[Contributors meeting] March 6th, 2018

Attendees

• ljf
• Aleks
• vey
• frju365
• Maniack
• Moul
• Bram
• cireuil
• Josue

Misc news since last time

• New ISOs released \o/ (c.f. https://build.yunohost.org/ )
  • (bug on the bot that announce that on xmpp, Bram and Aleks will have a look)

Infra: Bearnaise lacks of room !

• Discussion about lacks of space on one of the main infra server, and how we can clean some old or unecessary stuff
• In the end, we manage to get ~40 Go of free space back on the server. Also installed logrotate on some heavy logs

Security: YunoHost audits

• Discussion about asking for a free audit to the Mozilla Corporation

  • https://blog.mozilla.org/blog/2016/06/09/help-make-open-source-secure/
  • Not sure that we would fit to that criteria: “How vital is the software to the continued functioning of the Internet or the Web?” (https://wiki.mozilla.org/MOSS/Secure_Open_Source)

• Conclusion : if it doesn’t take too much time, let’s try to fil in the form. : https://docs.google.com/forms/d/e/1FAIpQLScLwANEOvLBE6gnFVoiamqHOYzzkaChpdQJ7f0PlZGmfyy94w/viewform

Security: Fail2ban issue

• Follow-up of How to secure guide for noob
• Security issue : yunohost filter/jail in fail2ban was misconfigured for several reason, thus allowing brute force on the SSO and webadmin…
• Fix : https://github.com/YunoHost/yunohost/pull/438
• Made a hotfix stable release, 2.7.10

Towards a alpha-testing for Stretch

Much progress on stretch App CI

• https://dash.yunohost.org/appci/compare/stable...stretch
• (Results to be compared to http://212.47.243.98:8080/ to see if they really are relevant (e.g. some tests crashed due to unstable LXC?))
• Also we still have ~20% unknown, some because app list not up to date…

Tried to list apps to fix here : https://dev.yunohost.org/issues/1058#note-5

• To help with these :
  • a. Setup a stretch yunohost instance
  • b. Install the app with --debug
  • c. See what’s wrong and try to find a fix ;D

Alpha-testing ? (Alpha = expect many broken things !) Propose people to :

• (Difficulty: easy) test install on a fresh Debian Stretch, with the current stretch script : https://github.com/YunoHost/install_script/blob/stretch2/install_yunohost
• (Difficulty: medium) test the stretch migration on a newly installed machine. Switch to unstable in sources.list, dist-upgrade then yunohost tools migrations migrate. c.f. https://github.com/YunoHost/yunohost/pull/433
• (Difficulty : hard) same as previously, but on a prod-like environment with many apps installed (ideally a clone of it to be able to test multiple times without messing the real instance…)
• (Difficulty : medium) test the stretch migration from the webadmin

Items not really investigated so far, but can be investigated in parallel :

• Test that apps keep working after migrating from jessie to stretch (though at least the php5->php7 part should be ~okay) : https://dev.yunohost.org/issues/1060
• Specific migration for postgres 9.4 to 9.6 : https://dev.yunohost.org/issues/1022
• Test / be able to restore backup from 2.x in 3.x (we should at least handle the php5->php7 stuff automatically) : https://dev.yunohost.org/issues/1059
• Fail2ban conf is to be flushed and regenerated from scratch … this will trash (or at least disable…) custom fail2ban rules from some apps… What do we do with this.

Orga: meetings

Keoma from franciliens.net, much interested in working on the Internet Cube issues <3

• He can’t join on Tuesdays :<
• TODO : Create a framadate to pick new days for YunoHost meeting, discuss result during next meeting

In parallel, we should look into setting up an internet cube meeting to reboot the project as we talked a few times…

• TODO: Create a framadate to organize a internet cube meeting

Infra: Install Mumble and Etherpad(+mypads) on our own infra

• Motivation would be to host our own tools instead of relying on other people / organization
• Though the current situation has some good sides in case our infra gets down

We conclude to postpone this for after we set up a fallback system on the Globenet server

Misc : changes in unstable build version numbers

• Unstable versions numbers were something like 2018.01.22.13.37.00 and causing issue (major version is 2018, always higher than 2.x or 3.x). They got changed to something like 2.7.9+2018.02.10.00 which is more relevant
• Vagrant box got updated accordingly

Misc: interesting tools

• https://www.nsupdate.info/

  • Nothing to say, it’s an alternative to dynette (software behind the nohost.me/nohost.st domain) in django and with this name i think it uses nsupdate (like dynette)

• https://github.com/analogj/lexicon

  • If integrated someday™, could allow us to automatize DNS record manipulations

Next meeting

Tuesday 20th, 2018