20080116
This is the 14th meeting of the ServerTeam, starting at 21:00 UTC and finishing at 22:45 UTC
Agenda
Server Package Review status (ScottK)
- Review ACTION points from previous meeting.
Review each section of the ServerTeam/Roadmap.
- Agree on next meeting date and time.
Minutes
Review ACTION points from previous meeting
Most of the action points from the previous meeting have been done.
sommer contacted the apache maintainer in Debian regarding a default ssl configuration. No answer was received so far. mathiaz added that it may take a while.
nealmcb asked about the state of ebox for Hardy. soren didn't anything.
ACTION: soren will email the ebox project manager to get an update about ebox.
sommer stated that a section about JeOS has been added to the Server Guide. The content is based on the JeOS tutorial written by nijaba. However there may be some issues with the publisher.
ACTION: sommer will discuss with nijaba whether the JeOS tutorial can be included in the server guide wrt to the publisher requirements.
Review each section of the ServerTeam/Roadmap
ScottK talked about the state of the MIR writing process, which state can be tracked on the ServerReviewPackage wiki page [1]. Fabio wrote a lot of them. ScottK took care of amavisd is making good progress on the front. Most of the packages have a MIR written as of now. ScottK raised the issue that some of the packages were rejected by Fabio. This should be discussed on ubuntu-server before rejecting them.
[1]: https://wiki.ubuntu.com/ServerPackageReview
sommer asked whether you need to be a MOTU to write MIR. mathiaz answered that anyone can write MIR.
ACTION: mathiaz will talk to fabio about rejecting package from the MIR list.
soren said he would publish a post in his blog within the next days about the state of virtualization in Hardy. It should cover the host side and JeOS.
ACTION: soren will blog and post a mail to ubuntu-server about the current status of virtualization in Hardy.
zul stated that he got Xen mostly working on Hardy, based on patches from Suse. It's mostly packaged and sitting in NEW. He has to push out a kernel. mathiaz asked if his work was tracked somewhere. zul said no, but agreed to create a wiki page about it and add it the roadmap.
ACTION: zul will an item to the Roadmap about Xen integration in Hardy.
soren hasn't started to track LTS upgrade testing. He'll try to come up with a plan. He thinks tracking on per package basis is a good starting point. mathiaz added that writing a page about setting up a LTS upgrade test environment would help attract testers.
ACTION: soren will devise a plan for tracking upgrades testing.
jdstrand gave an update about the Ubuntu Firewall [2]. He has uploaded the first version to universe. He'd like to have more testing.
[2]: https://wiki.ubuntu.com/UbuntuFirewall
ACTION: jdstrand will send an email about ubuntu-firewall on ubuntu-devel and ubuntu-server.
sommer and nxvl offered to help for testing. sommer also mentioned that the firewall section of the Server Guide needs to be updated and reviewed. Documenting the usage of the new firewall tool would be welcomed. astabeno offered to help sommer with this.
ACTION: astabeno and sommer will take a look at ubuntu firewall while updating the firewall section of the server guide.
jdstrand also noted that the project has been renamed to Uncomplicated Firewall.
mathiaz stated that the current kernel should fully support AppArmor.
soren mentioned that he had a pretty good understanding about what needs to be done to integrate iscsi [3], mainly related to the installer. He hopes to get a lot of the coding done next week at the Sprint.
[3]: https://wiki.ubuntu.com/iSCSITarget+Initiator.
sommer gave a overview of the Documentation front: the Server Guide is being reviewed for Hardy and progress is made. Documentation freeze may be moved to allow for more qa time [4]. So if there are any more major sections that need updated/added it should be done before Feb 14th.
[4]: https://lists.ubuntu.com/archives/ubuntu-doc/2008-January/010149.html
sommer is thinking about adding sections related to eBox and OpenLikewise (Active Directory integration). An AppArmor section has been added, based on the content of the wiki page on help.ubuntu.com. mathiaz suggested to add a section about virtualization, based on the blog post from soren.
ACTION: sommer will add a section on virtualization based on soren's blog.
nealmcb requested feedback on the factoids related to ebox. mathiaz and soren stated it looked good.
ACTION: nealmcb will add an ebox item to the factoids.
Agree on next meeting date and time
Next meeting will be on Wednesday, January 23rd at 21:00 UTC in #ubuntu-meeting.
