Hi,
Here's the summary of the IRC meeting.
---
COMMUNITY MEETING
Place: #openvpn-meeting on libera.chat
Date: Wed 2nd February 2022
Time: 10:30 CET (9:30 UTC)
Planned meeting topics for this meeting were here:
<https://community.openvpn.net/openvpn/wiki/Topics-2022-02-02>
Your local meeting time is easy to check from services such as
<http://www.timeanddate.com/worldclock>
SUMMARY
cron2, dazo, lev, mattock, novaflash, ordex and plaisthos participated
in this meeting.
---
Novaflash will have OpenVPN Inc ("corp") tickets in Trac reviewed.
---
Talked about OpenSSL 3 and easyrsa3. According to wiscii the changes
required are minor, so we should be able to continue using easyrsa3. The
fix could even be applied on the fly as a patch.
---
Agreed that we should release 2.4.12 after completing mattock's ongoing
tasks. In particular:
- Windows EC2 buildbot worker (requires a small fix + buildbot glue)
- ovpn-dco packaging (not started)
---
Talked about OpenVPN 2.6 release. There are plenty of patches to review
and test. For the gory details refer to the full chatlog.
---
Noted that OpenSSL 3.0.0 (bundled with Fedora 36 right now) should work
with OpenVPN just fine, even though you might encounter some deprecation
warnings if using it.
---
Note that there's no progress on the community IPv6 front.
---
The new community Buildbot is now in production and is tracking almost
all openvpn projects worth building. TheWindows EC2 buildbot worker is
almost done. The new community VPN server is available for real people
and buildbot workers alike. Cron2 will try to get one of this buildbot
workers connected to buildmaster before the next meeting.
--
Full chatlog attached
(11.31.25) mattock: hello
(11.32.19) cron2: meow
(11.33.23) lev__: hellow
(11.33.42) dazo: Yo!
(11.36.21) mattock: https://community.openvpn.net/openvpn/wiki/Topics-2022-02-02
(11.36.41) cron2 ha scelto come argomento:
https://community.openvpn.net/openvpn/wiki/Topics-2022-02-02
(11.37.12) cron2: that agenda looks messy
(11.37.41) mattock: I cannot be blamed because it's not my doing!
(11.39.16) cron2: fixed
(11.39.32) novaflash [~novafl...@185-227-75-241.dsl.cambrium.nl] è entrato
nella stanza.
(11.39.58) cron2: updated
(11.40.56) dazo: lets kick off with 2 and throw novaflash under the bus! ;-)
(11.41.12) novaflash: that's where i belong
(11.43.29) cron2: so... #2 can be handled fairly quickly... can we revive the
activities regarding corp products in community trac again, please? thanks :-)
(11.44.08) dazo: novaflash: can you follow up on that? ^^^
(11.44.15) novaflash: yeah.. i'll see what can be done
(11.44.24) cron2: thanks!
(11.44.40) cron2: #1 is "what can we do about easyrsa3 with openssl3"
(11.45.01) cron2: wiscii says "it just works, with a small bugfix", if I
understood that right (over in #openvpn-devel)
(11.47.12) cron2: consequence of that: we should be able to ship 2.6 with 3.0.1
(11.47.37) dazo: What does "small bugfix" imply?
(11.48.09) cron2: either it gets fixed upstream or we patch at build time
("like we do for pkcs11-helper, etc.")
(11.48.37) dazo: fine ... but how small is that fix?
(11.49.14) novaflash: 2 inches
(11.49.35) cron2: he did not say... backlog in #openvpn-devel of today around
2am
(11.54.53) dazo: If an updated easy-rsa could be made available soonish, we're
all good. That would also indicate how small and intrusive the change is.
(11.56.14) mattock: +1
(11.57.00) mattock: sync up?
(11.57.59) cron2: I can live with having the patch available just fine
(11.58.44) cron2: getting the patch merged could be complicated, if there is no
active maintainer
(11.58.58) dazo: We should probably get 2.4 into that list .... do we have
anything in the pipe for 2.4? Just to do the last release before switching to
old-stable
(11.59.25) dazo: cron2: I'll try to reach out to ecrist and check the situation
(11.59.34) ordex: hi hi
(11.59.35) cron2: 2.4 has some minor bugfixes
(11.59.36) ordex: sorry for being late
(11.59.59) dazo: Does 2.4 have any unreviewed changes we want to include?
(12.00.08) cron2: not that I'm aware
(12.00.28) dazo: so, basically we can do a 2.4 release as soon as mattock is
ready for it then ...
