20080722

Revision 1 as of 2008-07-23 17:13:56

Clear message

Agenda

Items we will be discussing:

  • Review ACTION points from previous meeting.
  • Review progress made on the specification listed on the [:ServerTeam/Roadmap: Roadmap].

  • [https://wiki.ubuntu.com/EasyGuiApacheSetup Rapache] presentation and discussion.

  • Open Discussion.
  • Agree on next meeting date and time.

Minutes

Agree on next meeting date and time

Next meeting will be on Tuesday, July 29th at 15:00 UTC in #ubuntu-meeting.

Log

{{{[16:01] <mathiaz> #startmeeting [16:01] <MootBot> Meeting started at 10:04. The chair is mathiaz. [16:01] <MootBot> Commands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE] [16:02] <mathiaz> Today's agenda: https://wiki.ubuntu.com/ServerTeam/Meeting [16:02] <mathiaz> The previous meeting minutes: https://wiki.ubuntu.com/MeetingLogs/Server/20080715 [16:02] <mathiaz> [TOPIC] Add 'status' action to server init scripts [16:02] <MootBot> New Topic: Add 'status' action to server init scripts [16:03] <mathiaz> kirkland: ^ ? [16:03] <kirkland> mathiaz: howdy, yessir [16:03] <mathiaz> kirkland: I've noticed you've generated a first list of init scripts [16:03] <kirkland> mathiaz: Right, so Debian has accepted, in toto, the status_of_proc() functionality, and we've merged the updated lsb-base package into Intrepid [16:03] <mathiaz> kirkland: however this list should be trimmed as some ot them don't need to have status action added to them [16:04] <kirkland> mathiaz: and I did generate a rough list of init scripts, as found in default installs of Intrepid server/ubuntu-desktop/kubuntu/xubuntu [16:04] <kirkland> mathiaz: that's absolutely true. i'm hoping we can leverage the nature of the wiki to make that happen. [16:04] <kirkland> mathiaz: i'd encourage people to add/remove scripts to/from that page, as they review it [16:04] <ScottK2> mathiaz: I have to go to a meeting very shortly. I'd appreciate just a minute or two early in the meeting before I have to go. [16:04] <kirkland> https://wiki.ubuntu.com/InitScriptStatusActions [16:05] <mathiaz> kirkland: I'd filter the list and reduce it to the package that have a daemon running so that the status_of_proc can be used in there [16:05] <kirkland> mathiaz: I'd like to see links to bug numbers, if and when people work on those [16:05] <mathiaz> ScottK2: go ahead [16:05] <ScottK2> Thanks [16:05] <kirkland> mathiaz: cool, would you do the first pass of filtering, then? [16:05] <ScottK2> A lot of people said they wanted clamav/spamassassin in Main. [16:06] <mathiaz> kirkland: I'll find someone to do it - I've got a couple of mentoring requests [16:06] <ScottK2> Looking at https://wiki.ubuntu.com/ClamavSpamassassinInMain, it's been sommer and I so far doing the work. [16:06] * ScottK2 does not have time to do all these MIR due to $WORK, so this is a call (again) for people who want this to invest some time in it. [16:06] <ScottK2> MIR are not that hard to do and I'll be glad to answer questions/review stuff. [16:07] <ScottK2> mathiaz: That's it. [16:07] <mathiaz> ScottK2: ok - great ! [16:07] <mathiaz> [ACTION] mathiaz to ask prospective mentors to trim down the list of init scripts. [16:07] <MootBot> ACTION received: mathiaz to ask prospective mentors to trim down the list of init scripts. [16:07] <ivoks> ok, i'll help, but don't expect miracles... me does the $WORK too Big Grin :) [16:08] <sommer> and I should have more time this week/weekend for some mir action [16:08] <mathiaz> ivoks: are you refering to MIR or status init script ? [16:08] <ivoks> MIR [16:08] <mathiaz> ivoks: ok. [16:08] <mathiaz> I'll mention the MIR in the minutes again [16:08] <mathiaz> [TOPIC] Integration of SASL and Postfix [16:09] <MootBot> New Topic: Integration of SASL and Postfix [16:09] <mathiaz> ivoks: did you have time to discuss the issues with lamont ? [16:09] <ivoks> i've sent an email, but didn't get response [16:09] <lamont> mathiaz: I expect he has, I haven't had time... [16:09] <ScottK2> ivoks: Thanks. [16:09] <mathiaz> ivoks: lamont ok - great [16:10] <mathiaz> That's all from the last meeting - anyone wants to add something ? [16:10] <lamont> ivoks: I expect I'll have time tomorrow evening or so to at least look at thing [16:10] <lamont> s [16:10] <ivoks> lamont: ok [16:11] <mathiaz> emgent: around ? [16:11] <tacone> mathiaz: no [16:11] <tacone> I am here to talk in his place. [16:11] <mathiaz> tacone: are you here for rapache ? [16:11] <tacone> he will try to get here later if he can [16:11] <mathiaz> [TOPIC] Rapache presentation and discussion [16:11] <MootBot> New Topic: Rapache presentation and discussion [16:11] <tacone> omg, already, ok [16:11] <mathiaz> tacone: we can postpone if you want [16:11] <tacone> no no:) [16:11] <tacone> after the UDS emgent came back and told me that [16:12] <tacone> people felt the need to have more server-related GUIs [16:12] <tacone> from that born rapache. [16:12] <tacone> Rapache is an Apache configurator gui [16:13] <tacone> I am unsure about the scope of it. If it falls in ubuntu-server or not, because is a desktop application. [16:13] <tacone> our goal is to lower the entry barrier for former windows system administrators used to configure IIS with a program [16:14] <mathiaz> tacone: does it support administrating remote servers ? [16:14] <mathiaz> tacone: it seems that it's requires a desktop environment to run it [16:14] <tacone> mathiaz: currently NOT. that's in the road map as a very high priority [16:14] <tacone> that's a nice point, let me elaborate [16:14] <mathiaz> tacone: screen shots somewhere ? [16:14] <tacone> LOL [16:14] <tacone> too fast Smile :) [16:14] <emgent> hello [16:15] <mathiaz> tacone: I don't see any on the rapache website [16:15] <mathiaz> http://www.rapache.org/ [16:15] <tacone> http://www.stefanoforenza.com/blog/wp-content/uploads/2008/07/rapache-main.png [16:15] <tacone> http://www.stefanoforenza.com/blog/wp-content/uploads/2008/07/rapache-edit-window.png [16:15] <tacone> http://www.stefanoforenza.com/blog/wp-content/uploads/2008/07/rapache-modules.png [16:15] <emgent> [LINK] https://launchpad.net/rapache [16:15] <tacone> http://www.stefanoforenza.com/blog/wp-content/uploads/2008/07/rapache-syntax-highlightining.png [16:15] <tacone> I am not sure also how much time I have to talk here, so feel free to stop or warm at any time [16:16] <tacone> we put together a blueprint: https://wiki.ubuntu.com/EasyGuiApacheSetup [16:16] <mathiaz> tacone: ok [16:16] <tacone> Supporting remote servers: that's in the roadmap but not trivial [16:17] <ivoks> does augeas support remote configuration? [16:17] <tacone> so we just started on localhost [16:17] <emgent> true, anyway 0.5. version is available on rapache-devel PPA [16:17] <ivoks> if yes, then moving to augeas would solve that problem Smile :) [16:17] <tacone> ivoks: not on my knowledge [16:17] <mathiaz> tacone: ok - great - I guess most of us are server people - so we're more interested in non-GUI environment [16:17] <tacone> we thought about augeas but we'd like to see how things develop with it. [16:17] <mathiaz> ivoks: not that know of [16:17] <emgent> https://launchpad.net/~rapache-devel/+archive [16:17] <soren> I think Func is meant to add remoteness to augeas. I'm not sure, though. [16:18] <mathiaz> tacone: ok - seems like a good start - you'd probably need to update the wiki page [16:18] <tacone> mathiaz: actually I am not sure were to talk about rapache. in ubuntu-server, ubuntu-desktop, lol [16:18] <tacone> mathiaz: we have too much stuff around, it's falling outdated