[libreoffice-website] Minutes from the Tue Sep 17 infra call

Participants
============

 1. guilhem
 2. cloph
 3. Brett
 4. Ilmari
 5. Dennis

Agenda
======

 * PiTR
   + AI guilhem (from last call…): merge the branch and deploy on vm221
   + guilhem+Brett+* to schedule a videochat some time in ≥late sept

 * chat system
   + [matrix] https://matrix.documentfoundation.org
   + talked with Philippe about https://www.nayego.net/ , based on XMPP
     - no mobile app (can use your own, without the shiny extensions)
     - no SSO
   + XMPP is also provided by JPBerlin for members; a quote from Sophie's
     mails to the members ml:
     - As a member of the Foundation, you can have a libreoffice.org account
       and register to free communication services:
       . an e-mail address with a fully-featured IMAP account with shared
         folder options, alternatively an e-mail forwarder
       . a Jabber/XMPP address for instant messaging
       . a SIP/VoIP account for voice conferencing
     - no SSO
   + Brett: one of the benefits of [matrix] vs. the various XMPP extensions is
     their nice mobile application (which is why people use Telegram)
     - https://conversations.im/ is a very good XMPP client, but maybe too
       confusing to set up all these different brands of clients
     - too many moving parts on a social level with XMPP
     - fragmentation due to the wide diversity of clients (and various XEP
       support), with [matrix] it's Riot on mobile and desktop and browser.
       E.g. Handling of messages when users are offline can vary drastically.
   + Kiwi bouncer service installation process now documented at
     https://github.com/kiwiirc/kiwibnc
     - Ilmari will attempt to set up a Kiwi IRC system on his own server and
       document the process
     - As we use freenode, SSO is not applicable (we would need to run our own
       IRCd - Inspircd supports ldap)
       . g: not necessarily, our sso-aware services don't use ldap (which
         alone doesn't give sso), they simply authenticate against our idp,
         and in principle I don't see why the authentication service couldn't
         do the same.  exposing sso user credentials to a leaf service is not
         a good idea anyway (no other frontend uses ldap for that reason).
   + guilhem: would just like to agree on something that's not telegram.
     Brett: would just need to be as usable as telegram then

 * gerrit
   + more and more trouble with third-party OpenID providers
     . can now authenticate with TDF own OAuth2 IdP, cf.
       https://listarchives.libreoffice.org/global/website/msg15471.html
   + multiple identity providers increases likelihood account duplication,
     which is a pain both for users and for the infra team
     . eventually TDF's Single Sign-On system will be the only enable identity
       provider (required for 2.15 upgrade)
   + g: individually poked all ~100 duplicate account owners (based on
     preferred email address)
     . will merge as explained after Oct 1st (or earlier if account owner
       replied)
   + upgrade path (need to force authentication through TDF's SSO system
     first)
     1. migrate to NoteDB first (to keep history in All-Users.git)
     2. remove references to missing accounts (SSH keys etc)
     3. remove external IDs other than mailto:, username:, and tdf-oauth:
     4. resolve remaining email collisions
     → tested on the stage instance at
       https://gerrit-stage.documentfoundation.org/
   + stats:
     last active   #accounts in SSO
     -----------  -----------------
         ≤7 days   57/  79 (72.15%)
        ≤30 days   80/ 134 (59.70%)
        ≤90 days  100/ 203 (49.26%)
       ≤180 days  115/ 280 (41.07%)
       ≤730 days  167/ 706 (23.65%)
         anytime  207/2102 ( 9.85%)
   + who/when to poke?
     - cloph to remind people at the ESC
     - guilhem to individually poke folks who were last active in the past 90 days
   + convenience URLs https://git.libreoffice.org/$REPO/commit/$COMMIT_ID (and
     also tree, log, diff, blame)
     - can be used automatic messages (IRC, BZ mail)
     - maybe also in gerrit links
     - cloph: have that already: https://redmine.documentfoundation.org/issues/2200
       . hub.libreoffice.org/git-repo/hash, but that's for the history not the diff
       . git.libreoffice.org/core/+/hash or git.libreoffice.org/core/+log/master -
         a little easier/shorter than plugin/gitlies URL, but maybe not so
         portable
       . even already have https://git.libreoffice.org/core/commit/749405af4
         and others (log, history, blame) — (guess I misunderstood and that
         item was announcement of those redirects/convenience URLs :-))
     - dennis: tdf.io? → not really the usecase here

 * Possible spare hardware temporary offer
   + testbed to try out different setups for the lower layers of the virt
     stack (i.e. for hypervisor testing)
   + wishlist: 2/3 machines with a 10G link in between, RDMA nice but not
     required, fast drives or combination HDD/SSD

 * Mac buildbot (tb69)
   + Brett kindly offered to host it
   + rdm#2962 give VPN creds
   + cloph: it's enough to upgrade the box, no need to nuke and reinstall
   + AI guilhem: ask admin creds from Norbert and share with Brett
   + AI Brett: upgrade the OS to the most recent baseline
   + no salt states for non-linux boxes; will manually upgrade and lode will
     the do the rest for the tb setup

 * Attic [Dennis]
   + Some issues with messed-up unicode links, weird usernames (broken
     authorship refint)
   + Dennis to fix, then Guilhem to nuke the test DB and reimport (and later
     deploy to prod)

 * Next call: Tue Oct 15 16:30:00 UTC 2019

-- 
Guilhem.

-- 
To unsubscribe e-mail to: website+unsubscribe@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy