Here's the summary of today's IRC meeting.
Place: #openvpn-meeting on irc.freenode.net
Date: Wednesday 4th Jan 2016
Time: 20:00 CET (19:00 UTC)
Planned meeting topics for this meeting were here:
The next meeting has not been scheduled yet.
Your local meeting time is easy to check from services such as
cron2, danhunsaker, dazo, mattock, plaisthos, selvanair and valdikss
participated in this meeting.
Went through quite a few Trac tickets. Some them were ready to be closed
Discussed OpenVPN 2.4.1 release schedule. Decided to have another look
in a meeting ~ two weeks from now.
Discussed broken MacOS X builds (Travis and Buildbot). Mattock will look
Discussed future meeting schedules. Mattock will set up a Doodle poll to
figure out what options we have.
Discussed the VLAN patchset:
It was agreed that this would be a good feature for OpenVPN 2.5. The
review was estimated to take a few full days. It was also noted that the
review effort can't be easily shared to several people, so someone will
have to do most of it.
Discussed OpenVPN release schedule. OpenVPN 2.4 took quite a lot of time
to get out, and this was seen as a problem. However, there was
disagreement on what kind of release cycle we should aim for.
The problem is that going through alphas/beta/rcs is quite
time-consuming, so having releases too often eats valuable developer
time that could be used to fix issues and improve things.
On the other hand having too few releases means that most people won't
use the code that we have developed, as evidenced by all the bug reports
that cropped up very shortly after 2.4.0 release.
Decided to continue this discussion later.
Discussed moving a few of mattock's OpenVPN projects under OpenVPN
organization in GitHub:
It was agreed that it makes sense.
Full chatlog has been attached to this email.
OpenVPN Technologies, Inc
irc freenode net: mattock
(21:01:08) mattock: ready for
(21:01:10) vpnHelper: Title: Topics-2017-01-04 – OpenVPN Community (at
(21:01:19) cron2: rumble!
(21:01:30) mattock: who else is here today?
(21:06:02) mattock: hmm
(21:06:21) mattock: perhaps we should start and see if someone joins / wakes up
(21:06:57) ***cron2 misses the agenda item "meeting schedule"
(21:07:03) ***dazo is here
(21:07:09) mattock: hi dazo
(21:07:17) dazo: hey :)
(21:07:18) mattock: cron2: yeah, that one is still missing, adding that
(21:08:02) mattock: done
(21:08:09) mattock: so Trac tickets first?
(21:08:49) dazo: which query should we look at ... so we're looking at the same
(21:09:28) cron2: someone could just bring up trac tickets and then we look at
(21:10:11) mattock: here's a basic query without Access Server / OpenVPN
(21:10:19) vpnHelper: Title: Custom Query – OpenVPN Community (at
(21:11:41) dazo: #647 ...
(21:11:49) dazo: but that's strictly 2.3
(21:13:21) cron2: well, it's "old 2.3 to something new, and can we make it
easier to see what went wrong"
(21:14:15) dazo: hmm ... I wonder if we can close it ... "The patch I mentioned
above has been applied" ... commit 29b65ffd
(21:14:30) dazo: git tag --contains 29b65ffd ... lists 2.3.9+
(21:15:06) cron2: the remaining bit here is not the code but add a reasonable
warning (to see what went wrong)
(21:15:33) cron2: let me mull about that some more
(21:15:41) mattock: ok
(21:15:47) dazo: okay, so we can downgrade it from critical to minor, and
comment it has been partially resolved
(21:15:53) mattock: +1
(21:16:06) mattock: I'm looking if this one could be closed:
(21:16:07) vpnHelper: Title: #788 (EASYRSA_KEY_SIZE, EASYRSA_DIGEST in vars is
ignored) – OpenVPN Community (at community.openvpn.net)
(21:16:30) ***dazo ignores tickets not related to core OpenVPN now :)
(21:17:43) cron2: mattock: I think we can close that
(21:17:45) mattock: ok, so #788 is still valid
(21:17:51) mattock: looking at the GitHub report
(21:17:55) cron2: oh?
(21:18:16) mattock: yeah, there is some messiness in how easyrsa3 handles the
defaults from the vars file
(21:18:43) mattock: ecrist is aware of the issue, and can hopefully have a look
at some point
(21:19:20) dazo: cron2: #812 can be closed?
(21:19:29) dazo: the md_ctx_update() stuff
(21:19:48) cron2: dazo: yes. Merged the fix you three worked out yesterday
night today :)
(21:19:56) dazo: cool!
(21:20:13) danhunsaker ha scelto come argomento: Meeting 2017-01-04 1900 UTC:
Agenda at https://community.openvpn.net/openvpn/wiki/Topics-2017-01-04
(21:20:13) cron2: my first two pushes to release/2.4 branch \o/
(21:20:25) dazo: \o/ :)
(21:21:26) mattock: https://community.openvpn.net/openvpn/ticket/792 claims
there's a patch on openvpn-devel
(21:21:27) vpnHelper: Title: #792 (segfault when printing SSL errors) – OpenVPN
Community (at community.openvpn.net)
(21:24:40) cron2: Message-Id: <20161216163218.25449-1...@nexedi.com>
... here's the patch fixing it
(21:24:45) vpnHelper: Title: [Openvpn-devel] [PATCH] Fix implicit declarations
when HAVE_OPENSSL_ENGINE is unset (at www.mail-archive.com)
(21:24:45) cron2: there it is, and it has an ACK from syzzer
(21:25:08) cron2: I'll go and merge + push
(21:25:10) mattock: good
(21:26:21) mattock: looking at https://community.openvpn.net/openvpn/ticket/809
(21:26:24) vpnHelper: Title: #809 (Setting DNS via DCHP Option in PUSH no
longer working.) – OpenVPN Community (at community.openvpn.net)
(21:28:29) mattock: windows 10 seems have caused many issues
(21:28:46) mattock: I definitely need a win10 test vm...
(21:29:16) cron2: and then there's win10, win10, or the other win10
(21:29:26) cron2: *that* is the most annoying part
(21:29:27) mattock: yep
(21:29:53) cron2: I have a Win10 VM, but it's not turned on often enough to
always upgrade itself, so I have no idea which version it might be
(21:30:47) mattock: I wonder if I could boot Win10 from an external USB drive...
(21:31:07) mattock: I have those laying around plus a dedicated Windows laptop
(21:31:13) mattock: anyways, I will do some testing
(21:31:21) danhunsaker: I should have tooling to help with that soon. Focus is
on actual tests at the moment, but I want to ensure platform coverage is as
wide as possible, too.
(21:31:22) mattock: I'll assign that ticket to myself
(21:31:37) mattock: oh hi danhunsaker!
(21:31:45) mattock: so Windows 10 VM(s)?
(21:31:46) cron2: I think 809 has nothing to do with win10, just with user
(21:32:04) mattock: cron2: could be, but there are genuine Win10 problems also
(21:32:18) cron2: there are (and many so), but not #809
(21:32:36) mattock: cron2: are you confident enough to close #809 as user error?
(21:33:13) danhunsaker: I currently have one running fully-updated Win10, and
one running Fast Preview Win10. Coupled with WSUSOffline, it's not too tricky
(21:33:17) dazo: I'd probably ask for configs and complete logs first
(21:33:37) cron2: yes
(21:33:49) cron2: dazo: everything is in the log he posted
(21:33:59) cron2: "Options error: Unrecognized option or missing or extra
parameter(s) in [PUSH-OPTIONS]:2: dhcp-option (2.4.0)
(21:34:10) mattock: cron2: ok, care to explain what the problem is in the
ticket and then "close as notabug" :D
(21:34:18) cron2: that is our umbrella error message for "too few or too many
(21:35:05) mattock: danhunsaker: can you put the details of those VMs to our
intranet server (or some other place)?
(21:35:27) dazo: I think I spot the issue .... "dhcp-option DNS 10.20.220.15
10.20.220.11" .... that should be split into two separate push "dhcp-option
(21:35:30) cron2: else if (streq(p, "dhcp-option") && p && !p)
(21:35:32) cron2: yes
(21:35:46) cron2: dhcp-option only takes one or two argumens, never 3
(21:35:57) dazo: right
(21:36:03) vpnHelper ha abbandonato la stanza (quit: *.net *.split).
(21:36:03) syzzer ha abbandonato la stanza (quit: *.net *.split).
(21:36:05) dan- ha abbandonato la stanza (quit: *.net *.split).
(21:36:06) cron2: (and that's what I just wrote in more verbosity into the
(21:36:18) dan- [~email@example.com] è entrato nella stanza.
(21:36:24) danhunsaker: mattock: Sure. Will need to know which details you're
interested in, of course.
(21:36:26) mattock: closed https://community.openvpn.net/openvpn/ticket/792
(21:36:40) mattock: danhunsaker: IPs and login credentials mostly
(21:36:41) syzzer [~syz...@82-94-53-40.ip.xs4all.nl] è entrato nella stanza.
(21:36:58) syzzer ha abbandonato la stanza (quit: Changing host).
(21:36:58) syzzer [~syzzer@openvpn/community/developer/syzzer] è entrato nella
(21:37:02) cron2: mattock: well, I left it open to remind me to release 2.3.15
eventually - but you're right, the ticket itself is done
(21:37:13) cron2: syzzer: welcome, how was snowboarding?
(21:38:03) danhunsaker: mattock: Aha. These are KVM images in the QA testbed.
They get created before testing, then destroyed afner. So that info wouldn't
be valid long/often. :)
(21:38:04) vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] è entrato nella stanza.
(21:38:25) dan- ha abbandonato la stanza (quit: Changing host).
(21:38:25) dan- [~d@freenode/corporate-sponsor/privateinternetaccess.com/doaks]
è entrato nella stanza.
(21:38:42) mattock: danhunsaker: any instructions on how to use the VMs for
testing will also work :P
(21:39:02) dazo: https://community.openvpn.net/openvpn/ticket/52 ... do we
still support Windows Server 2003?
(21:39:04) vpnHelper: Title: #52 (No routing after restart of Win 2003 Server
on 2.1) – OpenVPN Community (at community.openvpn.net)
(21:39:28) danhunsaker: mattock: As soon as they're stable enough to share
(21:39:59) danhunsaker: dazo: That says it's using 2.1 - I doubt we support
(21:40:00) mattock: danhunsaker: ok, great!
(21:40:01) cron2: 811 is scary
(21:40:18) mattock: dazo: the ticket says "sc OpenVPNSVC start" and such
(21:40:20) dazo: danhunsaker: well, it could have been fixed in 2.3 or 2.4 ;-)
(21:40:20) cron2: (it's not an openvpn bug in the end, but the intricacies of
(21:40:31) mattock: the service has been called OpenVPNService for as long as I
can remember :)
(21:40:34) dazo: right ... we'll close it as outdated
(21:40:36) mattock: yeah
(21:40:59) mattock: Windows Server 2003 is roughly the same age as Windows XP,
and we are not very actively supporting WinXP either
(21:41:09) mattock: plus last comment from a user to that ticket was 3 years ago
(21:41:15) cron2: it was reported by this samuli guy... what is he running such
old versions anyway
(21:41:29) mattock: it was migrated by this samuli guy to be more precise
(21:41:33) dazo: yeah, just verified it with Microsoft posts too ... "Windows
Server 2003 extended support ended on July 14, 2015"
(21:41:43) dazo: when _extended_ support have ended, it's a dead end
(21:42:01) mattock: dazo: are you closing #52?
(21:42:04) mattock: or shall I?
(21:42:09) dazo: I'm closing now
(21:42:16) mattock: ok
(21:43:37) mattock: looking at #811
(21:44:44) dazo: hmm ... could this be permission issues on the file system?
(21:45:07) cron2: just read the ticket :)
(21:46:46) dazo: I'm closing it as notabug ... as it wasn't a bug on our stuff
(21:46:56) cron2: dazo: leave that to selva
(21:47:28) dazo: does he have those privileges?
(21:47:29) cron2: as they still seem to discuss gui/route/privilege issues...
somewhat impolite to close a ticket while there is still discussion going on
(21:47:37) dazo: agreed
(21:47:41) cron2: mattock: does he?
(21:47:59) cron2: (if not, he's usually quite clear in communicating that
something needs closing :) )
(21:48:17) dazo: oh! I have privileges now to check if he have privileges :-P
(21:49:11) dazo: yes, selva is in the developers group, which have TICKET_ADMIN
... so I believe he can close it
(21:49:11) mattock: so the only thing that might require investigation in #811
is his claim that routes are added from cmd.exe even without admin privileges
(21:49:25) mattock: however, I think that is either bogus, or due to some funky
user permission config at his end
(21:50:19) mattock: I think the ticket can be closed, which I will note in a
(21:50:28) mattock: selva can then close the ticket if he agrees
(21:50:34) dazo: the error in regards to failing route.exe calls, is due to
starting from the command line during testing ... not via GUI
(21:50:49) dazo: so, yeah, we leave that up to selva
(21:51:11) cron2: #807 is just waiting for the patch v2 to show up, nothing to
(21:51:11) ***dazo updated the topic title to be correct (with -> without)
(21:51:25) cron2: haha
(21:51:42) cron2: mattock: wrt #806 - is ilya reading trac?
(21:52:29) cron2: that is certainly something for him and maybe valdikss
(21:52:47) mattock: cron2: looking
(21:52:49) dazo: validikss uses that in trac, afaik
(21:53:20) cron2: dazo: right, but since ilya is actively working on the
installers, he would be the logical candidate for this
(21:53:28) dazo: yeah
(21:53:47) mattock: chipitsine is planning to make the installer Unicode, so
that would probably get fixed there
(21:54:00) mattock: I'll cc him
(21:55:42) mattock: done
(21:56:20) mattock: https://community.openvpn.net/openvpn/ticket/153 can be
(21:56:22) vpnHelper: Title: #153 (Add "RequestExecutionLevel admin" to
tapinstall.exe manifest file) – OpenVPN Community (at community.openvpn.net)
(21:56:23) mattock: as of today
(21:56:24) cron2: #804 says "mattock needs win10 vms"
(21:56:31) cron2: re #153 - cool
(21:59:28) mattock: yeah, #804 is interesting
(22:00:52) mattock: I think openvpnserv2 is just missing some hibernate/suspend
(22:01:03) mattock: and Win10 is not actually shutting down but hibernating
(22:01:08) mattock: or something along those lines
(22:01:14) cron2: closing #799
(22:05:02) cron2: mattock: I do not understand #798 - why does the driver cert
have to be put in the cert store first? I thought the whole point of having a
super-secure microsoft cert is that it is trusted right away?
(22:05:44) selvanair: hi guys, sorry busy here this afternoon
(22:06:35) cron2: selvanair: oh, good that you show up :-) - re trac #791, I
think we can close this? And dazo says you should have trac admin rights to
just close things
(22:07:41) mattock: cron2: I think driver installation will always prompt the
user about new publishers
(22:07:43) cron2: dazo: hu, what was that? just got a mail from you about a
commit from dec27 (Changes.rst)
(22:07:48) mattock: despite the fact that all signatures are correct
(22:07:51) cron2: oh
(22:08:11) dazo: cron2: I just noticed by coincidence that it was still in my
"to be sent queue"
(22:08:14) mattock: I recall we do the same thing in OpenVPN Connect, and the
reporter of the bug also does that
(22:08:19) mattock: hi selvanair!
(22:08:52) cron2: oh, there's v2 of the dhcp-release patch... overlooked that
in a flurry of other mails
(22:09:08) mattock: ... in any case, I don't think there is anything wrong with
the tap-windows6 signature
(22:10:01) selvanair: cron2: ok, closed #791
(22:10:28) mattock: assigned 798 to me
(22:11:41) cron2: I admit I'm a bit tired, and we've made quite a bit progress
with trac review -> shall we move ahead in the agenda?
(22:11:49) mattock: yeah, let's do that
(22:11:53) mattock: this Trac thing will take ages
(22:12:11) mattock: 2) OpenVPN 2.4.1 release
(22:12:18) mattock: when and what?
(22:12:21) cron2: it does, but it's a good excercise to sit down and look
through stuff for an hour or so, to see what came up
(22:12:32) selvanair: assigned #810 to me
(22:13:01) cron2: mattock: wrt 2.4.1, I would say "if something really severe
comes up, or around mid-to-end-february"
(22:13:13) cron2: mmmh
(22:13:21) cron2: actually the #812 is pretty severe
(22:13:43) cron2: (as it breaks people's config on reconnecting if "important"
(22:13:50) dazo: I'd probably say early/mid February
(22:14:37) cron2: so what's the workaround for 2.4.0 with #812? "do not use
(22:14:48) selvanair: But strange that no one really reported #812 failure so
far -- I hardly ever use multiple remotes
(22:14:55) dazo: there are a few patches already on the ML which should be
added too ... LZ4 compat lib upgrade, LZ4 API upgrade ... some man page
updates, and a few more I don't recall right now
(22:15:35) cron2: that sounds more like "around january 20" to me (two weeks
(22:15:43) dazo: Those using multiple remote may not have yet upgraded to 2.4
(companies) ... or it's VPN service providers, who might not use --perstist-tun
(22:15:51) mattock: cron2: yeah, I did not mean to say that going through the
Trac tickets is pointless :P
(22:16:02) mattock: just that it takes too much time if we want to do any other
(22:16:21) cron2: mattock: didn't understand it that way :) - just wanted to
stress the usefulness, even if time consuming
(22:16:47) mattock: +1
(22:17:17) cron2: so, what about: we schedule a meeting in two weeks time, and
then decide whether we want to do 2.4.1 "right then", or "in february",
depending on the bug level and how good we have been at merging stuff?
(22:17:20) mattock: as for 2.4.1: there are again some changes to openvpnserv2,
the installer and probably also openvpn-gui
(22:17:27) mattock: but those don't require a new openvpn release
(22:17:42) mattock: cron2: sounds good
(22:18:09) dazo: alright, makes sense
(22:18:14) mattock: chipsine wanted to know the schedule for 2.4.1 so that he
could set his schedule for the Unicode installer
(22:18:23) dazo: cron2: would you have time to have a look at the LZ4 patches
on the ML?
(22:18:25) mattock: so 2 weeks or more is probably good
(22:18:37) cron2: dazo: yes
(22:18:55) mattock: oh, speaking of chipitsine: I think we should fix Travis,
even if that means stripping away OSX tests
(22:19:00) cron2: I've seen them, but was totally out of steam for most of
(22:19:03) mattock: right now the OSX tests only make Travis show red everywhere
(22:19:17) mattock: other people issue PRs are now complaining about that
(22:19:26) cron2: mattock: I suggested possible approaches that could be tried
in configure, but nobody picked them up...
