2020-07-07 heroes meeting

[19:54:30] <bmwiedemann1> good evening
[19:54:52] <lethliel> A good evening to all of you...
[19:57:53] <deneb_alpha> hi folks! :)
[19:57:58] <pjessen> hello
[19:59:47] <Eighth_Doctor> 👋
[20:01:26] <bmwiedemann1> https://progress.opensuse.org/issues/67663 has the checklist for today's meeting
[20:03:02] <lcp15> yup, so does anyone from the community have questions
[20:03:16] <pjessen> item#1 yep
[20:03:34] <deneb_alpha> I have one but it's related to the last item in the checklist
[20:03:42] <cboltz> hi everybody
[20:04:09] <cboltz> (lcp15 - if you want, feel free to continue leading the meeting)
[20:04:54] <lcp15> sure, so since it's pretty quiet, do we have any status reports?
[20:05:33] <lethliel> Yup
[20:06:10] <lethliel> meet.o.o is now not behind NAT anymore and should work with mobile and IPv6-only connections
[20:06:50] <lethliel> Also there is a newly set up project where some trainees will package jitsi and provide packages for openSUSE
[20:07:15] <lethliel> A new server with a lot more RAM is also on the way
[20:07:29] <lethliel> All done. Next ;-)
[20:07:32] <lcp15> I have deployed the remaining parts of Matrix infrastructure, and am just waiting for some help from the upstream because there are some database query issues that prevent us from using it fully https://github.com/matrix-org/synapse/issues/7772
[20:08:22] <lcp15> also requested openidc metadatato use with the server https://progress.opensuse.org/issues/68320
[20:08:25] <Eighth_Doctor> I've continued doing some engagement with the Noggin folks wrt openSUSE, though the bulk of my time since last month was been spent on Leap 15.2, which is finally out! 🥳
[20:09:46] <kl_eisbaer> I have upgraded ~75% of the openSUSE infrastructure to openSUSE Leap 15.2
[20:09:54] <lcp15> oh yeah, also reached out to jdsn to have the freeipa server access after 3 weeks (as requested), but got no reply
[20:10:23] <jdsn> sorry, forgot to reply - no objections any more from my side
[20:10:59] <cboltz> will you now also tell us what was the blocker? ;-)
[20:11:19] <jdsn> maybe in less public area :)
[20:11:58] <pjessen> not much to say from my side, havent had much time so only a bit of this and bit of that.
[20:12:01] <cboltz> choose whatever way works for you ;-)
[20:12:32] <cboltz> short and funny one from me - the "one ticket for counter.o.o per release" tradition continued. This time some fonts (for chinese etc.) were missing ;-)
[20:13:10] <cboltz> (and also a bit of "this and that")
[20:13:32] <Eighth_Doctor> yay!
[20:13:49] <Eighth_Doctor> wow, that lagged :P
[20:13:50] <tuanpembual> Hi all, sorry for late joint. No update from me since last month.
[20:13:59] <lcp15> I started working on migrating countdown to py3, and maybe using gettext instead of functions and dicts with language strings
[20:14:06] <kl_eisbaer> ah: and I imported some additional opensuse domains in freeipa, that SUSE-IT wants to hand over to the openSUSE heroes
[20:14:25] <Eighth_Doctor> 👍️
[20:14:32] <lcp15> what domains?
[20:14:58] <lcp15> just out of curiosity what we are getting :P
[20:15:32] <kl_eisbaer> lcp15: a lot - let me see if I can print a list here
[20:16:26] <kl_eisbaer> ...and here they are:  opensuse.asia opensuse.com.br opensuse.com.es opensuse.com.mx opensuse.com opensuse.co opensuse.de opensuse.eu opensuse.fr opensuse.gen.tr opensuse.jp opensuse.kr opensuse.mx opensuse.net opensuse.org.cn opensuse-project.com opensuse-project.de opensuse-project.
