Date: prev next · Thread: first prev next last
2019 Archives by date, by thread · List index


 1. guilhem
 2. cloph
 3. Brett
 4. Ilmari
 5. Dennis


 * PiTR
   + AI guilhem (from last call…): merge the branch and deploy on vm221
   + guilhem+Brett+* to schedule a videochat some time in ≥late sept

 * chat system
   + [matrix]
   + talked with Philippe about , based on XMPP
     - no mobile app (can use your own, without the shiny extensions)
     - no SSO
   + XMPP is also provided by JPBerlin for members; a quote from Sophie's
     mails to the members ml:
     - As a member of the Foundation, you can have a account
       and register to free communication services:
       . an e-mail address with a fully-featured IMAP account with shared
         folder options, alternatively an e-mail forwarder
       . a Jabber/XMPP address for instant messaging
       . a SIP/VoIP account for voice conferencing
     - no SSO
   + Brett: one of the benefits of [matrix] vs. the various XMPP extensions is
     their nice mobile application (which is why people use Telegram)
     - is a very good XMPP client, but maybe too
       confusing to set up all these different brands of clients
     - too many moving parts on a social level with XMPP
     - fragmentation due to the wide diversity of clients (and various XEP
       support), with [matrix] it's Riot on mobile and desktop and browser.
       E.g. Handling of messages when users are offline can vary drastically.
   + Kiwi bouncer service installation process now documented at
     - Ilmari will attempt to set up a Kiwi IRC system on his own server and
       document the process
     - As we use freenode, SSO is not applicable (we would need to run our own
       IRCd - Inspircd supports ldap)
       . g: not necessarily, our sso-aware services don't use ldap (which
         alone doesn't give sso), they simply authenticate against our idp,
         and in principle I don't see why the authentication service couldn't
         do the same.  exposing sso user credentials to a leaf service is not
         a good idea anyway (no other frontend uses ldap for that reason).
   + guilhem: would just like to agree on something that's not telegram.
     Brett: would just need to be as usable as telegram then

 * gerrit
   + more and more trouble with third-party OpenID providers
     . can now authenticate with TDF own OAuth2 IdP, cf.
   + multiple identity providers increases likelihood account duplication,
     which is a pain both for users and for the infra team
     . eventually TDF's Single Sign-On system will be the only enable identity
       provider (required for 2.15 upgrade)
   + g: individually poked all ~100 duplicate account owners (based on
     preferred email address)
     . will merge as explained after Oct 1st (or earlier if account owner
   + upgrade path (need to force authentication through TDF's SSO system
     1. migrate to NoteDB first (to keep history in All-Users.git)
     2. remove references to missing accounts (SSH keys etc)
     3. remove external IDs other than mailto:, username:, and tdf-oauth:
     4. resolve remaining email collisions
     → tested on the stage instance at
   + stats:
     last active   #accounts in SSO
     -----------  -----------------
         ≤7 days   57/  79 (72.15%)
        ≤30 days   80/ 134 (59.70%)
        ≤90 days  100/ 203 (49.26%)
       ≤180 days  115/ 280 (41.07%)
       ≤730 days  167/ 706 (23.65%)
         anytime  207/2102 ( 9.85%)
   + who/when to poke?
     - cloph to remind people at the ESC
     - guilhem to individually poke folks who were last active in the past 90 days
   + convenience URLs$REPO/commit/$COMMIT_ID (and
     also tree, log, diff, blame)
     - can be used automatic messages (IRC, BZ mail)
     - maybe also in gerrit links
     - cloph: have that already:
       ., but that's for the history not the diff
       . or -
         a little easier/shorter than plugin/gitlies URL, but maybe not so
       . even already have
         and others (log, history, blame) — (guess I misunderstood and that
         item was announcement of those redirects/convenience URLs :-))
     - dennis: → not really the usecase here

 * Possible spare hardware temporary offer
   + testbed to try out different setups for the lower layers of the virt
     stack (i.e. for hypervisor testing)
   + wishlist: 2/3 machines with a 10G link in between, RDMA nice but not
     required, fast drives or combination HDD/SSD

 * Mac buildbot (tb69)
   + Brett kindly offered to host it
   + rdm#2962 give VPN creds
   + cloph: it's enough to upgrade the box, no need to nuke and reinstall
   + AI guilhem: ask admin creds from Norbert and share with Brett
   + AI Brett: upgrade the OS to the most recent baseline
   + no salt states for non-linux boxes; will manually upgrade and lode will
     the do the rest for the tb setup

 * Attic [Dennis]
   + Some issues with messed-up unicode links, weird usernames (broken
     authorship refint)
   + Dennis to fix, then Guilhem to nuke the test DB and reimport (and later
     deploy to prod)

 * Next call: Tue Oct 15 16:30:00 UTC 2019


To unsubscribe e-mail to:
Posting guidelines + more:
List archive:
Privacy Policy:


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.