting too
(11.49.34) cron2: understood
(11.53.20) dazo: so, frame patches, dco patches and DNS patches ... that's the
plan, together with the seclist patches in-between where convenient
(11.54.02) cron2: as different people can do review/testing for DCO and DNS
this can go somewhat in parallel
(11.54.02) dazo: anything burning for review on patchwork for 2.5 or 2.6?
(11.54.40) cron2: we have lev__'s "adjust buld options to harden binaries"
patches for windows build, which are sort of hanging in the cold
(11.54.51) cron2: nobody qualified to review them around, it seems
(11.55.03) cron2: 2207, 2209, 2210
(11.55.20) cron2: ah
(11.55.27) cron2: dazo: I think this is for you :-)
(11.55.34) cron2:
https://patchwork.openvpn.net/project/openvpn2/list/?series=1376
(11.55.42) cron2: rst building / makefile fixes from djpig
(11.55.52) dazo: Sure, I'll take a look there
(11.56.00) lev__: I expected chipistine to ack those
(11.56.17) cron2: dazo: I intended to have a look, but got distracted again and
again, and this is really your land anyway :-)
(11.56.19) lev__: since he discovered missing spectre etc
(11.56.26) cron2: lev__: can you ask him?
(11.56.46) lev__: yeah I guess I have to
(11.56.56) dazo: for the 2207, 2209 and 2210 ... I'd say we apply lazy-ACK on
them .... and fix it if needed afterwards; they touch non-source code, only VS
project files afaics
(11.57.11) cron2: mattock: https://patchwork.openvpn.net/patch/2064/ -> this is
waiting for you
(11.57.49) dazo: Can we get a "man page" entry page, with further pointers to
all the versions - have the same across all versions?
(11.57.49) cron2: (it's about pointing documentation references to URLs on
community.net, and I did not want to point "master" doc to
"reference-manual-for-2-4/"
(11.58.07) mattock: I think I created a ticket to the website team about this
(11.58.10) cron2: dazo: that would be good
(11.58.14) mattock: I don't have superpowers there
(11.58.22) lev__: someone needs to review 2260
(11.58.55) dazo: lev__: who has best understanding of those code paths?
(11.59.01) lev__: rozmansi
(11.59.12) dazo: can we ping him?
(11.59.56) mattock: ok, no ticket it seems, it was another website issue
(12.00.05) cron2: oh
(12.00.18) lev__: dazo: we could try
(12.05.09) lev__: pinged
(12.05.30) dazo: +1
(12.05.38) dazo: next topic?
(12.06.37) cron2: 2. is copied over from last meeting, and I think we
sufficiently addressed this
(12.06.47) dazo: good!
(12.06.59) cron2: I seem to recall that "we go for openssl 3.0.1 for 2.6" was
the agreed outcome on the primary question
(12.07.14) lev__: (also pinged chipitsine)
(12.07.24) d12fk: so xkey is in 3.0.1
(12.07.25) cron2: wiscii has made easyrsa work, so we either find a way to
merge the patch or we ship easyrsa+patch
(12.07.37) dazo: sounds good!
(12.07.52) cron2: d12fk: yep, master+3.0.1 has xkey and it seems to do all the
right things (--management-external-key and --cryptoapi)
(12.08.02) cron2: and pkcs#11
(12.08.24) d12fk: okay then support for ovpn3 should be more easy to do
(12.08.26) cron2: I say "seems" because we have limited reports on everything
related to cryptoapi/pkcs#11
(12.08.53) cron2: plaisthos is using --management-external-key in the Android
app, and confirmed "it works"
(12.09.06) becm [~b...@55d473f6.access.ecotel.net] è entrato nella stanza.
(12.11.30) mattock: ok, ticket about the man pages on website created
(12.11.37) cron2: thanks
(12.12.10) dazo: Regarding IPv6 to community ... I'll make more fuzz about this
again internally; this is just unsustainable embarrassing
(12.13.09) cron2: thanks :)
(12.14.43) dazo: so buildbot status ..... mattock?
(12.14.46) cron2: 4. - buildbot status, now I have not found sufficient time to
make one of my FreeBSDs a "new and shiny python 3 buildbot"
(12.14.55) cron2: I have credentials and instructions
(12.14.59) dazo: nice!
(12.16.13) mattock: production buildbot is up and running, windows server 2019
worker works, but builds don't, because we require spectre mitigated libs now
(12.16.39) mattock: I'm trying to figure out which Visual Studio components the
build requires, and that takes a fair amount of time, plus building of AMIs and
testing
(12.17.15) mattock: code signing might be broken, because WinRM acts
"differently" from normal admin sessions in regards to importing code-signing
certs
(12.17.24) mattock: I haven't gotten far enough to verify that yet
(12.17.34) cron2: "WinRM"?
(12.17.59) mattock: Windows Remote Management used by Packer that is used to
build the AMI that is used for the on-demand EC2 windows worker
(12.18.18) mattock: like SSH but for Windows, in this context
(12.18.29) mattock: WinRM supports SSH as a transport as well nowadays
(12.18.35) mattock: anyhow, technical crap
(12.19.28) mattock: after windows worker it is ovpn-dco packaging time (openvpn
+ ovpn-dco itself I guess)
(12.20.29) mattock: that's about it
(12.22.03) ordex: lev__: when you want to attract somebody's attention, you can
add him as Cc: at the bottom of the commit message. git-send-email will CC him
automatically
(12.23.14) dazo: so ... that's the agenda; anything else burning?
(12.25.09) cron2: just so you're aware, ordex/plaisthos/I have started
discussign what to do with "tun-mtu", which is a tough compat-question
(12.28.09) mattock: nothing burning at my end
(12.28.24) mattock: we have two minutes left
(12.28.44) dazo: that's good! I think plaisthos suggestion of pushable tun-mtu
where the pushed value can be "merged" when using a lower value than the local
config
(12.28.57) dazo: is a good idea
(12.29.20) cron2: I have missed that one, it seems, and need to give it some
thought
(12.30.26) mattock: writing the summary now
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel