Here's the summary of today's IRC meeting.



Place: #openvpn-meeting on irc.freenode.net
Date: Wednesday 30th November 2016
Time: 20:00 CET (19:00 UTC)

Planned meeting topics for this meeting were here:


The next meeting has been scheduled to a week from now (Wed 7th December), at the same time as today.

Your local meeting time is easy to check from services such as



cron, dazo, mattock, selvanair and syzzer participated in this meeting.


Discussed the OpenVPN 2.4_rc1 release:


Reprioritized and updated the tickets in Trac. The release schedule for 2.4_rc1 will be the following:

- Tarballs with correct version will be created by Thursday afternoon
- Smoketests will happen on Friday morning
- Git tagging and release will happen on Friday afternoon


Discussed the OpenVPN 2.3.14 release. Remaining patches will go in by upcoming Tuesday, and the release will be made on the following Wednesday.


Organized a GPG key-signing party using video chat to improve the trustworthiness of our signatures.


Full chatlog has been attached to this email.

Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

(21:02:10) mattock: meeting time I believe
(21:02:23) cron2: righto
(21:02:39) dazo: I've unlocked https://appear.in/openvpn ... for the key-signing
(21:03:05) cron2: shall we do that first or at the end?
(21:03:49) ***syzzer votes end
(21:04:12) cron2: that's what I thought as well (which is why it ended up at 
the end of the meeting agenda)
(21:04:12) syzzer: I'm trying to redo my gpg keys 'properly'
(21:04:13) dazo: I have no preferences
(21:04:31) cron2: so... anyone still interested in 2.4?  I feel a bit exhausted 
already :-)
(21:04:43) dazo: hehe :)
(21:05:02) dazo: I think 2.4_rc1 begins to be in a really good shape
(21:05:10) cron2: let me take a look at the bug list
(21:06:12) dazo: $ git shortlog v2.4_beta2..master
(21:06:12) dazo: Christian Hesse (1):
(21:06:12) dazo:       update year in copyright message
(21:06:12) dazo: Gert Doering (1):
(21:06:13) dazo:       Fix windows path in Changes.rst
(21:06:14) dazo: Selva Nair (3):
(21:06:15) dazo:       Map restart signals from event loop to SIGTERM during 
exit-notification wait
(21:06:17) dazo:       When parsing '--setenv opt xx ..' make sure a third 
parameter is present
(21:06:19) dazo:       Force 'def1' method when --redirect-gateway is done 
through service
(21:06:21) dazo: Steffan Karger (4):
(21:06:23) dazo:       tls_process: don't set variable that's never read
(21:06:25) dazo:       Unconditionally enable TLS_AGGREGATE_ACK
(21:06:29) dazo:       Clean up format_hex_ex()
(21:06:31) dazo:       Introduce and use secure_memzero() to erase secrets
(21:06:38) cron2: some people have been extremely busy last week
(21:06:56) selvanair: :)
(21:07:20) mattock: ok, finally: 
(21:07:21) dazo: :)
(21:07:22) vpnHelper: Title: Topics-2016-11-30 – OpenVPN Community (at 
(21:07:56) mattock: signing party appeared out of thin air :)
(21:08:31) mattock: any good links on how to sign somebody else's key?
(21:08:33) cron2: dazo and I chatted about that a few days ago
(21:08:47) cron2: let's do that when we reach 3.
(21:09:11) mattock: yeah
(21:09:21) cron2: trac #741 looks like it is done?
(21:09:24) cron2: (mattock)
(21:10:55) mattock: lets see
(21:11:06) mattock: indeed, I'll close it
(21:11:24) dazo: #751 can be closed, right syzzer ?
(21:11:43) mattock: done
(21:12:11) syzzer: dazo: yes
(21:12:14) syzzer: I'll close it
(21:12:18) ***dazo updates #751 with commit details
(21:12:22) cron2: I'm closing #615... that was a volunteer task "hey, please go 
test this!" - which it wasn't, but with 2.4 release coming up, and IPv6 being 
more of a reality nowadays, this WILL be tested :)
(21:13:21) cron2: "worksforme" is definitely the right category htere
(21:13:51) cron2: syzzer: #554 goes to 2.5?
(21:14:06) syzzer: cron2: yes
(21:14:36) syzzer: we might backport that to 2.4 at some point, but I don't 
have time to finish that one
(21:14:48) syzzer: not before 2.4 at least
(21:15:14) syzzer: The Great Reformatting will probably consume quite some 
(21:15:18) dazo: cron2: #755 ... that should be trivial?  strncmp(var, "255.", 
4) == 0  -> msg(M_WARN, ...)  ... or did you have anything else in mind?
(21:15:26) cron2: mattock: what is #153 about?  One of the 3 "alpha 2.4" tickets
(21:15:56) cron2: dazo: well... 255. is a legitimate part of an IP address
(21:15:58) mattock: #610 (https://community.openvpn.net/openvpn/ticket/610) is 
"almost there" with just the documentation fixes missing
(21:16:00) vpnHelper: Title: #610 (document restrictions for 2.4 on windows) – 
OpenVPN Community (at community.openvpn.net)
(21:16:02) cron2:
(21:16:09) cron2: oh
(21:16:18) cron2: 255. at front, yes, that is a giveaway
(21:16:46) dazo: I believe I can quickly prepare a patch for that
(21:17:04) cron2: dazo: yes, that would work.  It's fairly trivial, I was just 
too tired to actually go coding last week
(21:17:12) mattock: cron2: regarding #153: I don't think that's important 
enough to be "must have" for 2.4
(21:17:35) mattock: I would just move it to 2.5 - nobody has complained about 
it in the ticket, and it probably originates from one complaint way back when
(21:17:40) mattock: it's a "nice to have"
(21:18:16) cron2: mattock: so the benefit would be that you could run a normal 
cmd.exe, and when running tapinstall.exe you'd get an UAC prompt, and then it 
would work?
(21:19:02) cron2: what needs to be done to make it work?
(21:20:39) mattock: cron2: yes
(21:21:21) mattock: well, I think editing tapinstall.exe with some resource 
editor and adding a manifest file should do the trick
(21:21:36) selvanair: Add an external manifest if it doesnt have one
(21:21:54) cron2: that is a binary coming from microsoft, am I remembering 
(21:22:14) mattock: yes, the code itself, but James somehow managed to build it 
in the past
(21:22:29) mattock: devcon.exe originally, renamed to tapinstall.exe
(21:22:36) selvanair: I think its recompiled when tap driver is built as the 
microsoft devcon sources is patched by James -- recall reading somewhere
(21:22:52) mattock: yes, something like that
(21:23:17) mattock: as the ticket said, I tried compiling it in various ways, 
but did not have much luck
(21:23:42) mattock: anyways, the use-case for the manifests is basically people 
installing tap-windows6 drivers separately
(21:24:24) mattock: the installer probably fails in some mysterous way if the 
user clicks it without using "Run as administrator"
(21:24:33) selvanair: Also for running addtap without remembering to open a 
pivileged cmd shell
(21:24:46) mattock: good point
(21:24:49) mattock: although
(21:24:59) mattock: ignore me, you're correct
(21:25:13) mattock: then an external manifest would actually be an option
(21:25:30) mattock: the tap-windows _installer_ probably elevates privileges 
correctly, but the tapinstall.exe contained within it does not
(21:25:47) selvanair: That sound steh easiest although if there is an internal 
manifest the external one may get ignored --- based on some settings, I forget..
(21:25:47) mattock: modifying openvpn.nsi to include a .manifest file should 
fix this
(21:25:59) mattock: oh
(21:26:23) mattock: we could try it, though
(21:26:27) selvanair: Worth trying..