(12.00.59) mattock: I suggest "after windows EC2 buildbot worker and after
ovpn-dco packaging"
(12.01.19) mattock: the former is lacking a small fix (authorization issue) +
buildbot glue
(12.01.27) dazo: https://termbin.com/zcmq .... shortlog 2.4.11 to release/2.4
(12.01.31) mattock: the latter I did not start doing, but ordex may be on it
(12.02.36) dazo: Agreed ... lets complete on-going tasks, then do the 2.4.12
(12.03.08) d12fk ha abbandonato la stanza (quit: Remote host closed the
connection).
(12.03.20) d12fk [~he...@exit0.net] è entrato nella stanza.
(12.04.55) mattock: 2.6?
(12.05.04) mattock: Windows builds + openssl?
(12.05.27) lev__: there are few patches waiting for review
(12.05.35) lev__: related to ossl3
(12.05.36) cron2: I managed to get one buffer patch in, and then stumbled over
wackiness... will resume ASAP
(12.06.40) dazo: I'm going to review the patches from ordex related to the fips
cleanup .... one of them might have an ack from plaisthos already, iirc
(12.06.55) dazo: I'll try to get that done today
(12.07.20) cron2: one has an ACK, but the other two are sort of "do not take
the first, use the other two" alternative
(12.08.12) dazo: right, I hope ordex can help me figure out the right ones to
review :)
(12.08.23) plaisthos: yeah, sorry. Got interrupted by other work and then left
that on the table. I thought the other work shold just take a day or two but
turned out to be much more
(12.10.08) cron2: work can be so annoying
(12.15.22) ordex: dazo: sure
(12.15.36) ordex: I am going to review dazo's patches that are pending on the
sec list
(12.16.08) ordex: dazo: 2257 and 2258 are the patches needing review
(12.16.21) ordex: 2256 is obsolete because of those two
(12.16.59) ordex: I Am also testing lev's patch about using ossl3.0.1 with msvc
(12.17.04) plaisthos: semi OT: Ubuntu 22.04 will have at least OpenSSL 3.0.1
(12.17.57) ordex: yeah
(12.18.02) ordex: the switch is close!
(12.19.07) cron2: plaisthos: what do they plan? ship both, for old and new
software?
(12.19.10) dazo: ordex: thx! I'll have look at 2257 and 2258
(12.19.27) mattock: I assume two versions, that's the debian style
(12.19.39) dazo: plaisthos: Fedora 36 will ship with openssl 3.0 ... not sure
if .0 or .1
(12.19.56) cron2: .0 is broken regarding external providers
(12.20.30) ordex: yeah
(12.22.20) dazo: 3.0.0 is the latest f36 build available I'll check for the
3.0.1 plans
(12.22.36) dazo: https://koji.fedoraproject.org/koji/buildinfo?buildID=1830142
(12.23.14) plaisthos: dazo: openvpn + 3.0.0 still works but you will use the
old method and are drowned in deprecation warnings from OpenSSL
(12.23.58) cron2: plaisthos: does it really work, including "legacy" algorithms?
(12.24.01) dazo: That's what I've seen in some of the openvpn builds on
f36/Rawhide, yes ... but if it works, I'm less concerned. I can live with
deprecation warnings for the time being
(12.29.53) mattock: move on?
(12.29.56) mattock: 1 minute left
(12.30.22) cron2: ipv6 to community?
(12.30.33) mattock: yes and the answer is "no progress"
(12.30.53) cron2: is someone else finding this somewhat unsatisfactory?
(12.30.57) mattock: yes
(12.30.59) mattock: everybody
(12.31.01) cron2: good :)
(12.31.05) cron2: so it's not just me ;-)
(12.31.38) mattock: openvpn inc is just acting like a Fortune 500 company where
everything happens at a snail's pace
(12.31.46) mattock: especially IPv6 support
(12.31.48) mattock: :)
(12.32.13) cron2: haha... (part of my day job is "consulting for a f500 company
to make IPv6 happen", and I'm not sure who is more agile here...)
(12.32.29) mattock: that's going to be a tough race :)
(12.32.46) mattock: buildbot is now in production and tracking "all openvpn
projects" worth building
(12.32.50) mattock: windows ec2 builder is almost done
(12.33.04) mattock: new community vpn is available for real people and for
buildbot workers
(12.33.08) cron2: very nice. I'll see that I can get my first freebsd bot
operational "before the next meeting!"
(12.33.20) mattock: once you get the vpn going let me know
(12.33.24) cron2: yep
(12.33.25) novaflash: you can make that statement true by cancelling meetings
until you have it operational
(12.33.39) cron2: psst
(12.33.39) mattock: I don't have a worker section for your worker yet in
buildmaster config but can add it easily
(12.34.47) mattock: anything else?
(12.37.18) dazo: 3
(12.37.21) dazo: 2
(12.37.25) dazo: 1
(12.37.29) dazo: Nope :)
(12.38.11) mattock: +1
(12.38.17) mattock: will send the summary now, just wrapped it up
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