Smile :-) [16:18] <mathiaz> tacone: it seems that this is a case where you can discuss on both channels [16:18] <mathiaz> tacone: probably ubuntu-server is a good place to start with [16:18] <tacone> mathiaz: we're starting with ubuntu-server Smile :) [16:19] <ivoks> right, we'll help on backend Smile :) [16:19] <mathiaz> tacone: that's where you'll find most of your users [16:19] <tacone> nice. [16:19] <tacone> well rapache won't require sysadmin to install anything on remote servers [16:19] <mathiaz> anything else on rapache ? [16:19] <tacone> but an ssh certificate, I think that could be quite valuable [16:20] <tacone> as not every sysadmin wants to have estraneous programs on their machine [16:20] <tacone> I guess we're done for now, unless you have more questions [16:20] <mathiaz> tacone: not for me [16:20] <tacone> emgent: around ? anything other to say ? [16:21] <mathiaz> tacone: thanks for you presentation ! keep up the good work [16:21] <tacone> as the last thing one question from me [16:21] <tacone> where should we continue the discussion ? shall we talk with ubuntu-desktop people ? [16:22] <mathiaz> tacone: I think #ubuntu-server is the best place to keep discussing [16:22] <mathiaz> tacone: that's where you'll find most of your end-users [16:22] <tacone> nice, you'll see us there often then Smile :) [16:22] <mathiaz> let's move on [16:22] <tacone> thank you very much everyone for listening. [16:22] <mathiaz> tacone: you're welcome Smile :) [16:22] <mathiaz> [TOPIC] Review progress made on the specification listed on the Roadmap. [16:23] <Moot2> New Topic: Review progress made on the specification listed on the Roadmap. [16:23] <mathiaz> Our roadmap: https://wiki.ubuntu.com/ServerTeam/Roadmap [16:23] <mathiaz> [TOPIC] Review ServerGuide for Intrepid [16:24] <mathiaz> sommer: what's going on this front ? [16:24] <sommer> mathiaz: good, almost have Kerberos wrapped up [16:24] <Moot2> New Topic: Review ServerGuide for Intrepid [16:24] <mathiaz> sommer: anything that could be reviewed/tested ? [16:24] <mathiaz> sommer: I hadn't had time to look into the bzr changes [16:24] <sommer> samba stuff, definitely needs some review [16:25] <mathiaz> sommer: it's still on my todo list [16:25] <mathiaz> sommer: ok [16:25] <sommer> mathiaz: cool, there's still time [16:26] <mathiaz> [TOPIC] Ubuntu VM builder [16:26] <Moot2> New Topic: Ubuntu VM builder [16:26] <mathiaz> soren: ^ ? [16:26] <soren> Ah, yes. [16:26] <soren> I'm working on a complete rewrite in Python. [16:27] <soren> This is mainly to be able to use it as more of a library (to be able to embed it in various things). [16:27] <soren> Another side effect is that we can add lots more logic to it. [16:27] <soren> Of course, we could have done that in bash too, but it's loads easier in Python. [16:28] <ivoks> and more cool [16:28] <soren> It's shaping up rahter nicely, but I'm adding Xen support to it, and that involves changing some core things about the disk handling stuff. [16:28] <mathiaz> soren: is there anything ready for more widespread consumption/testing ? [16:29] <soren> People are very welcome to grab the code off of launchpad and play around with it. It should be able to build dapper, feisty, gutsy, hardy, and intrepid, kvm VM's. [16:29] <soren> ...everything else will be added over the next couple of weeks. === Moot2 is now known as MootBot [16:29] <mathiaz> soren: is there a package in intrepid and/or hardy ? [16:29] <mathiaz> soren: some documentation somewhere ? [16:30] <soren> Not right now, no. [16:30] <soren> I'll probably upload it to Intrepid as a new package, and then yank the old one out when they're on par. [16:31] <macd> Am I too late for server? [16:31] <mathiaz> soren: ok - once there is some basic documentation written, testing by other can start [16:31] <soren> The cli is rather self-documenting, I think. [16:31] <mathiaz> macd: not really - we're just hald-way through [16:31] <soren> Documentation contributions are also very, very welcome Smile :) [16:32] <macd> mathiaz, great I just want to hit on the ruby stuff going on at the end if thats ok [16:32] <mathiaz> soren: at least a README file or Getting started even if it's 10 lines [16:32] <soren> Good point. [16:32] <mathiaz> macd: ok - I'll add a point to the agenda [16:32] <macd> ty [16:32] <soren> I'll whip something up. [16:33] <mathiaz> soren: just so that people can get started with it and play around [16:33] <soren> Right. [16:34] <mathiaz> [ACTION] soren to write a short README file to help people get started with ubuntu-vm-builder [16:34] <MootBot> ACTION received: soren to write a short README file to help people get started with ubuntu-vm-builder [16:34] <mathiaz> [TOPIC] Migrate openldap configuration to cn=config [16:34] <MootBot> New Topic: Migrate openldap configuration to cn=config [16:34] <mathiaz> I' [16:34] <soren> You' [16:34] <soren> :p [16:34] <mathiaz> I worked on that during last week [16:35] <mathiaz> I got a patch that supports new install and upgrade and sent it to the debian maintainers [16:35] <mathiaz> I'm waiting for feedback on it [16:36] <mathiaz> Once it's there, it should be easier to implement things like schema/module loading [16:36] <mathiaz> I may look into FreeIPA [16:36] <mathiaz> to see if we can get something in ubuntu [16:37] <mathiaz> [TOPIC] Boot Support for Degraded RAID [16:37] <MootBot> New Topic: Boot Support for Degraded RAID [16:37] <mathiaz> kirkland: ? [16:37] <kirkland> mathiaz: I have a test that works on KVMs [16:37] <kirkland> mathiaz: s/test/patch/ [16:38] <kirkland> mathiaz: i'm going to test on real hardware, now that I'm back home, and submit [16:38] <kirkland> mathiaz: there's more to be done in the installer [16:38] <mathiaz> kirkland: do you know to whom it should be submit for review ? [16:39] <kirkland> mathiaz: kees said kees -> cjwatson -> evand [16:39] <kirkland> mathiaz: the first in the series of patches is relatively minor [16:39] <kirkland> mathiaz: i'll attach it to the bug today, assuming the real-hw test goes as expected. [16:40] <mathiaz> kirkland: ok. Is it worth asking for more testing now ? [16:40] <mathiaz> kirkland: or we'd better wait for the inclusion in intrepid ? [16:40] <kirkland> mathiaz: well, i have a pkg in my PPA [16:40] <kirkland> mathiaz: i'm certainly open to any feedback on that (mdadm) [16:40] <mathiaz> kirkland: what is required to do testing ? [16:40] <kirkland> mathiaz: huah... well, in KVM it's extraordinarily complicated [16:41] <soren> why? [16:41] <kirkland> mathiaz: unless soren has some magic to make that easier [16:41] <mathiaz> kirkland: let's assume on real hw then [16:41] <kirkland> mathiaz: really hardware, you just need 2 physical disks (can be flash media > 1GB) [16:41] <kirkland> soren: i'm open to advice as to providing a new KVM machine to-be-installed with 2 physical disks from the start [16:42] <kirkland> soren: at least through virt-manager, that's not easy [16:42] <kirkland> soren: so for my testing, i've been doing an install with 1 machine, raiding two partitions on the same disk together [16:42] <soren> kirkland: Well, it's a GUI, so there's a lot of clicking to do anything.. Smile :) Is it more difficult than expected? [16:42] <kirkland> soren: then after install, adding another physical disk to the VM, and then to the RAID [16:42] <kirkland> soren: and then, I have a setup I can work with [16:43] <mathiaz> kirkland: so you'd install intrepid on a two-disk system that boots from a raid array on /, install your ppa adm package, poweroff, remove one disk, power on and it