IRC LOGS
Started logging meeting in #ubuntu-meeting [21:02:02] <ajmitch> it being 10AM here, I can actually be online [21:02:23] <mathiaz> the agenda is small [21:02:24] <ScottK> We'll have to move the meeting then. [21:02:43] <zul> heh [21:02:59] <mathiaz> but I've updated the developper section in the Roadmap whith things we're working on [21:03:12] <mathiaz> so I suspect we might have a long status report [21:03:15] <ScottK> mathiaz: Who goes first? [21:03:45] <mathiaz> ScottK: you're agenda item should be reviewed in the developer section [21:03:51] <ScottK> OK. [21:04:07] <ScottK> Let me know when. [21:04:13] <mathiaz> ScottK: so let's start with the previous action review and then we'll move on with the MIR right after [21:04:38] <ScottK> OK [21:04:41] <mathiaz> [TOPIC] Review ACTION points from previous meeting. [21:04:58] <mathiaz> Last meeting logs: https://wiki.ubuntu.com/MeetingLogs/Server/20080108 [21:05:23] <mathiaz> bug 153996 has been published to -updates [21:05:24] <ubotu> Launchpad bug 153996 in db4.4 "libdb4.4 in gutsy breaks postgrey and subversion" [High,Fix released] https://launchpad.net/bugs/153996 [21:06:10] <mathiaz> sommer: did you get in touch with the apache debian maintainer wrt default ssl configuration ? [21:06:27] <nealmcb> mathiaz: glad to see that bug resolved - thanks! [21:06:45] <sommer> mathiaz: I beleive so I posted a debdiff to debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267477 [21:06:46] <ubotu> Debian bug 267477 in apache2 "ssl: some easy way to set up an ssl server (as apache-ssl package in apache 1)" [Important,Open] [21:07:09] <sommer> it's an old one, but it should have gone to the debian apache list [21:07:24] <sommer> haven't heard anything back though :( [21:07:32] <mathiaz> sommer: ok. [21:07:49] <sommer> was that the correct procedure or should I email one of them direct? [21:07:57] <mathiaz> sommer: it may take some time. [21:08:19] <mathiaz> sommer: I think that one of the maintainer started to work on this. It may take a while. [21:08:43] <sommer> mathiaz: gotcha, I'm not in any rush, just posted the patch to learn some packaging [21:08:45] <mathiaz> sommer: I think you've followed the correct procedure. [21:09:27] <sommer> that and documenting apache and SSL could change if the patch is accepted [21:09:40] <mathiaz> sommer: correct. [21:10:05] <sommer> anyway that action item is done, as far as possible [21:10:35] <mathiaz> sommer: great ! Thanks. [21:10:43] <sommer> np [21:11:07] <mathiaz> sommer: what about JeOS and the server guide ? [21:11:23] <sommer> committed to as a section in the guide [21:11:47] <mathiaz> sommer: cool :) [21:12:08] <sommer> one thing to note is that when Hardy is released, depending on the publisher the article may need to be removed like the wiki article [21:12:08] <mathiaz> so it seems that all the actions from last meeting have been done [21:12:24] <somerville32> \o/ [21:12:51] <nealmcb> we talked about ebox also [21:13:08] <mathiaz> sommer: I thought that the article would be used as a base for documenting JeOS. [21:13:39] <sommer> mathiaz: yep, but nijaba mentioned that the publisher didn't want the wiki article up while it was on their site as well [21:13:40] <mathiaz> nealmcb: yes. I haven't heard anything about upstream. [21:13:49] <mathiaz> soren: ^^ ? [21:14:04] <sommer> so I thought I'd mention about the web site [21:14:21] <sommer> probably not a big deal, though [21:14:28] <mathiaz> sommer: hum... I wouldn't put a link to the website article in the documentation. [21:14:29] <soren> Sorry, I got distracted. [21:14:41] <mathiaz> sommer: may be you should discuss this with the documentation team. [21:14:52] <soren> mathiaz: About the article? AFAIK, the publisher hasn't published the article yet. [21:15:05] <mathiaz> soren: ebox [21:15:11] <soren> ebox, right. [21:15:31] <soren> I tried (today) to get a hold of the project manager to see if he could stop by this meeting, but I didn't catch him. Sorry. [21:15:36] <mathiaz> nealmcb asked about an update on the ebox front last week [21:15:37] <jjesse_> sorry haven't been paying attention to the mtg :( [21:15:48] <soren> I'll send him an e-mail after this meeting asking for a status. I'll CC the mailing list. [21:16:15] <nealmcb> :-) [21:16:20] <mathiaz> [ACTION] soren will email the ebox project manager to get an update about ebox. [21:16:43] <nealmcb> I think getting them to come to a meeting would be even better than an update [21:16:48] <mathiaz> jjesse_: any comments on the JeOS tutorial integration with the server guide ? [21:16:53] * soren kicks himself for not following up on it [21:17:01] <soren> nealmcb: I'll ask for both. [21:17:05] <nealmcb> :-) [21:18:10] <mathiaz> sommer: I'm not sure that the JeOS tutorial could be used as a base for the server guide chapter [21:18:20] <mathiaz> sommer: If there are some issues with the publisher. [21:18:27] <jjesse_> mathiaz: i would agree with that [21:18:41] <sommer> mathiaz: okay, I'm trying to find the log [21:18:51] <jjesse_> silly question is the JeOS and server guide licensed under the same? [21:18:52] <sommer> mathiaz: should I remove it from the repo then? [21:18:59] <sommer> jjesse_: yep [21:19:23] <mathiaz> sommer: which license is it ? [21:19:36] <jjesse_> CC-BY-SA for a ubuntu docs [21:19:43] <sommer> mathiaz: from what I remember the issue was the wiki article, may be published and while it's published they didn't want the wiki article up [21:19:45] <jjesse_> all ubuntu-docs [21:19:57] <sommer> mathiaz: whatever the wiki is licensed under I assume [21:20:23] <sommer> once the article is off their site it is going to be replaced in the wiki [21:20:28] <mathiaz> considering that nijaba wrote the article, he is the best person to ask about htis [21:20:28] <sommer> if that makes sense [21:20:43] <nealmcb> sommer: doing that as a courtesy on the wiki is one thing. but I'm thinking the server guide is a bigger deal, don't want to withdraw it there. hopefully the timing won't overlap as mch [21:21:08] <mathiaz> sommer: could you figure out this issue with nijaba ? [21:21:13] <sommer> nealmcb: sure, and right now there isn't an issue because it's not on the we anywhere [21:21:16] <sommer> mathiaz: sure [21:21:36] <mathiaz> sommer: great thanks :) [21:21:37] <sommer> I just wanted to give a heads up that if the article is in the server guide eventually it will be on the site [21:21:55] <jjesse_> sommer: let me know if i can help on that [21:22:04] <sommer> jjesse_: sure will do [21:22:34] <mathiaz> [ACTION] sommer will discuss with nijaba whether the JeOS tutorial can be included in the server guide wrt to the publisher requirements. [21:23:08] <mathiaz> Anything else related to last meeting ? [21:23:59] * sommer thinks thats it [21:25:37] <mathiaz> allright then - let's move on [21:25:50] <mathiaz> [TOPIC] Review each section of the ServerTeam/Roadmap. [21:26:02] <ajmitch> and a nice big roadmap it is [21:26:12] <mathiaz> Let's start with the developer section as I've updated it with a list of current project we're working on. [21:26:27] <mathiaz> https://wiki.ubuntu.com/ServerTeam/Roadmap#head-1102ad06b7ddea90507e5e0bee07d48a27278f74 [21:26:44] <mathiaz> Let's start with the MIR process, as ScottK put it up on the agenda [21:26:57] <ScottK> https://wiki.ubuntu.com/ServerPackageReview [21:27:03] <ScottK> Is where the list is. [21:27:23] <ScottK> We've ~1 month to feature freeze, so if stuff is going to get in, people need to get cracking. [21:27:46] <ScottK> There was a lot of discussion for this at UDS, but not very many people have worked on it since. [21:28:23] <mathiaz> Fabio started to work on some MIRs. [21:28:23] <ScottK> Additionally, I think one developer ought not reject packages that the group thought were good at UDS. [21:28:27] <ScottK> Yes. [21:28:42] <ScottK> And I don't think he should unilterally mark some rejected. [21:28:46] <mathiaz> ScottK: do you have example of such rejection ? [21:28:56] <ScottK> mathiaz: See the wiki page ^^^ [21:29:09] <nealmcb> There has been a lot of calendar discussion recently, e.g. Darwin Calendar Server. Not yet packaged at all, so I guess that would be the first goal, but what is the calendar server story for main? [21:29:21] <soren> nealmcb: There is none. [21:29:23] <mathiaz> ScottK: yes. [21:29:43] <mathiaz> ScottK: Well - I think the rejection came from the MIR writting process. [21:29:54] <zul> wasnt there an announcement of open-xchange for ubuntu a week ago or something? [21:30:04] <ScottK> Was if Fabio that rejected them or ubuntu-mir? [21:30:09] <mathiaz> ScottK: There are critirias that are used to include package in main. [21:30:15] <ScottK> If it was ubuntu-mir, then I'm totally fine with it. [21:30:20] <mathiaz> ScottK: I think it was Fabio. [21:30:46] <mathiaz> ScottK: OTOH Fabio knows the environement very well. [21:30:49] <ScottK> It may be that someone felt