(22:19:36) mattock: yeah, I recall that
(22:19:59) dazo: yeah ... to not install cmake or not do the 'git submodule
init' step on OSX will fix this
(22:20:25) cron2: well, that's a third and fourth solution outside configure :)
(22:21:16) cron2: building on OSX is important, knowingly blowing up is silly
(22:21:37) mattock: then again we already have OSX buildslaves
(22:21:45) cron2: ... that also blow up...
(22:21:46) mattock: plus we don't use PRs typically
(22:22:02) mattock: but OSX buildslave was fixed I believe
(22:22:07) dazo: but having some regular test builds on OSX makes a lot of sense
(22:22:18) mattock: +1
(22:22:31) cron2: no, macos-amd64-stable-master still fails "compile_2"
(22:22:53) mattock: urgh
(22:23:11) selvanair: cron2: reg. #807 is just waiting for the patch v2 to show
up -- I thought I sent v2 yesterday..
(22:23:13) dazo: mattock: you have an ubuntu buildbot which also explodes in
(22:23:15) dazo: CMake Error:
(22:23:15) dazo: The path to the source directory:
(22:23:15) dazo: contains unsupported character '='.
(22:23:15) dazo: Please use a different source directory name.
(22:23:35) mattock: yes, that one is on my todo
(22:23:39) cron2: selvanair: you did, I just spotted it. Missed the mail
(22:25:13) dazo: selvanair: got some spare cycles after the meeting to discuss
some notification API? cron2 is far from happy with some notification needed
for systemd, and wants an API which can be re-used in Windows as well
(22:25:21) mattock: I will have a look at Travis and Buildbot + MacOS X
(22:26:23) selvanair: dazo: can hang around for 30mins or so.. depends on when
we finish tho..
(22:26:59) dazo: sure, no worries
(22:27:02) cron2: ok, shall we quickly jump to "meeting schedule"? which days
are acceptable for you?
(22:27:46) dazo: I am generally unavailable on Mon and Thu, and the first Fri
(22:28:00) dazo: (it used to be Tue, but that was recently moved to Thu)
(22:28:15) mattock: Mon, Tue and Thu would work best for me
(22:28:33) cron2: this complicates things... I'm generally unavailable Tue, at
least before 20:45 local time (which is 45 min later than we meet today)
(22:29:27) mattock: we can also consider alternating days
(22:29:42) cron2: right
(22:29:49) mattock: monday -> wednesday -> monday -> ...
(22:30:00) mattock: if we have a meeting every other week, that should not be
too bad for any single person
(22:30:13) mattock: or decide on the next meeting each time
(22:30:17) mattock: separately
(22:30:25) dazo: that would mean I can only manage one meeting per month
(22:30:58) mattock: what about meeting that are not in the evenings?
(22:31:02) mattock: european time
(22:31:11) mattock: quicker ones (I hope)
(22:31:31) dazo: That can work for me ... but that needs to be before 15:00 CET
(22:31:49) cron2: complicated as it interferes with paid work, and might be too
early for Selva
(22:31:59) dazo: (just in case I need to pick up $kid at kindergarten)
(22:32:49) mattock: cron2: what were you're preferred days?
(22:32:52) mattock: your
(22:33:05) selvanair: ignore me, I'm usually sleeping or busy at work when its
day time for you guys..
(22:33:26) cron2: I can make any day but Tuesday
(22:33:59) mattock: and plaisthos and syzzer both have sports on Wed
(22:34:04) mattock: sorry, monday
(22:34:15) dazo: well ... things will change for me after mid-March .... but
right now it is impossible to say how the evenings will be
(22:34:46) mattock: what if we do a Doodle about this to get everyone's
schedules in line?
(22:34:51) cron2: +1
(22:34:53) dazo: +1
(22:34:58) mattock: ok, that's settled then
(22:35:15) selvanair: So looks like Wed is the best -- that is ok with mattock
(22:35:18) mattock: FYI: https://community.openvpn.net/openvpn/ticket/813
(22:35:20) vpnHelper: Title: #813 (Travis and Buildbot builds are broken due to
MacOS X + cmocka issue) – OpenVPN Community (at community.openvpn.net)
(22:35:28) selvanair: ok Doodle..
(22:35:36) mattock: I tend to have stuff on wednesdays, but if I don't have to
be active in the meeting, I can probably live with it
(22:35:57) mattock: I can join using my phone if I'm not at home
(22:36:13) mattock: anyways -> doodle
(22:36:36) mattock: topic 3: VLAN patches
(22:36:52) mattock: the patchset some people want, and we never merge
(22:37:06) cron2: while this is a intersting patch set, it is big, and needs
brains to think through
(22:37:55) dazo: I can be willing to co-review these patches ... but someone
understanding the IP packet bits will be crucial here
(22:38:05) cron2: I would push that back like two months, and sort out the dust
we have already flying around
(22:38:31) dazo: that's what we've been doing for a long time already, though
(22:38:32) cron2: we have too many open trac tickets, patches on the ML, etc.
to start with a big thing
(22:38:35) mattock: dazo, cron2: I think you're the perfect tag team for the
VLAN patchset :)
(22:38:45) mattock: that said, I agree with cron2's schedule
(22:39:09) mattock: 2.4.0 release revealed lots of other more important stuff
(22:39:23) cron2: well, the one person that wants this is able to handle the
rebasing and compile-himself so this is not critically important for "lots of
(22:40:29) dazo: that's true ... it's just that he got the message "we'll look
at it in X weeks/months" for quite some time ... and the previous person
pushing it got the same treatment ... I have VLAN patches going back to 2010
(22:40:40) mattock: there seems to be a small subset of users who make use of
the patches... those who can work on the code are just the tip of the iceberg I
(22:40:47) dazo: it's not a decent treatment of contributors, that's my bigger
(22:40:51) mattock: +1
(22:41:07) mattock: what if we assign the review to a milestone, and stick to
(22:41:19) mattock: if we NACK, then so be it
(22:41:24) cron2: well - before I risk a burn-out and my wife divoces me, I'll
have to live with that
(22:41:49) plaisthos: mattock: actually monday+wendesday for me
(22:42:01) mattock: cron2: that is a fair argument
(22:42:20) dazo: I don't say we will do this on top of everything else ... we
just need to re-prioritize, and give this priority now ... as it still have
some traction after all these years, and it deserves attention now
(22:42:26) mattock: plaisthos: ok, I will still create a doodle poll so that
everyone sees the situation
(22:42:44) mattock: "now" being soon I think
(22:42:52) mattock: say, openvpn 2.4.2 or so?
(22:42:57) dazo: even though there might be more important issues ... there
might be some we can postpone more easily for some weeks/months
(22:43:14) dazo: hmmmm
(22:43:19) cron2: a patch this big needs a few full days, which is a very
(22:43:30) dazo: agreed
(22:43:46) mattock: is splitting work feasible?
(22:44:02) mattock: or does one guy have to do all the patches?
(22:45:14) cron2: can't say how the patch set is organized right now, and I'm
not going to go out and look
(22:46:35) dazo: I've looked ... it does NOT look like we can split the patches
into two queues and review them separately ... too much dependencies on the
(22:47:18) mattock: so somebody will have to bear the brunt...
(22:47:22) cron2: mattock: it is very unlikely to go into 2.4.x - it's a big
and intrusive patch set (about the same level as my RGI6 stuff, which didn't go
(22:47:50) mattock: ok so 2.5
(22:47:50) dazo: After having looked quickly at it again, I must say I agree
... this is 2.5 material
(22:47:59) cron2: but it would be a nice addition to 2.5 "here's what is cool
new stuff in 2.5" :)
(22:48:05) dazo: :)
(22:48:30) dazo: Even though, it probably won't be the most used feature ... it
truly does have merits
(22:48:39) mattock: it might be _the_ feature in 2.5, if we stick to a tighter
(22:48:50) cron2: all our features have merits, and at some point, it just
(22:48:55) mattock: :D
(22:49:04) dazo: heh
(22:49:27) danhunsaker: So long as 2.5 isn't another several years, that seems
(22:49:51) cron2: that totally depends on available developer time and brains...
(22:49:53) dazo: I honestly think we should think of releasing 2.5 in no longer
than 6 months
(22:49:59) danhunsaker: But I can say there are multiple use cases I can think
of this moment alone for having VLAN support in OpenVPN itself.
(22:50:07) dazo: where we ship what we have in master
(22:50:08) cron2: dazo: no way
(22:50:49) cron2: we could aim for a year, and that would take some effort
(22:50:59) mattock: dazo: I agree with ~6 months
(22:51:12) dazo: we should try to have way smaller major releases
(22:51:17) mattock: cron2: it depend on how much stuff we put in there
(22:51:58) dazo: one or maximum 2 big new features pluss all bigger
improvements not added to release/2.x
(22:52:00) cron2: this does not make sense - the point of major release is "it
brings instability, so it needs to to settle down" - and someone actually need
to maintain the branch then for a while
(22:52:18) mattock: and the more stuff we put into a major release the more
unstable it will be
(22:52:24) dazo: +1
(22:52:29) danhunsaker: And the more maintenance it will require.