[20:16:26] <kl_eisbaer> net opensuse-project.org
[20:17:04] <jdsn> great, so we can use  opensuse.mx for the new mx servers?
[20:17:09] <lcp15> I was gonna say
[20:17:17] <lcp15> seems like a perfect opportunity
[20:17:20] <kl_eisbaer> they all exist in freeipa now - just someone needs to find the time to make them available on our 4 DNS servers
[20:17:35] <kl_eisbaer> feel free, I would say :-)
[20:17:35] <Eighth_Doctor> nice
[20:17:41] <Eighth_Doctor> there's so much opportunity here
[20:17:46] <bmwiedemann1> and half of the NS entries still point the wrong way
[20:17:52] <Eighth_Doctor> 😆
[20:18:01] <lcp15> and as suse does, maybe replace infra.opensuse.org with opensuse.de ;)
[20:18:09] <Eighth_Doctor> hell no
[20:18:18] <kl_eisbaer> bmwiedemann1: you mean the public entries? That's expected, as they are currently just copied over to SUSE-IT from MF-IT
[20:18:31] <lcp15> Eighth_Doctor: the servers are in germany after all
[20:18:39] <bmwiedemann1> I'd be happier if most of them just remained simple and redirected to opensuse.org
[20:18:53] <pjessen> bmwiedemann: +1
[20:19:03] <lcp15> well, we could probably point to language specific versions of the website
[20:19:03] <kl_eisbaer> lcp15: this becomes scary in the moment, when you know you visit a machine running in Provo which has an opensuse.de domain ;-)
[20:19:24] <lcp15> kl_eisbaer: opensuse.co for provo then
[20:19:27] <cboltz> lcp15:   provo-mirror.infra.opensuse.org   *SCNR*
[20:19:29] <kl_eisbaer> ...and no: not all openSUSE servers are in Germany
[20:19:49] <lcp15> we can find an address per country
[20:20:18] <Eighth_Doctor> we could use opensuse-project.org for infra instead :P
[20:20:19] <kl_eisbaer> maybe our shop (wait, what? we have a shop? ;-) could become shop.opensuse.com :D
[20:20:28] <Eighth_Doctor> we have a shop?
[20:20:33] <lcp15> I just updated how it looks
[20:20:40] <lcp15> we also wanna change providers
[20:20:43] <lcp15> sooooo
[20:20:43] <pjessen> what are we selling ?
[20:20:51] <lethliel> merch
[20:20:59] <lcp15> https://shop.opensuse.org/
[20:20:59] <pjessen> lethliel: ah
[20:21:42] <pjessen> any more status reports ?
[20:21:46] <kl_eisbaer> lcp15: right point: we should shortly discuss (and agree) on your new page design for opensuse.org websites, I guess (if you haven't done this already)
[20:21:58] <bmwiedemann1> normal people have no idea how to find out if shop.opensuse.com really is doing it for the opensuse.org project. so it should better just be a redir to shop.opensuse.org
[20:22:03] <lcp15> we just use chameleon theme kl_eisbaer
[20:22:10] <lcp15> we are very lazy ;)
[20:22:40] <kl_eisbaer> lcp15: but I like it. It's easy and - tata - contains all our nice services in the menu :-)
[20:23:00] <bmwiedemann1> "all" ?
[20:23:02] <lcp15> and lizards which shouldn't be there
[20:23:12] <kl_eisbaer> maybe it's time to work on the redesign of the rest of the pages and make some marketing around this?
[20:23:28] <kl_eisbaer> Fresh 15.2 -> fresh openSUSE pages :-)
[20:23:31] <lcp15> if you know any, report them to marketing team
[20:23:39] <lcp15> I'm also doing the error pages slowly
[20:23:55] <lcp15> procrastinating on error pages
[20:24:12] <kl_eisbaer> lcp15: is there a repository for the page templates and maybe even with sub-directories for the services?