strongly enough about some of these to pick up upstream maintenance. I don't know. [21:31:09] <ScottK> Yes, but we decided what went on the list as a team and ought to do the same with them coming off. [21:31:10] <mathiaz> ScottK: So I'd trust him when he states rejected. [21:31:23] <mathiaz> ScottK: yes. I see your point. [21:31:51] <ScottK> mathiaz: OK. My only knowlege of him is when he uploaded an unpatched openssl097 to partner, so I may not have a fair view of him. [21:31:53] <mathiaz> ScottK: so - what about sending an email to ubuntu-server to discuss the rejection [21:32:04] <ScottK> mathiaz: I think Fabio should do that. [21:32:23] <mathiaz> ScottK: He's been involved with Ubuntu since the very begining of the project. [21:32:30] <nxvl_work> fine, i did't miss all the meeting :D [21:32:43] <zul> ScottK: having worked with fabio alot I truse his judgement but yeah some discussion is probably needed [21:32:55] <ScottK> Then he shouldn't have any problem discussing this in a community forum. [21:33:14] <mathiaz> ScottK: yop. I'll ping him. [21:33:20] <nxvl_work> what are we talking about? [21:33:21] <ScottK> Great. [21:33:34] <ScottK> https://wiki.ubuntu.com/ServerPackageReview [21:33:58] <mathiaz> [ACTION] mathiaz will talk to fabio about rejecting package from the MIR list. [21:33:59] <ScottK> I will just mention that I ended up having the split amavisd-new. [21:34:40] <ScottK> I think that eventually we need to bring libmilter into Main so that we can have supported milters with Postfix, but it ought to be spec'ed. I plan to propose if for Hardy+1 [21:34:52] <ScottK> That's all I had. [21:34:59] <nealmcb> any thoughts on calendar options? [21:35:09] <sommer> can anyone do MIRs or do you need to be a MOTU? [21:35:13] <mathiaz> ScottK: great - thanks for your work on amavis [21:35:19] <ScottK> sommer: Anyone. [21:35:20] <mathiaz> sommer: anyone can do it. [21:35:38] <sommer> cool, just wanted to make sure [21:35:47] * ScottK wants some kind of gold star award for the 8 MIRs I had to do for depends. [21:35:49] <mathiaz> nealmcb: well - it seems there are multiple option. But it may too late to have something for Hardy [21:36:04] * sommer High Fives ScottK [21:36:05] <nealmcb> https://wiki.ubuntu.com/CalendarServer [21:36:12] <mathiaz> nealmcb: feature freeze is one month. [21:36:16] * nxvl_work gives ScottK a Gold Star sticker and put it in his head [21:36:20] <nxvl_work> :P [21:36:31] <ScottK> Thanks. [21:36:49] <ScottK> Not to mention getting infinity to fix an sbuild bug so one of them would build too.... [21:37:00] <nealmcb> mathiaz: yeah - I would put ebox much higher in the priority queue - but hoping someone with calendar passion wanders along [21:37:06] <mathiaz> nealmcb: that looks like an How-To [21:37:07] <ScottK> We can move on, I'm finished griping. [21:37:32] <nealmcb> mathiaz: right - I was told there was a request-to-package bug but it hasn't been added I think [21:37:44] <nealmcb> ScottK: :-) [21:38:10] <mathiaz> soren: can you give us a quick update about your work on virtualization on the host side ? [21:38:46] <soren> mathiaz: Er.. I'll blog about it later this evening or tomorrow morning. I can send it to the list as well, but I'm really not that keen on explaining everything twice, if that's ok with everyone? [21:39:02] <soren> Short version: It rocks. [21:39:06] <nxvl_work> +1 for me [21:39:39] <mathiaz> soren: WFM. Could you copy ubuntu-server ? [21:39:45] <zul> btw if anyone cares I have Xen mostly working on hardy [21:39:59] <soren> mathiaz: That was the "send it to the list as well" bit :) [21:40:00] * nealmcb cheers for zul [21:40:04] <ajmitch> zul: good [21:40:06] <soren> zul: Coolness. [21:40:48] <mathiaz> [ACTION] soren will blog and post a mail to ubuntu-server about the current status of virtualization in Hardy [21:41:09] <mathiaz> zul: what's the state of Xen ? [21:41:36] <zul> mathiaz: its mostly packaged and sitting in new i have to push out a kernel [21:42:10] <mathiaz> zul: are you tracking this in a wiki page somewhere ? [21:42:21] <zul> mathiaz: no but I could do that [21:42:39] <nxvl_work> zul: it will be better so anyone can help you [21:42:41] <mathiaz> zul: It could be usefull to put something on the Roadmap about this [21:42:43] <soren> zul: Will it be part of the kernel builds or will you have a separate source package that depends on linux-source-* and so on? [21:42:57] <nxvl_work> zul: so the ones who are