(21:26:32) selvanair: yes
(21:26:47) mattock: still, I don't think this is a blocker for any 2.4.x release
(21:26:57) selvanair: This is for tapinstall.exe, right? not the nsis installer 
for TAP
(21:26:58) mattock: zero "I want this fixed" comments in the ticket
(21:27:15) mattock: yes, I believe this is for tapinstall.exe (a.k.a. 
(21:28:29) mattock: so which milestone for this one?
(21:29:23) cron2: 2.4.1 or 2.5...
(21:29:30) mattock: sounds good
(21:29:46) mattock: shall we move on?
(21:30:43) cron2: there's quite a few tickets left for "release 2.4", but I'm 
not sure there is anything that would be a show-stopper (= MUST be fixed before 
2.4_rc1, aka "tomorrow")
(21:31:02) cron2: there is one thing that needs a decision today, and that is 
(21:31:32) cron2: the actual code change is trivial and would nicely make the 
release, just the "do we want to do what James does in 3 already?" needs a 
(21:31:36) dazo: I agree with James here ... remove net stop/start dnscache
(21:31:49) mattock: cron2: I suggest moving 
https://community.openvpn.net/openvpn/ticket/610 to milestone 2.4.0 (only 
documentation fixes left)
(21:31:51) vpnHelper: Title: #610 (document restrictions for 2.4 on windows) – 
OpenVPN Community (at community.openvpn.net)
(21:32:08) cron2: ok
(21:32:47) cron2: (why does the reporter of this look familiar?)
(21:33:42) cron2: and yeah, most of what I was complaining about has been 
solved in a really nice way with the new installers
(21:37:19) selvanair: Me too for  removing net stop/start dnscache . Its also 
teh easiest to implement -- just delete a couple of lines here and there. 
(21:38:01) mattock: better do this now than in 2.4.0
(21:38:09) mattock: in case there is some corner-case that breaks
(21:38:32) selvanair: mattock: posted a manifest to Trac: #153 -- untested
(21:38:45) mattock: selvanair: oh, that was quick
(21:39:05) selvanair: copy-paste, so please check :)
(21:39:22) mattock: I can probably multi-task and test it right away
(21:39:46) cron2: selvanair: do you want to bump your commit ratio further?  
(you're leading in 2.4_beta2 -> rc1 anyway)
(21:39:51) mattock: so dnscache goes out, but by whom?
(21:40:42) dazo: 2.4_rc1 is in my opinion that last chance to remove the net 
stop/start dnscache ... as it needs some testing before hitting final release
(21:40:55) dazo: from rc to final release we *only* fix our important bugs
(21:40:58) cron2: it needs to go today :) - we were just waiting for the 
meeting to get a bit more feedback
(21:41:14) selvanair: 
(21:41:23) dazo: So I have one patch which will be ready tonight ... and then 
this dnscache stuff
(21:42:04) dazo: and I'll have the 2.4_rc1 release tarballs ready by tomorrow 
afternoon or so
(21:43:08) mattock: dazo: I can make the release on Friday (not sure about 
(21:43:36) mattock: what if we do as we did earlier, and you provide me with 
the tarballs after you've edited version.m4
(21:43:45) dazo: mattock: great, that gives a bit more headroom ... we want the 
git tree tagged and tarballs ready by tomorrow evening latest
(21:43:59) mattock: then I will smoketest the thing on Windows, and if 
everything works ok, then you can tag the release and push your version.m4 
(21:44:00) dazo: works for me!
(21:44:08) mattock: smoketesting would happen on Fri
(21:44:22) cron2: +1
(21:44:48) cron2: (I won't have time or brains tomorrow or Fri anyway, so I'll 
do the patches tonight or early morning tomorrow, and then dazo takes over - 
worked well for beta2)
(21:45:10) syzzer: would be great if ordex' CRL patch would make it too
(21:45:25) syzzer: but we'll have to see if he's quick enough
(21:45:32) cron2: ordex = Antonio Quartul?
(21:45:32) dazo: cron2++
(21:45:37) dazo: yes
(21:46:33) cron2: so, anything else on 2.4?
(21:47:24) dazo: not from me
(21:48:13) syzzer: we should decide how to move forward with the indenting stuff
(21:48:29) mattock: what about https://community.openvpn.net/openvpn/ticket/771
(21:48:30) vpnHelper: Title: #771 (Adding IPv6 routes may fail on Windows if 
openvpn.exe has not been shut down gracefully) – OpenVPN Community (at 
(21:48:31) selvanair: mattock: the manifest doesn't work -- I'll investigate 
(21:48:36) mattock: selvanair: ok
(21:48:41) syzzer: it's going to take some time to get it all done, so I think 
we should start soon
(21:48:48) cron2: mattock: I was ignoring you
(21:48:54) cron2: :)
(21:49:01) mattock: yes, because it's roughly your territory :)
(21:49:13) selvanair: cron2: ok, I can do the honors of gutting 'net stop 
(21:49:27) dazo: syzzer: We have schedules the re-indent for the rc2 release 
... and I'm willing to help out here
(21:49:29) cron2: (I saw the ticket but decided that I do not want to think 
about it right now - it is robust enough if you use the iservice, or do not 
force-kill programs)
(21:49:40) mattock: could somebody forward me the meeting invitation (my 
thunderbird crashed when I sent it)
(21:49:44) cron2: dazo, syzzer: count me in.  We have two weeks, this should be 
(21:49:52) mattock: I'd like to respond to it with the correct message ID (for 
the summary)
(21:49:54) dazo: oh, I'm wrong ... we planned it for rc1
(21:50:05) cron2: mattock: I'm not sure if I received one
(21:50:09) dazo: (or *I* planned it) ... but now I think it makes sense to have 
it in rc2
(21:50:11) syzzer: dazo: "between rc1 and rc2"
(21:50:18) mattock: cron2: I think you said you received it
(21:50:21) mattock: or somebody else did
(21:50:25) cron2: dazo: I read the "happens here" as "... after rc1"
(21:50:27) mattock: or else nobody knows about the meeting :D
(21:50:50) dazo: cron2: I accept that interpretation :)
(21:50:57) cron2: mattock: not today, but I assumed we stick to the schedule
(21:51:08) cron2: selvanair: thanks :-)
(21:51:44) selvanair: mattock: I too got no email abt today's meeting ?
(21:51:45) cron2: (oh, syzzer is leading commit count since 2.4_beta2 now, but 
selva will draw even with another commit...)
(21:52:04) selvanair: cron2: then I'll pss :)
(21:52:08) selvanair: pass
(21:52:26) cron2: huh, why? ;-)
(21:52:31) mattock: selvanair: I think the email went nowhere, as it's not in 
the archives
(21:52:39) mattock: will have to do without
(21:53:12) dazo: mattock: I've not seen any invitation 
(21:53:51) dazo: but it was mentioned last meeting we would have a meeting 
today ... and it shouldn't come as a surprise we have frequent meetings in this 
release phase
(21:53:59) mattock: yep
(21:56:32) mattock: so https://community.openvpn.net/openvpn/ticket/771 is 
marked with "RC 2.4"
(21:56:34) vpnHelper: Title: #771 (Adding IPv6 routes may fail on Windows if 
openvpn.exe has not been shut down gracefully) – OpenVPN Community (at 
(21:56:45) mattock: (hopefullly I'm not repeating myself too much :) )
(21:57:09) cron2: mattock: bump to 2.4.1?