[20:24:53] <lcp15> well, we use jekyll-theme for this mostly, so you have to do no templating yourself
[20:25:06] <lcp15> and from jekyll you can just render your page easily into html
[20:25:21] <lethliel> Is there a git repo that contains the layout?
[20:25:51] <kl_eisbaer> hm: I'm thinking about the login.template pages or pages like https://fontinfo.opensuse.org/
[20:26:03] <lcp15> https://github.com/openSUSE/jekyll-theme/ has the base theme and https://github.com/openSUSE/jekyll-template/ is the template repository for using the theme easily
[20:26:04] <kl_eisbaer> or https://kernel.opensuse.org/
[20:26:13] <lcp15> I did kernel already
[20:26:28] <kl_eisbaer> some of them are more or less static ...
[20:26:34] <lcp15> https://github.com/openSUSE/kernel-pages/pull/1
[20:27:08] <kl_eisbaer> lcp15: hehe: conflict resolving ;-)
[20:27:16] <lcp15> yeah, yeah, I will handle this later
[20:27:38] <lcp15> fontinfo is annoying, because it's a lot of C stuff with inline templates
[20:27:47] <lethliel> Ok :-) So this is mostly for static pages?
[20:28:06] <bmwiedemann1> that is what jekyll is made for
[20:28:10] <lcp15> well chameleon can be used with some more dynamic stuff
[20:28:25] <lcp15> we do use it with https://status.opensuse.org too
[20:28:40] <lethliel> I am a total webdesign frontend noob
[20:28:53] <lcp15> hm, although I believe I redesign that too
[20:29:01] <kl_eisbaer> lcp15: ..and https://mirrors.opensuse.org/ as well ;-)
[20:29:16] <lcp15> kl_eisbaer: was there some switch from static1 to 2 or vice versa?
[20:29:18] <kl_eisbaer> lcp15: I would love to get it for https://download.opensuse.org as well
[20:29:26] <kl_eisbaer> lcp15: yes.
[20:29:31] <lethliel> lcp15: Perhaps we can talk about that in the next few days If you will find the time?
[20:29:37] <lcp15> sure
[20:29:57] <lcp15> kl_eisbaer: I'm fairly sure I set new theme on the status, which was reverted
[20:30:01] <kl_eisbaer> lcp15: I switched to static2 during the network renewal in Nuremberg. And today (or yesterday? sorry) back to status1
[20:30:21] <lethliel> lcp15: My questions would totally overrun this meeting ;-)
[20:30:40] <lcp15> kl_eisbaer:  it might need to be synced up then, would you fetch stylesheet and header from status2?
[20:31:16] <kl_eisbaer> lcp15: I copied the database from one to the other "status" host - if there got something lost, please tell me in detail later. I will adjust the scripts in that case.
[20:31:32] <lcp15> ah, alright, I will figure it out later then
[20:31:57] <lcp15> lethliel: I can imagine, this design stuff is pretty engaging ;)
[20:31:58] <kl_eisbaer> lcp15: I have the scripts uploaded into our github instance, IMHO.
[20:32:29] <kl_eisbaer> ...and for download.opensuse.org, we have the theming in a package, but IMHO nowhere on github (yet).
[20:32:50] <lcp15> alright
[20:33:29] <lcp15> how is mirrors deployed, and from what
[20:34:37] <lcp15> as in mirrors.o.o
[20:36:22] <kl_eisbaer> the basics are comming from a script, that is deployed on olaf.infra.o.o via RPM. This script uses a header template (everything until the table) and a connection to mirrorbrain to generate the HTML pages
[20:37:06] <kl_eisbaer> I guess the header template is currently only available on olaf, as far as I can remember
[20:37:28] <lcp15> alright, that shouldn't be too hard then I guess
[20:37:48] <kl_eisbaer> maybe we can put that into the package as well - but that's one of the reasons why I'm asking if we might think about a general repository to store such pages
[20:38:20] <lcp15> yeah, I was gonna ask guo if we shouldn't have some standard headers/footers generated somewhere easily
[20:38:32] <lcp15> since I needed that for status
[20:38:55] <bmwiedemann1> https://github.com/openSUSE/static.opensuse.org ?
[20:39:21] <lcp15> well, not really, it would probably be an app that would give you html after setting some settings
[20:39:30] <lcp15> something simple like that
[20:39:45] <kl_eisbaer> lcp15: looking forward to that app :-)
[20:39:55] <lcp15> yeah, if I manage to find the time
[20:40:29] <kl_eisbaer> https://debuginfod.opensuse.org/ for example would be something similar ... it's just one single page with some text and links. Nothing more.
[20:40:35] <cboltz> if it's only about generating the template and splitting it into header and footer - jekyll + some sed magic?
[20:41:25] <pjessen> I wonder if maybe we could get back to the agenda ?
[20:41:36] <lcp15> yeah, I kinda also wanna have split css stuff, so we don't have to use everything for the cases like status (although we would use the entire chameleon for mirrors and download so idk)
[20:41:36] <kl_eisbaer> cboltz: it depends: some pages (like the debuginfod) are simple HTML pages, nothing more. Some other pages (mirrors.o.o or download.o.o) are generated on the fly or via cron job locally
[20:42:02] <lcp15> yeah, right, reviewing old tickets
[20:42:14] <kl_eisbaer> these pages need separate header & footer files - and the rest will be done by the "on the fly services"
[20:42:21] <kl_eisbaer> pjessen: you are right, sorry.
[20:42:40] <cboltz> kl_eisbaer: right - for the header/footer split, sed could help
[20:42:58] <cboltz> (and with that - back to the agenda ;-)
[20:43:06] <kl_eisbaer> cboltz: topic, please ;-) (but only partly, I guess ;-)
[20:43:38] <kl_eisbaer> ...as there is no need for sed (that's done by the tools), just  a need for the header and footer files
[20:44:02] <pjessen> I would propose we skip "review old tickets" and leave it for another time ?
[20:44:24] <lethliel> +
[20:44:35] <lcp15> yeah, it seems like a good idea, since I haven't looked at the tickets for a few weeks due to busy anyway
[20:44:37] <kl_eisbaer> pjessen: just in case you have not prepared for that topic (as I haven't)
[20:44:54] <cboltz> If I only know when "other time" is ;-) - but nevertheless, agreed
[20:45:03] <lcp15> the next is forums support, and I don't know what that is
[20:45:13] <lcp15> so pjessen, take it away
[20:45:14] <pjessen> yeah - I added that item.
[20:45:21] <kl_eisbaer> we have currently ~150 open tickets - I was already happy a few days ago, when we were down to 120. But now we have 15.2 ;-)
[20:45:39] <bmwiedemann1> (I feel some bad debt growing with those old tickets nobody looks at)
[20:46:00] <pjessen> basically, new forums issues turn up regularly and seem to be heading my way :-)
[20:46:11] <lethliel> Perhaps we should schedule another meetint to just review these tickets?
[20:46:28] <kl_eisbaer> pjessen: what issues turn up?
[20:46:46] <kl_eisbaer> pjessen: hopefully, there is no DB problem any longer since the migration to the galera cluster?
[20:47:06] <pjessen> kl_eisbaer: nono, just regular maintenance stuff. recently some index had to be rebuilt.
[20:47:28] <kl_eisbaer> BTW: did I announce that we are running the latest Galera 4 cluster (based on MariaDB 10.4.13) on Leap 15.2 ? :-D
[20:47:41] <pjessen> we are also likely to see people wanting their posts deleted and such (next topic).
[20:47:42] <King_InuYasha> awesome
[20:47:48] <bmwiedemann1> nice
[20:48:39] <pjessen> basically - I'm not keen on getting intimately familiar with vBul and it's operation, so the job is up for grabs :-)
[20:48:56] <kl_eisbaer> pjessen: so - to make it a bit more clear to me - you need help with the "forum admin job" ?