interested on it, can easy know the state of it [21:43:00] <zul> soren: it will be apart of the kernel-builds [21:43:10] <zul> mathiaz: not a problem [21:43:44] <mathiaz> [ACTION] zul will an item to the Roadmap about Xen integration in Hardy [21:43:52] <soren> zul: A'ight. [21:43:59] <nealmcb> zul similar to the fedora approach? are they just doing paravirt? [21:44:34] <zul> nealmcb: no it was taken for suse the fedora approach is in a state of floax right now [21:45:01] <nealmcb> taken from suse? [21:45:28] <zul> nealmcb: dom0 is the suse patches for 2.6.24 [21:45:41] <nealmcb> got it [21:47:07] <mathiaz> soren: any news about JeOS ? [21:47:09] * nealmcb hates to see the ongoing churn in multiple ways of doing virtualization in the kernel [21:47:23] <mathiaz> soren: or will your blog post include an update about this also ? [21:47:30] <soren> mathiaz: Nothing that won't be in the aforementioned blog post. [21:47:38] <mathiaz> soren: kwel [21:48:01] <sommer> soren: are you on ubuntu planet? [21:48:03] <mathiaz> soren: what about LTS upgrades testing ? [21:48:55] <soren> mathiaz: Now that my virtualisation stuff is rocking, I'll begin testing all of that. So far, I've only fixed the things when I've stumbled upon them. I haven't been doing anything systematic about it yet. [21:49:08] <soren> I know that mvo is doing a lot of that as well, so I'll coordinate with him next week, I guess. [21:49:24] <mathiaz> soren: Yeah - he is doing a lot with this. [21:49:30] * sommer volenteers to help with that if needed [21:49:39] <sommer> help testing that is [21:49:53] <mathiaz> soren: IIRC the task is about tracking the state testing, rather than doing everything. [21:50:20] <mathiaz> soren: this is one way to get involved in the server team. [21:51:24] <soren> mathiaz: Well, that's true. [21:51:44] <mathiaz> soren: any ideas about organizing this ? [21:51:49] <soren> mathiaz: I'll devise a plan and try to make it easy to split up so that more people can help. [21:52:17] * nxvl_work volenteers to help testing [21:52:23] <mathiaz> soren: great. [21:52:37] <soren> mathiaz: I'm thinking wiki pages with list of packages and a list of issues that can arise (bad config upgrades, files moving from package to package without appropriate c/r/p's, etc.) [21:52:50] <mathiaz> [ACTION] soren will devise a plan for tracking upgrades testing. [21:53:04] * soren looks at his growing todo list and sobs [21:53:18] <soren> Oh, well. Sleep is for the weak. [21:53:34] <mathiaz> soren: yeah. I think that spliting by package is a good thing. [21:53:55] <mathiaz> soren: Documenting how to setup a upgrade testing environement would also help [21:53:59] <ajmitch> soren: 'delegate' [21:54:08] <nxvl_work> soren: i read there are researches on the development of a pill which substitutes de sleep time [21:54:09] <soren> ajmitch: That was the word I was looking for :) [21:54:16] <ajmitch> soren: minions? :) [21:54:27] * nealmcb lol [21:54:28] <soren> nxvl_work: I heard about a guy in Thailand who hasn't slept for 32 years. He's my hero. [21:54:53] <nxvl_work> give more caffeine i can sleep when i'm dead [21:54:56] <soren> nxvl_work: He tried pills and alcohol, but the closest he's gotten to sleep is light drowsiness. [21:54:59] <soren> I so need to learn that. [21:55:24] <mathiaz> jdstrand: how is the ubuntu firewall going ? [21:55:40] <jdstrand> pretty well [21:55:41] <somerville32> soren, I wonder if it is genetic [21:55:56] <jdstrand> I updated the wiki today with its status and what's implemented [21:56:08] <jdstrand> I also uploaded to archive today [21:56:10] <soren> jdstrand: I heard rumours something has been uploaded [21:56:12] <nxvl_work> jdstrand: can you pass the link please [21:56:17] <soren> jdstrand: Ooh, shiny. [21:56:32] <mathiaz> https://wiki.ubuntu.com/UbuntuFirewall [21:56:33] <jdstrand> https://wiki.ubuntu.com/UbuntuFirewall [21:56:40] <nxvl_work> thanks [21:56:46] <mathiaz> jdstrand: is there some documentation ? [21:56:59] <jdstrand> but there was a bug for mostly allow type firewalls that will be fixed in the next upload [21:57:14] <jdstrand> mathiaz: there is an excellent manpage as well as the README [21:57:15] * ajmitch sees a couple of roadmap items still unassigned [21:57:30] <soren> ajmitch: Yeah. We've saved them for you. [21:57:36] <soren> ajmitch: Get to work. [21:57:38] <soren> :p [21:57:40] <ajmitch> yay [21:57:43] * soren hugs ajmitch [21:57:51] * ajmitch looks for those