should still be booting ? [16:43] <soren> Huh? [16:43] <soren> Oh, because you can't add two disks to begin with? [16:43] <kirkland> mathiaz: yes assuming you have either a) edited the config file to tell it to do so, or b) pass it the appropriate kernel option [16:43] <soren> I highly recommend not using virt-manager for the initial install then. Smile :) [16:43] <kirkland> soren: right... i'd like to start off an install with two .img disks [16:44] <mathiaz> soren: kirkland: could you figure out a way to simplify the testing instructions using KVM ? [16:44] <kirkland> mathiaz: the default behavior should be as it always has... on missing disk, drop to initramfs prompt [16:44] <stgraber> kvm -hda blah.img -hdb blah1.img -m 512 -cdrom ubuntu-server.iso [16:44] <mathiaz> kirkland: could you add some testing instructions to the wiki page ? [16:44] <kirkland> mathiaz: sure [16:45] <mathiaz> kirkland: great [16:45] <kirkland> mathiaz: i'm actually a little slammed at the moment [16:45] <kirkland> mathiaz: but I'll see what I can do [16:45] <mathiaz> [ACTION] kirkland to update the wiki page BootDegradedRaid with some testing instructions [16:45] <MootBot> ACTION received: kirkland to update the wiki page BootDegradedRaid with some testing instructions [16:46] <kirkland> stgraber: thanks, i'll run with that [16:46] <soren> qemu-img create disk1.img 5G && qemu-img create disk2.img && kvm -drive file=disk1.img,if=ide,index=0 -drive file=disk2,fi=ide,index=1 -drive file=intrepid.iso,if=ide,media=cdrom -boot d [16:46] <mathiaz> kirkland: well it may not be the best moment then [16:46] <soren> Whoops. [16:46] <soren> That wasn't supposed to go here Smile :) [16:46] <mathiaz> kirkland: I'm interested in figuring out how to test this thing [16:46] <kirkland> soren: that's your login passphrase, right? [16:46] <kirkland> :-P [16:46] <mathiaz> kirkland: and document it [16:46] <kirkland> mathiaz: okay [16:47] <soren> kirkland: sssh... don't tell anyone. [16:47] <soren> Smile :) [16:47] <ivoks> what? where? [16:47] <ivoks> Smile :) [16:47] <sommer> hah [16:48] <mathiaz> [TOPIC] RAILS integration [16:48] <MootBot> New Topic: RAILS integration [16:48] <mathiaz> macd: / [16:48] <mathiaz> macd: ? [16:48] <macd> yes [16:48] <macd> sorry, was on another screen [16:48] <macd> First off, mod_rails is packaged, mathiaz looked at it, we'll be making those changes as soon as Neil (the packager) gets back form vac. [16:49] <macd> mathiaz, we need some notes on REVU/LPP bug for that [16:49] <mathiaz> macd: right - I've sent my notes to neil as I wasn't able to login in REVU :/ [16:49] <macd> and if we could get a few other people looking at it for some more acks, we can be done with that [16:49] <macd> mathiaz, your not the only one I cant either [16:50] <macd> Weve been talking with the debian packager for ruby/rubygems though its becoming a heated discussion [16:50] <mathiaz> macd: yes - are these discussions public ? [16:50] <macd> Hes not a rails user at all so he dosnt really understand the paths for gems [16:50] <macd> yes on bug #145267 [16:50] <ubottu> Launchpad bug 145267 in libgems-ruby "Add rubygems bin to PATH" [Low,Confirmed] https://launchpad.net/bugs/145267 [16:51] <mathiaz> macd: right - gems are problematic from the distribution POV [16:51] <macd> are they ever :/ [16:52] <macd> In my mind the decision just needs to be made, either we rip gems from universe, and rails people install from source (which most do) or fix it to behave [16:52] <mathiaz> macd: IIUC there a some similar issue with python eggs [16:53] <soren> gems to Ruby what Pear is to PHP, right? [16:53] <mathiaz> soren: IIUC - yes [16:53] <soren> Ok. [16:53] <macd> Neil and I have been talking about fixing gems, and having something like apt-build build gems as they