(22:52:32) dazo: +1
(22:52:44) cron2: the testing effort will be about the same no matter how often
(22:53:10) cron2: but hey, it's our free time. *I* am not going to invest into
the effort needed for a major release every 6 months
(22:53:19) dazo: that's fair enough
(22:53:23) selvanair: It may take 6 months for 2.4 to stabilize... So if the
idea is to have a cutting edge release (but unstable) and one stable one that
most should use, 6 mo makes sense..
(22:53:55) danhunsaker: That seems in line with distro reasoning...
(22:53:59) cron2: the aim was to have 2.4.0 a solid release with only minor
bugs left - so we could recommend that to users
(22:54:22) cron2: if we change that to "2.5.0 will be crap, but eventually it
can work for you", that's not a good message
(22:54:44) cron2: (and we succeeded for 2.4.0)
(22:54:55) selvanair: Me too prefer solid releases -- in fact 2.4.0 release
cycle was a bit a rushed tho it was in the making for years..
(22:54:56) mattock: one problem is that users will not really use a new release
until it is "stable"
(22:55:15) mattock: stable meaning something with a zero at the end
(22:55:30) mattock: many issues (real or not) cropped up only after 2.4.0 was
(22:55:56) dazo: we spent 3 years on v2.4 ... we spent 1 year on 2.2 and 2.3,
and the common opinion was that 2.4 should be released sooner than a year ...
instead we did it in half the time it took to go from 2.0 to 2.1
(22:56:36) ***cron2 never shared the opinion that 2.4 should be released
"sooner than a year"
(22:57:07) cron2: I have realistic expectations on the amount of brains and
free time we have, based on 5 years of experience with this - as should you
have, dazo and mattock
(22:57:17) dazo: I don't remember who said what 3-4 years ago ... but "release
less, release often" was what was said most of the time
(22:57:37) mattock: yes, that is the consensus
(22:57:48) mattock: 6 months is not the consensus
(22:57:59) mattock: but "more often" we can agree to I think
(22:59:29) selvanair: The problem is that if you aim for 1 year, it takes "pi"
years.. So aim for 6 mo and relase in 1 y may work :)
(22:59:32) dazo: yeah, 6mo was just a suggestion from me now ... being
realistic, we will not make that mark - but without a mark, it'll be 2-3 years
again ... as we had no clear marks for 2.4 until last autumn
(22:59:39) cron2: "once a year" is for someone who is not paid to do this still
quite a bit of effort - two months before release are tough, two months after
the release the dust needs to settle, then you actually need to get work done
for the next release...
(23:00:12) cron2: we had clear marks for 2.4 - "this set of features needs to
get in" :-) - that the features took two years more time was a bit unexpected
(23:00:21) mattock: cron2: do you think 2 months before 2.3.x release are tough?
(23:00:35) dazo: and then "oh, this feature too ... and this feature, and hey,
here's one more"
(23:00:37) mattock: my point being: the less feature the release has, the less
tough it is
(23:00:59) mattock: 2.4 was huge in every possible respect
(23:01:06) cron2: mattock: major release - 2.3.x maintenance releases are much
(23:01:24) cron2: you cannot compare 2.3.13->2.3.14 with 2.4->2.5.0
(23:01:28) mattock: exactly
(23:01:47) mattock: if we make major releases that have lesser
features/changes, then they will be more like 2.3.13 -> 2.3.14
(23:01:52) dazo: I also fully understand that it takes efforts to make this
roll ... I was one of the first one who had to step partially down as life got
quite rough on other fronts ... now I'm back again after quite some time, where
I now can focus more dedicated to OpenVPN
(23:01:52) cron2: no
(23:01:53) mattock: and will not be as tough to manage
(23:01:56) cron2: no
(23:02:09) mattock: they are just version numbers
(23:02:11) plaisthos: I have a rolling release for OpenVPN for Android
(23:02:11) cron2: if there is a huge and disruptive patch in, it will be as
(23:02:15) plaisthos: always based on master
(23:02:34) plaisthos: but the situation is different since updates are the
standard and not the exception
(23:02:51) mattock: and I could argue that if there are 5 disruptive patches in
it, it will be 5 times as tough
(23:02:58) cron2: no
(23:03:25) mattock: we are testing features/patches, right?
(23:03:35) cron2: the amount of testing required for 2.4.0 pretty much had
nothing to do with what exactly went in
(23:04:01) cron2: every single patch and feature gets tested at commit time,
but the release had alphas, betas, release candidates, extra buildbots, ...
(23:04:06) plaisthos: If I learned one thing, you never catch everything
(23:04:14) dazo: +1
(23:04:22) mattock: well there's a point: the release process itself is
(23:04:35) plaisthos: look at the number of times my users had a strange config
that broke things
(23:04:37) cron2: *that* is just a single day, and I'm sure it can be optimized
(23:05:05) mattock: anyways, let's not get stuck on the numbers like 6 months
(23:05:14) mattock: or 12
(23:05:15) cron2: anyway - right now our problem is not "make release more
often" but "actually get code written, reviewed, and *trac tickets fixed*"
(23:05:37) cron2: we can't only focus on the big things we'd like to have when
we neglect the small things
(23:05:57) dazo: I've spent 6 years in RH doing QA ... even with automated
tests, regression testing and rigorous ad-hoc testing, things still fell
through ... a kernel release goes through close to 8-900 test steps across a
vast majority of hardware, and still things slip through ... yes, things are
caught as well, but you never catch everything
(23:06:47) mattock: and this is why we need real people to use the code
(23:06:52) dazo: yes
(23:07:13) mattock: and for some reason people don't like to use stuff which
has a version number that says _git or _alpha2 or _rc1
(23:07:35) mattock: but we can try to make things easier for those who don't
care about safety that muchj
(23:07:49) plaisthos: there are even now people who don't use OpenVPN 2.4 since
it is a .0 release
(23:08:07) mattock: yeah
(23:08:23) cron2: anyway: this is another thing that is not working right here
- we spend way more time argueing details than actually fixing things. Now I
definitely need to go to bed, and my wife is annoyed because this took longer
(23:08:43) dazo: we could label some releases with a LTS tag .... which will be
supported longer than than other releases ... and drop all other releases not
bleeding edge or LTS
(23:09:23) mattock: let's continue this discussion later
(23:09:26) cron2: dazo: you always have wonderful ideas that work right for
projects with a large group of people behind, like "linux kernel" - just count
how many people do the work here
(23:09:33) cron2: like, who maintains release/2.3
(23:09:48) valdikss: >
(23:09:49) valdikss: [00:08] <cron2> [22:51:42] mattock: wrt #806 - is ilya
(23:09:51) valdikss: [00:08] <cron2> [22:52:28] that is certainly something for
him and maybe valdikss
(23:09:57) valdikss: this issue has been like forever
(23:10:01) mattock: oh, hi valdikss!
(23:10:14) dazo: I'm saying that perhaps release/2.3 should be the LTS .... and
2.5.0 should be the next LTS
(23:10:17) selvanair: Let's discuss this again some other time..
(23:10:21) mattock: yeah
(23:10:23) dazo: +1
(23:10:27) mattock: no need to get aroused for no reason
(23:10:46) mattock: I think the discussion was good even though we disagreed to
(23:10:46) cron2: given that 2.4 is important for windows, and 2.3 has no
iservice support, this sounds like a tremendously useless idea
(23:10:53) valdikss: mattock: hi. I'm always here with bouncer but not always
follow the conversation or even keep IRC client open.
(23:11:03) mattock: valdikss: ok, good to know
(23:11:26) mattock: hey let's cover topic #4 real quick
(23:11:34) mattock: Moving a few subprojects under the OpenVPN organization in
(23:11:55) mattock: debian packaging scripts + "windows buildslave"
(23:12:15) dazo: go ahead ... I think it makes sense
(23:12:15) mattock: it seems that people don't find those, if they're not under
OpenVPN/ in GitHub
(23:12:28) mattock: I think so too
(23:12:45) mattock: renaming might be in order, but I'll think about that a bit
(23:13:59) selvanair: What abt the windows test framework -- powershell
scripts? Is that available somewhere?
(23:14:08) mattock: yes, it is under OpenVPN/
(23:14:16) mattock: openvpn-windows-test I think
(23:14:58) mattock: if we get MSVC compiling to work then integrating the build
process to test process would be somewhat easier
(23:15:00) selvanair: oh, yes.. will take a look.
(23:15:32) selvanair: mingw can build under windows, isn't it?
(23:16:01) mattock: possibly, I have never tried it myself
(23:17:13) mattock: Windows building is not a high priority I think, because we
still want to have the official installers tested
(23:17:19) mattock: and those are cross-compiled anyways
(23:20:38) mattock: so loose integration of openvpn-windows-buildtest ->
chocolatey repo -> openvpn-windows-test (powershell scripts) is probably good
(23:21:00) mattock: plus allows bleeding-edge people to easily keep their
OpenVPN installations up-to-date
(23:21:03) mattock: on Windows
(23:21:20) mattock: anyways, I think we're done for today
(23:21:25) mattock: any objections?
(23:21:32) selvanair: None... :)
(23:21:35) mattock: :)
(23:21:55) selvanair: Looks like we are the only ones still standing..
(23:22:00) mattock: yeah
(23:22:19) mattock: I'm proofreading the summary and then I'll press send
(23:23:53) dazo: :)
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Openvpn-devel mailing list