pills & alcohol [21:58:02] <soren> You need to put them in reverse, though. [21:58:06] <soren> Hey, there's a thought. [21:58:16] <mathiaz> jdstrand: it seems that it's ready for more widespread usage [21:58:22] <mathiaz> jdstrand: or testing [21:58:25] <nealmcb> jdstrand: is this a new firewall tool? [21:58:27] <jdstrand> yes-- that was why I uploaded it [21:58:50] <jdstrand> nealmcb: yes. it came up at UDS to have a host-based firewall tool [21:59:04] <jdstrand> it is not disimiliar to what redhat offers at this point [21:59:36] <mathiaz> jdstrand: what's your plan for more widespread testing ? [21:59:43] <jdstrand> however, it is the foundation for future improvements like package integration and more advanced firewalling [21:59:50] <jdstrand> it will probably integrate with shorewall [21:59:55] <jdstrand> this is all post hardy [22:00:24] <jdstrand> mathiaz: I wanted to get that fixed package uploaded (which I have to wait for someone to get it into universe) [22:00:39] <jdstrand> then send an email to ubuntu-devel announcing it [22:00:56] <mathiaz> jdstrand: you should cc ubuntu-server [22:01:03] <jdstrand> ok [22:01:21] <sommer> I can help test and document, firewall section needs updated anyway [22:01:28] <mathiaz> jdstrand: also make sure that it will be mentioned in the release notes of the next alpha. [22:01:35] <mathiaz> jdstrand: even if it's still in universe. [22:01:59] <astabeno> sommer:I can help with that [22:02:01] <mathiaz> [ACTION jdstrand will send an email about ubuntu-firewall on ubuntu-devel and ubuntu-server [22:02:06] <jdstrand> mathiaz: should I mention it even though it will be in universe first? or should I be working on the MIR in parallel? [22:02:18] <sommer> astabeno: very cool [22:02:38] <jdstrand> thanks sommer [22:02:46] <soren> mathiaz: You missed the trailing ']'.. [22:02:57] <mathiaz> [ACTION] astabeno and sommer will take a look at ubuntu firewall while updating the firewall section of the server guide. [22:03:13] <mathiaz> [ACTION] jdstrand will send an email about ubuntu-firewall on ubuntu-devel and ubuntu-server [22:03:19] <mathiaz> soren: thanks :) [22:03:26] <nxvl_work> i will test the ufw [22:03:32] <nxvl_work> and try to help on developing [22:03:36] <mathiaz> jdstrand: I wouldn't start on the MIR yet. [22:04:29] <jdstrand> mathiaz: I figured-- I just wasn't sure about the Alpha part and not being in main, but that's cool [22:04:38] <mathiaz> jdstrand: I'd first get some testing done. Depending on how tings work, you could write a MIR a week before FeatureFreeze. [22:04:50] <ajmitch> that could be cutting it close [22:04:52] <nxvl_work> jdstrand: did i need to send you the patches by mail= [22:04:55] <mathiaz> jdstrand: I think the idea is to make some noise about it. [22:04:59] <ajmitch> unless you know the right people :) [22:05:07] <nealmcb> jdstrand: so it is actually called ufw, not ubuntu-firewall, right? the latter is the spec? [22:05:38] <mathiaz> nxvl_work: patches by mail is an option. The code is maintained in a bzr branch on LP. [22:05:44] <jdstrand> nxvl_work: it is bzr [22:05:53] <mathiaz> nxvl_work: so you could also branch on LP and submit it to jdstrand [22:06:02] <jdstrand> nealmcb: correct-- for Uncomplicated Firewall [22:06:08] <nealmcb> :-) [22:06:11] <nealmcb> the holy grail!! [22:06:26] <nxvl_work> jdstrand: but i can't upload them [22:06:27] <mathiaz> jdstrand: is this name already taken by a project ? [22:06:28] <jdstrand> nealmcb: we'll see [22:06:35] <nxvl_work> https://code.edge.launchpad.net/~jamie-strandboge/ufw/trunk [22:06:40] <jdstrand> mathiaz: none I could find [22:06:52] <nxvl_work> oh, on my own LP branch you mean, right [22:06:54] <emgent> @now [22:06:55] <ubotu> Current time in Etc/UTC: January 16 2008, 22:06:59 - Next meeting: Desktop Team Development in 15 hours 53 minutes [22:07:02] * nealmcb is worried about yet more firewalls, but agrees that something that ties into package metadata can be helpful [22:07:37] <jdstrand> nealmcb: I agree, and they are mostly too hard for the average user [22:08:14] <jdstrand> nealmcb: the goal is to have clear documentation and easy commands to do stuff, but still allow for admins to tweak to their hearts content [22:08:20] <mathiaz> keescook: how is security going in Hardy ? [22:10:48] <ajmitch> so secure he can't hear you? [22:11:04] <nealmcb> jdstrand: hopefully the united farm workers won't think this conflicts with their picket-line technology [22:11:09] <ajmitch> from what he blogged, there was certainly some good progress [22:11:32] <jdstrand> mathiaz: was there a particular feature? [22:11:59] <mathiaz> jdstrand: nope. Just to give an update about this things we've discussed at UDS. [22:12:24] <jdstrand> well I know he got alot of the kernel stuff in [22:12:29] <mathiaz> The list is on the Roadmap and it looks good. [22:12:43] <ajmitch> he just posted an update about ASLR yesterday (http://www.outflux.net/blog/archives/2008/01/15/full-aslr-in-hardy/) [22:12:49] <mathiaz> jdstrand: there is one item assigned to you [22:13:00] <jdstrand> ah yes [22:13:11] <mathiaz> jdstrand: tool to set password strength in auth-client-config [22:13:23] <jdstrand> haven't done it yet, but not hard to do [22:13:42] <mathiaz> jdstrand: ok. [22:13:59] <mathiaz> As for the apparmor integration, the next kernel upload should be fully working by default [22:14:34] <mathiaz> for now, you need to use an argument on the command line so that apparmor actually works. [22:15:24] <soren> Clever :) [22:16:05] <mathiaz> soren: did you have a look at iscsi ? [22:16:38] <soren> mathiaz: I did. I'm hoping to get a good deal of coding done on it next week at the sprint. I've got a pretty good idea about what needs doing, now I just need to do it. [22:17:16] <mathiaz> soren: does it involve a lot of coding ? [22:17:17] <nealmcb> sprint? [22:17:32] <soren> mathiaz: The installer stuff does. [22:17:38] <mathiaz> soren: I thought the packages were in good shape. [22:17:44] <mathiaz> soren: ah yes. [22:17:48] <soren> mathiaz: WEll, for reasonable values of "a lot". [22:17:53] <ajmitch> nealmcb: I believe it's the developers sprint, for canonical people [22:18:12] <nealmcb> stroke! stroke! stroke! [22:18:18] <ajmitch> ? [22:18:19] <soren> nealmcb: Distro team sprint. It's on the HardyReleaseSchedule page on the wiki. [22:18:35] <mathiaz> nealmcb: yes. [22:19:00] <ajmitch> nealmcb: lots of top secret plotting, I'm sure :) [22:19:22] <keescook> mathiaz: sorry for the delay (fighting with LVM). security is mostly okay, we have a few things outstanding, pending syncs from Debian [22:20:12] <keescook> mathiaz: AA should be working 100% with -4.7 (which is the currently published release) [22:20:25] <mathiaz> keescook: so what we wanted to do for hardy is almost done. [22:20:29] <mathiaz> keescook: ? [22:20:43] <keescook> mathiaz: yes, very close. [22:20:57] <keescook> I'm going to send out some details about how to use the new "hardening-wrapper" package too [22:21:05] <mathiaz> keescook: great ! I've put the list of things to do in the Roadmap on w.ubuntu.com [22:21:21] <keescook> excellent [22:21:27] <mathiaz> keescook: could you make sure they're included in the release notes for the next alpha ? [22:22:06] <keescook> mathiaz: sure, I can do that. ("AppArmor works again" ?) :P [22:22:29] <mathiaz> keescook: I was more talking about the other security features that were integrated. [22:22:42] <keescook> mathiaz: sure, no problemo. :) [22:22:51] <mathiaz> keescook: and the 'hardening-wrapper' package. [22:23:06] <mathiaz> keescook: is this a real package ? [22:23:47] <keescook> it's real in that it is a package, however it's a massive hack for testing hardening compiler options [22:24:12] <keescook> the goal is to test builds in hardy with the hope of turning it on for real in hardy+1 [22:24:31] <mathiaz> keescook: ah ok. That the work related to the tool chain. [22:25:10] <mathiaz> Well - I think we're done for the Developper section. [22:25:19] <mathiaz> sommer: quick update about the documentation ? [22:25:24] <keescook> yeah, or rather the build process. it's a preamble to the DEB_BUILD* flag work that doko is doing [22:25:26] <sommer> mathiaz: sure [22:25:31] <sommer> couple of quick things [22:25:41] * ScottK has to run, so I'll see you all later. [22:25:50] <nealmcb> factoid feedback? => ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management, unlike webmin. See the plans for Hardy in https://wiki.ubuntu.com/EboxSpec [22:25:50] <sommer> it's been proposed to move up the documentation freeze to allow for more qa time [22:25:53] * mathiaz waves at ScottK [22:26:07] <sommer> here's the oringal message: https://lists.ubuntu.com/archives/ubuntu-doc/2008-January/010149.html [22:26:39] <sommer> so if there are any more major sections that need updated/added I'd like to get them done before Feb 14th [22:26:58] <mathiaz> sommer: do you have