(21:57:54) mattock: I could probably commit to debugging this for 2.4_rc2
(21:58:00) mattock: then the fix could go into 2.4.0
(21:58:13) mattock: basically just get the netsh command-line that fails, and 
see if that can be worked around
(21:58:23) mattock: then the code changes should  be trivial
(21:58:25) cron2: you could start posting a log file where it went wrong :-) - 
I don't do tracs without logs
(21:58:35) dazo: is this a regression from 2.3?
(21:58:43) mattock: dazo: not afaik
(21:58:45) dazo: mattock: ^^^ (ticket #771)
(21:58:46) cron2: but if it's really a *different* network that you try to 
install, I wonder why it should care
(21:58:54) dazo: then we will let it pass to 2.4.1 or 2.5
(21:59:13) cron2: dazo: no, that code never changed - if you whack openvpn.exe 
hard enough so it cannot cleanup, things get funny
(21:59:38) mattock: dazo: I would be fine with that, as the bug requires quite 
special preparations to materialize
(21:59:41) dazo: good ... then it is definitely not rc2 material
(21:59:50) mattock: in normal circumstances it will be difficult to reproduce I 
(21:59:54) ***cron2 points at 20:57 < cron2> mattock: bump to 2.4.1?" :)
(22:00:02) dazo: cron2++
(22:00:03) mattock: fine by me
(22:00:29) dazo: I'm going to be really nasty about what we will put into rc2 
(22:01:12) mattock: done
(22:01:32) mattock: so anything left to talk about regarding 2.4_rc1?
(22:01:50) dazo: don't think so
(22:02:20) mattock: good :)
(22:03:14) ***dazo brb
(22:03:20) mattock: so patches ready tomorrow afternoon, smoketests (without 
tagging) on Friday morning (CET/EEST), release on Fri afternoon
(22:03:43) selvanair: mattock: waht abt the installer -- is the active setup 
thing going to get in 2.4_rc1?
(22:03:59) mattock: selvanair: did you notice my comment in GitHub?
(22:04:12) selvanair: I replied about bitness
(22:04:18) mattock: let's see
(22:04:39) selvanair: mattock: actually a couple of replies
(22:06:32) mattock: ah, I see
(22:06:36) mattock: that would explain it
(22:07:05) mattock: anyways, that needs to be fixed
(22:07:25) ***dazo back
(22:07:58) mattock: dazo: any opinions on whether 
https://github.com/OpenVPN/openvpn-build/pull/55 could go to 2.4_rc2 installers?
(22:08:00) vpnHelper: Title: Use active-setup registry entry to add GUI to 
startup menu of users by selvanair · Pull Request #55 · OpenVPN/openvpn-build · 
GitHub (at github.com)
(22:08:13) selvanair: already done -- patch to be pushed to the PR (its just If 
Running64 instead of if ARCH=x86_64)
(22:08:59) dazo: I have no strong opinions on the Windows side at all ... I'm 
no active Windows user, and these days I don't even need to support any Windows 
users with OpenVPN even
(22:09:37) dazo: In my opinion, selvanair is a far better resource to ask :)
(22:09:54) mattock: well, my viewpoint was that of software project management
(22:10:01) dazo: :)
(22:10:14) mattock: do we consider _any_ change to openvpn-gui or the installer 
to be "safe" for stable point releases?
(22:10:19) mattock: or is there a line somewhere?
(22:10:39) dazo: All I care about on Windows is the overall user experience ... 
which should be smooth and easy without much unneeded questions and options
(22:10:42) cron2: if it removes windows and reinstalls linux, it should better 
be Debian, not RHEL!
(22:10:48) mattock: :D
(22:10:55) dazo: lol
(22:11:03) selvanair: Anything Windows is never stable -- so subtle lines can 
be drawn :)
(22:11:16) dazo: hehe
(22:11:17) selvanair: so->no yuck..