become updated [16:53] <macd> soren, yes, pretty much [16:53] <mathiaz> macd: and CPAN for perl [16:53] <soren> macd: So it downloads some source code, builds it and installs it somewhere, right? [16:54] <macd> soren, yep [16:54] <macd> the problem being the debian gems, and the surce installed gems dont end up in the same place [16:54] <mathiaz> macd: it's a general issue with scripting langages - it may be interesting to look at what other langages are doing [16:54] <soren> Well, depending on how they designed it, it could be either really easy to shove the compiled stuff somewhere under /var or it could be really, really difficult. Smile :) [16:55] <macd> soren, I almost suggested the whole thing just be one package in /opt ;P [16:55] * soren cringes [16:55] <ivoks> apt-gem? [16:55] <macd> ivoks, thats a long term idea for sure [16:55] * soren wacks ivoks [16:55] <macd> but I dont see that being in intrepid ;'P [16:56] <macd> Does anyone have any other ideas? [16:56] <soren> It's hard to say without knowing more about gems. [16:56] <macd> Im about out, short of what I mentioned above with just ripping gems out for now [16:56] <macd> soren, you can look at that bug I posted with gems, and it covers it very well [16:57] <soren> Why is it a problem that ruby "things" from apt get installed in a different place than the ones isntalled by gems? [16:57] <macd> Its seriously just a path [16:57] <mathiaz> macd: https://bugs.launchpad.net/ubuntu/+source/libgems-ruby/+bug/145267 ? [16:57] <ubottu> Launchpad bug 145267 in libgems-ruby "Add rubygems bin to PATH" [Low,Confirmed] [16:57] <macd> soren, the rails app looks in a specific place [16:57] <macd> soren, and there is no way short of creating symlinks that it can look somewhere else [16:57] <soren> macd: So add another place to look? [16:57] <macd> soren, rails isnt capable of looking in more than one place [16:57] <ivoks> jesus... [16:57] <macd> thats the caveat that the gems maintainer doesnt seem to grab either [16:58] <soren> Fix it. [16:58] <Koon> macd: I suppose it could be patched to do it [16:58] <soren> Smile :) [16:58] <macd> I bet it could, and we filed a bug upstream with rails [16:58] <ivoks> all languages support multipath [16:58] <macd> but those guys arent budging. [16:58] <Koon> we have kinda the same problem with maven, though it's a little worse (it downloads already-built blobs) [16:58] <mathiaz> macd: do you have the upstream rails bug url ? [16:59] <macd> Most gems are binary already, but some do compile against ruby1.8 or ruby1.9 which presents another problem with debian gems [16:59] <macd> mathiaz, take a quick laugh I dont have my bookmarks sync'd [16:59] <macd> Wink ;) [16:59] <macd> but I'll add it to the rails spec wiki page later today [17:00] <soren> macd: Clueless question alert: Google mentions $LOAD_PATH which seems to be a list of places to look for "stuff". [17:00] * soren doesn't know ruby lingo, so "stuff" will have to do.. Smile :) [17:00] <mathiaz> macd: great - if you can add links to the relevant ressources on the web that talk about the issue, it would be very helpful to get up-to-speed on the issue [17:00] <soren> Why is that variable insufficient? [17:00] <mathiaz> @schedule [17:00] <ubottu> mathiaz: Schedule for Etc/UTC: Current meeting: Server Team | 22 Jul 18:00: LoCo Council | 22 Jul 20:00: Ubuntu Web Presence Team | 22 Jul 21:00: EMEA membership meeting | 23 Jul 17:00: QA Team | 23 Jul 22:00: Platform Team [17:00] <macd> soren, one sec [17:01] <macd> # Add additional load paths for your own custom dirs [17:01] <macd> # config.load_paths += %W( #{RAILS_ROOT}/extras ) [17:01] <macd> that is for plugins [17:01] <mathiaz> Ok - let's move on - as we're running out of time [17:02] <soren> And gems are... what? [17:02] <soren> Ok, we