some ideas about improvements ? [22:27:26] <sommer> the only ones I can think of that are coming up are eBox and OpenLikewise integration [22:27:48] <sommer> from this meeting the Firewall section [22:27:53] <mathiaz> sommer: how is the state of the current section ? [22:28:02] <soren> sommer: eBox has a wealth of documentation of its own. [22:28:23] <sommer> soren: sure, but should we have something about how it's integrated? [22:28:41] <sommer> mathiaz: the firewall section is okay, mostly an intro to iptables [22:28:44] <soren> sommer: Ah. No. [22:29:08] * doko should file a bug for debian such that the package doesn't enter testing ... [22:29:20] <sommer> soren: Is it going to be marketed as a feature for Hardy? [22:29:47] <soren> sommer: eBox? Depends on how far it gets. [22:30:05] <nealmcb> my fear is that the longer the leadtimes, the less likely that the documentation will be complete and accurate, but I know it is hard either way [22:30:13] <sommer> soren: ah, okay [22:30:25] <mathiaz> sommer: we may wanna wait for the status update of upstream [22:31:01] <sommer> mathiaz: sure, I just wanted to get a list of possible new sections. to allow for the most testing possible [22:31:46] <sommer> I'm just thinking about the Enterprise Networking articles complaining about new features not being well documented :-) [22:32:26] <mathiaz> sommer: Good point. [22:32:51] <sommer> mathiaz: I also added an AppArmor section a while back based mostly on your wiki article... would appreciate a review if you have the time [22:33:03] <mathiaz> sommer: I'd focus one things that have already been uploaded and integrated, such as virtualization, appamor, security features and ubuntu firewall. [22:33:41] <sommer> mathiaz: gotcha, virtualization isn't covered (except for JeOS) [22:33:51] <sommer> O [22:34:09] <sommer> I'll work on a virtualization section and try to solicite some help on the doc ml [22:34:16] <mathiaz> sommer: yeah - It may be worth adding a section about it, based on the blog post from soren. [22:34:27] <soren> I was just about to say that :) [22:34:52] <mathiaz> [ACTION] sommer will add a section on virtualization based on soren's blog. [22:35:25] <sommer> cool, other than that everything is coming along, just need to test commands and configs for accuracy [22:35:34] <sommer> or however you spell that [22:35:54] <soren> Looks right to me. [22:36:10] <mathiaz> sommer: great ! seems like the server guide is in good shape for hardy. :) [22:37:02] <mathiaz> I think we've covered a lot of stuff for today's meeting. [22:37:12] <mathiaz> Anything else to add ? [22:37:14] <nealmcb> factoid feedback? => ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management, unlike webmin. See the plans for Hardy in https://wiki.ubuntu.com/EboxSpec [22:37:33] <mathiaz> nealmcb: I wouldn't mention webmin. [22:37:44] <nealmcb> well that is what folks search on I'd guess [22:37:57] <nealmcb> or we could update the webmin factoid to point to ebox [22:37:59] <nealmcb> !webmin [22:37:59] <ubotu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system - Consider "ebox" instead [22:38:06] <nealmcb> done :-) [22:38:14] <nealmcb> but make it "!ebox" [22:38:46] <mathiaz> seems good to me. [22:38:53] <nealmcb> soren? [22:38:59] <mathiaz> you may wanna post it to ubuntu-server, to get more feedback. [22:39:14] <soren> I'm ok with it. [22:40:02] <nealmcb> mathiaz: I already did [22:40:08] <nealmcb> and got none [22:40:20] <mathiaz> nealmcb: ok. then go ahead and add it to ubotuy [22:40:25] <nealmcb> will do [22:40:35] <mathiaz> [ACTION] nealmcb will add an ebox item to the factoids. [22:40:41] <mathiaz> Any other business ? [22:41:12] <sommer> mathiaz: I found the log about the JeOS article: http://irclogs.ubuntu.com/2007/12/18/%23ubuntu-meeting.html [22:41:18] <sommer> just fyi [22:41:55] * sommer looking forward to Hardy [22:41:57] <mathiaz> sommer: ok. thanks. [22:42:12] <mathiaz> [TOPIC] Agree on next meeting date and time [22:44:10] <sommer> same time, same place? [22:44:20] <nealmcb> yup [22:44:27] <mathiaz> I guess so. [22:44:41] <ajmitch> seems to be a lack of arguments against it [22:44:55] <mathiaz> Next week, same time, same place. [22:45:06] <mathiaz> Thank all for your participation :) [22:45:21] <soren> \o/ [22:45:30] <sommer> thank you mathiaz, later all [22:45:44] <mathiaz> #endmeeting Meeting ended.
MeetingLogs/Server/20080116 (last edited 2008-08-06 16:24:22 by localhost)