(22:11:44) mattock: ok, so the consensus seems to be that we don't need to 
force https://github.com/OpenVPN/openvpn-build/pull/55/commits into openvpn 
(22:11:45) vpnHelper: Title: Use active-setup registry entry to add GUI to 
startup menu of users by selvanair · Pull Request #55 · OpenVPN/openvpn-build · 
GitHub (at github.com)
(22:12:10) mattock: rc2 would work as well
(22:12:41) mattock: that said, we should get as many openvpn-gui PRs into 
2.4_rc1 as possible
(22:12:47) mattock: selvanair: anything left to lazy-ACK?
(22:12:50) dazo: if it doesn't hurt runtime stability, no issues at all
(22:12:56) selvanair: mattock: I agree -- we may have to double up efforts on 
internal testing to be on teh safe side..
(22:13:33) selvanair: mattock: dynamic-cr + pkcs11 
(22:13:38) mattock: https://github.com/OpenVPN/openvpn-gui/pull/91
(22:13:40) vpnHelper: Title: pkcs11 pin prompt by selvanair · Pull Request #91 
· OpenVPN/openvpn-gui · GitHub (at github.com)
(22:13:48) mattock: whick contains both, right?
(22:14:47) dazo: selvanair: when the dust begins to settle on 2.4.0 ... I'd 
like to dig more into PKCS#11 stuff as well ... I have a few different tokens 
these days, so I'd like to ensure openvpn works well here (at least from a 
Linux perspective)
(22:14:54) selvanair: mattock: valdikss's import pathc may have to wait (may be 
with 2.4.1?) -- I think I fixed most bugs and critical issues, but he's too 
busy to test it. May be I'll take over it from him, but too busy now.. 
(22:15:10) mattock: selvanair: yeah, let's not rush that one
(22:15:20) mattock: I say we lazy-ACK PR#91, though
(22:15:30) mattock: what remains to be fixed 
(https://community.openvpn.net/openvpn/ticket/740#comment:15) cannot be fixed 
in openvpn-gui
(22:15:32) vpnHelper: Title: #740 (No PIN prompt with PKCS11 in Windows GUI 
mode) – OpenVPN Community (at community.openvpn.net)
(22:16:29) selvanair: dazo: good. I only have software tokens to test this, so 
removing token is hard to simulate. Have some hardward tokens at work, but not 
supposed to tinker it by adding keys/certs etc..
(22:17:30) selvanair: mattock: PR91 is good to merge from my end..
(22:17:42) dazo: selvanair: and I'd like to follow-up on David Woodhouse's 
suggestion ... to kick-out pkcs11-helper in favour of p11kit (which is saner in 
the implementation)
(22:18:15) dazo: (I just need to figure out how to use those bloody tokens on 
my Linux box first :-P)
(22:18:29) syzzer: yeah, I would like that too, but p11kit seems to lean very 
strongly towards openssl
(22:18:33) selvanair: dazo: and probably there is some decent docs on it -- I 
cant find any docs on pkcs11-helper.
(22:18:41) mattock: PR#91 merged
(22:19:09) selvanair: mattock: yeah... hope it doesn;t break anything ;)
(22:19:16) dazo: syzzer: alright, perhaps I'll see if I can get acceptance to 
work on mbedtls support on p11kit too, if needed
(22:19:29) mattock: selvanair: fingers crossed :)
(22:19:46) selvanair: mattock: same here :)
(22:19:47) mattock: unfortunately the code-review side in openvpn-gui is 
lacking (as are Windows developers)
(22:20:30) mattock: then again, nobody expects dynamic cr / pkcs11 pin prompts 
to work on openvpn-gui, so at least we're not (hopefully) creating regressions
(22:20:34) selvanair: we need some windows coders who can make things 
user-friendly -- not my forte.. I'm the most unfriendly person around..