can talk in #ubuntu-server in a bit. [17:02] <persia> soren: It's binaries, not libraries: it's perfectly possible for one gem to depend upon another and run binaries included in the gem depended upon. This doesn't work in SUDO without mangling /etc/environment, which is not indended for automated modification post-install. [17:02] <macd> sure [17:02] <macd> persia, thats pretty spot on as to whats happenning [17:02] <soren> persia: Oh, things have to be in $PATH, not ruby's library path or whatnot? [17:02] <mathiaz> [TOPIC] Open Discussion [17:02] <MootBot> New Topic: Open Discussion [17:03] <macd> soren, yes, exactly [17:03] <mathiaz> Anyone wants to add something ? [17:03] <persia> soren: Depending on the gem, possibly both (but I'm not continuing more, given the desire of the chair). [17:03] <soren> -> #ubuntu-server [17:03] <macd> we can continue in -server in about 20? [17:04] <mathiaz> Anyone wants to add something ? [17:04] <ivoks> openssl patches [17:04] <mathiaz> [TOPIC] Migrate new installs and upgrades of client and server packages to use SSL v3 or TLS [17:04] <MootBot> New Topic: Migrate new installs and upgrades of client and server packages to use SSL v3 or TLS [17:04] <ivoks> i've been working on them; only left are proftpd and lighttpd (both universe) [17:05] <ivoks> so, this will work, but we would be far better of with disabling sslv2 in openssl [17:05] <mathiaz> ivoks: you've started a thread on -devel about removing support for sslv2 in openssl [17:05] <mathiaz> ivoks: what's the current situation ? [17:05] <ivoks> smaller delta with debian and a sure thing we disabled it everywhere [17:05] * nealmcb1 waves from oscon [17:05] <ivoks> there's a proposal that we should really disable sslv2 [17:06] <ivoks> so, atm, we are waiting for really good argument against that action Smile :) [17:06] <ivoks> (disable in openssl) [17:06] <ivoks> as it is disabled in NSS and gnutls [17:06] <mathiaz> ivoks: ok [17:06] <soren> I like that idea, but I'm sort of worried about 3rd party stuff still requiring it. [17:07] <ivoks> soren: openssl-sslv2 package in universe? [17:07] <soren> That's what I'm thinking. That was a good idea. [17:07] <ivoks> we already have packages like that [17:07] <zul> im sitting on dovecot and apache patches until we get a resolution [17:07] <soren> Built from the same source, so we don't have much of a maintenance overhead. [17:07] <ivoks> apache is one example; same source, multiple binaries with different options [17:08] <ivoks> zul: there's vsftpd patch too [17:08] <zul> ivoks: ah ok [17:08] <mathiaz> it may be worth preparing a patch to the openssl package for the -sslv2 option in universe [17:08] <ivoks> mathiaz: i'm ready to do that [17:09] <mathiaz> ivoks: great - it may help in the discussion: to see the code [17:09] <mathiaz> [ACTION] ivoks to prepare a patch for the openssl package to disable sslv2 [17:09] <MootBot> ACTION received: ivoks to prepare a patch for the openssl package to disable sslv2 [17:09] <ivoks> this is the only right way to do it [17:10] <mathiaz> ivoks: thanks for your help [17:10] <mathiaz> Anything else to add ? [17:10] <mathiaz> [TOPCI] Open Discussion [17:10] <ivoks> anyone using redhat-cluster-suite, please report any problems Smile :) [17:11] <ivoks> it turns out we have lots of redhat-ism in that package [17:12] <mathiaz> [TOPIC] Agree on next meeting date and time [17:12] <MootBot> New Topic: Agree on next meeting date and time [17:12] <zul> ivoks: not surprising Smile :) [17:12] <mathiaz> same place, same time, next week ? [17:12] <ivoks> sure [17:12] <kirkland> yup [17:13] <Koon> ok [17:13] <mathiaz> excellent then - see yu all next week here [17:13] <mathiaz> keep up the good work [17:13] <macd> thanks! [17:13] <mathiaz> #endmeeting }}}