(22:20:39) dazo: syzzer: I need to use an argument in regards to OpenVPN 3 
though for this to fully work out ... I'm working on getting OpenVPN 3 building 
on Linux, and it seems most reasonable to start with using mbedtls-2.3 there  
(most of the port from polarssl-1.3 is already done)
(22:21:12) syzzer: yeah, don't bother with polar 1.x
(22:22:58) dazo: selvanair: I can try to get access to a windows computer and 
test the UX ... and give you a boatload of how I would prefer things to be on 
the UX side ... if that can work for you
(22:23:40) dazo: I have no real idea how to really do the windows UI stuff ... 
but I have opinions at least ;-)
(22:23:52) mattock: "I don't like it this way, fix it"
(22:23:58) mattock: :P
(22:24:04) dazo: lol ... I can do better than that ;-)
(22:24:15) mattock: so 2.4 done?
(22:24:20) dazo: yes
(22:24:26) mattock: we discussed 2.3.14 a few days back
(22:24:36) mattock: that I could release the upcoming week
(22:24:43) cron2: right
(22:24:53) cron2: which day should I plan for?
(22:25:01) mattock: I don't particularly care
(22:25:17) cron2: (there is good stuff in already, and maybe a few more 
bugfixes coming up)
(22:25:17) selvanair: dazo: that wont work: (1) I am bad with customer service 
and (2) my brain is not wired for making good UI :)
(22:25:25) mattock: cron2: let's wait for those bugfixes then
(22:25:50) cron2: mattock: just tell me which day you want to do the release 
and "what needs to be in will be in by then"
(22:26:01) mattock: wednesday?
(22:26:08) cron2: noted!
(22:26:09) dazo: selvanair: I can describe and provide mock-up images of how 
I'd recommend it ... but I'm not capable of making that in a windows program
(22:26:42) mattock: I could actually review dazo's suggestion from usability 
(22:26:49) mattock: I've done some usability testing
(22:26:54) cron2: mattock: looking at my schedule, it looks like "tagging and 
pushing" will happen tuesday, as wednesday is full of chaos already
(22:26:54) dazo: even better :)
(22:27:11) mattock: although for starters, openvpn-gui should not be a tray 
application, nor should it start hidden (which Windows usually does :) )
(22:27:24) mattock: cron2: fine by me
(22:27:33) cron2: (tuesday evening-ish, that is)
(22:27:35) selvanair: And I oudl review code if someone writes it (and try fix 
(22:27:37) mattock: good
(22:28:14) mattock: oh, the key signing thing is still ahead
(22:28:17) mattock: so how do we do it?
(22:28:17) cron2: tray app isn't bad - if you had it explained to you once
(22:28:28) cron2: ok, here's my plan.
(22:29:03) cron2: - who is interested meets in video chat (this only works for 
people that have met in person before, but everyone is welcome to join and have 
a look, of course)
(22:29:18) cron2: - who wants his key signed pastes the fingerprint to this IRC 
(22:29:33) dazo: (the video chat takes max 8 people simultaneously)
(22:30:00) cron2: - who wants to sign gets the key from the keyserver ("gpg 
--recv-key $id") and gets ready to sign ("gpg --sign-key $id") BUT DOES NOT 
(22:30:32) cron2: the signee reads the fingerprint out on video chat, you 
compare that visually to what was pasted on IRC and to what GPG says you want 
to sign
(22:30:39) cron2: if it matches, you sign
(22:31:18) cron2: (this is slightly easier than "just read it aloud" for 
non-native speakers, as you have the IRC as tertiary channel for valdiation - 
plus, it ties "IRC username" to "person")
(22:31:28) cron2: syzzer: is this sane?
(22:31:37) ***dazo have prepared a printout with QR code of the finger print 
... for those who got a QR reader app handy
(22:32:05) cron2: mmmh, that is nice, will do so as well
(22:32:13) cron2: any particular format?  or just the string?
(22:32:39) dazo: I added URL to keybase.io e-mail-addr: fingerprint
(22:32:45) cron2: (actually, we could just print it in BIG LETTERS and point 
the camera at it)
(22:32:48) syzzer: sounds good to me :)
(22:32:57) dazo: yeah the big letter printout works too
(22:33:20) syzzer: some voice confirmation would be good
(22:33:27) dazo: ack!
(22:36:46) syzzer: heh, this will mean peeling of the webcam sticker :p
(22:37:09) cron2: haha, I'll use a tablet
(22:37:13) dazo: heh ... you don't have such a fancy Fox-IT shield?
(22:37:26) syzzer: this sticker is pre-shield :p
(22:37:30) selvanair: I've never met anyone and dont have a webcam here at 
work, so I'll sign off now. Enjoy the party..
(22:37:41) dazo: enhoy
(22:37:48) mattock: selvanair: bye!
(22:38:06) cron2: selvanair: bye.  But we hope you join next years's hackathon 
(22:38:25) dazo: +1
(22:38:26) syzzer: yeah, would be cool!
(22:38:28) selvanair: cron2: will try..
(22:39:20) mattock: I'm looking into how this "sign other people key" thing is 
supposed to work, so feel free to count me out right now :D
(22:39:30) cron2: youre gone again
(22:39:56) dazo: seems there's some connectivity issues, cron2  .... steffan 
and I are here
(22:40:01) dazo: mattock: you're joining?
(22:40:36) cron2: funky
(22:41:38) mattock: dazo: let's see what I can do...
(22:41:40) mattock: just a sec
(22:42:03) mattock: dazo: so this is your standard appear.in channel?
(22:42:04) dazo: pub   4096R/0x755A3AB945307622 2016-03-28 [expires: 2036-03-23]
(22:42:04) dazo: uid                            David Sommerseth 
(22:42:04) dazo: uid                            David Sommerseth 
(22:42:04) dazo: pub   4096R/0x57DB9DAB613B8DA1 2016-08-23 [expires: 2026-08-21]
(22:42:05) dazo: uid                            David Sommerseth (OpenVPN 
Technologies, Inc) <dav...@openvpn.net>
(22:42:06) dazo: uid                            David Sommerseth (OpenVPN 
mailing list ID) <open...@sf.lists.topphemmelig.net>
(22:42:10) dazo: mattock: ues
(22:44:35) dazo: mattock: appear.in/openvpn
(22:44:54) cron2: 3072R/CA562812 2016-11-10 Key fingerprint = B62E 6A2B 4E56 
570B 7BDC 6BE0 1D82 9EFE CA56 2812
(22:51:10) cron2: mattock: waiting for you!
(22:51:28) cron2: scared him away :)
(22:53:31) cron2: (28)    Samuli Sepp?nen <sam...@openvpn.net>
(22:53:32) cron2:         Samuli Sepp?nen <samuli.seppa...@gmail.com>
(22:53:32) cron2:           1024 bit DSA key 198D22A3, created: 2009-11-21
(22:54:10) cron2: mattock: can I have the fingerprint again?
(22:54:24) cron2: could someone tell mattock I need to see the fingerprint?
(22:55:44) cron2: uid                  Samuli Sepp?nen 
(22:55:46) cron2: sig 3        C0517EBA 2010-03-26  David Sommerseth 
(22:56:31) syzzer: pub   2048R/007ED288 2013-03-19
(22:56:31) syzzer:       Key fingerprint = 0FD1 29CC 65BD 59E1 3C21  F77C 9802 
CA3D 007E D288
(22:56:31) syzzer: uid                  Steffan Karger (syzzer) 
(23:02:53) cron2: ok, good :-)
(23:03:15) ***cron2 has pushed the key to the hkp keyservers already 
(23:03:21) cron2: and now - good night *wave*
(23:03:44) mattock: ok, so the signing party thing concluded today's meeting
(23:04:39) syzzer: yes, me too :)
(23:04:45) mattock: good night guys!
(23:04:48) syzzer: good night!
(23:05:45) mattock: next meeting Wed 7th Dec
Openvpn-devel mailing list

Reply via email to