[20:49:08] <lcp15> if it falls onto me, that would mean me very much rushing an upgrade to discourse :P
[20:49:19] <pjessen> kl_eisbaer: _we_ need help :-)
[20:49:47] <kl_eisbaer> lcp15: I guessed you had to work already on a lot of other "tickets" ;-)
[20:49:55] <kl_eisbaer> pjessen: who is we?
[20:50:05] <lcp15> well, I did before the vb migration
[20:50:08] <pjessen> kl_eisbaer: we = us = heroes.
[20:50:13] <lcp15> after it I kinda ignored forums
[20:50:39] <lcp15> deps for discourse are a nightmare and I haven't had the time to take care of everything, but I was really close the last time I tried
[20:50:44] <kl_eisbaer> pjessen: ah, ok. Maybe we should think about an Email on opensuse-project@ ?
[20:51:11] <bmwiedemann1> or check the forum stats and ask 3 active people there if they are interested in the job?
[20:51:16] <pjessen> kl_eisbaer: I waqs wondring if maybe the current admins might want to help out
[20:51:17] <lcp15> I kinda wish we could get one of the forum mods to be able to access vb from the inside btw
[20:51:30] <pjessen> lcp15: +1
[20:51:32] <lcp15> so they can also kinda function as "admins"
[20:52:15] <kl_eisbaer> pjessen: you mean the Provo Admins? If you have their contact data... ...ping them. We can offer them a nice work environment and challenging topics :-)
[20:52:51] <lcp15> no, knurpht, malcolmlewis and such others
[20:53:29] <pjessen> kl_eisbaer: witzbold :-)
[20:53:32] <lcp15> they know Leap better than many of us because support is a bitch, so they would be really helpful :P
[20:54:03] <robin_listas> The machine is SLES
[20:54:36] <pjessen> I'm surprised we don't have any of those admins here tonight
[20:54:48] <pjessen> s/admins/moderators/
[20:54:48] <kl_eisbaer> feel free to ask. a freeipa account and VPN to get access will not take long. Just tell them to open a ticket and we are ready to go ;-)
[20:55:03] <robin_listas> malcolm machine is connected, I see his name.
[20:55:05] <lcp15> robin_listas: practically the same thing
[20:55:16] <lcp15> but noted
[20:56:17] <pjessen> maybe as an action item for me - talk to the forum mods and see what they say about taking more of an inside role?
[20:56:44] <cboltz> pjessen: good idea
[20:56:50] <lcp15> yeah, sounds good
[20:57:06] <bmwiedemann1> if there is a Mod-only area on the forums, post it there?
[20:58:04] <pjessen> bmwiedemann1: I have a good link to the three mods, I'll bring it up directly.
[20:58:42] <lcp15> so is the topic exhausted?
[20:58:50] <pjessen> lcp15: for now :-)
[20:59:05] <lcp15> so how about talking about the GDPR requests again
[20:59:18] <lcp15> the most boring, but important topic
[21:00:23] <kl_eisbaer> definitively
[21:00:36] <lcp15> we have had some requests over the past month, and we don't have a definitive way to deal with them afaik
[21:00:57] <pjessen> I have added my input to a couple of the tickets, yesterday and today, but that's only part of it.
[21:01:27] <bmwiedemann1> there were also some GDPR requests where people later found that they wanted to keep some of it (probably more a reaction to the SCC account mails=
[21:01:49] <deneb_alpha> hello folks, first, let me say thanks for your work. :) on the GDPR topic legals from SUSE were asking if could be possible to have a privacy@opensuse for channeling the requests
[21:02:11] <pjessen> deneb_alpha: a mailing list ?
[21:02:19] <deneb_alpha> pjessen, a kind of
[21:02:36] <lcp15> probably better to have another place on redmine, as in tickets
[21:03:02] <deneb_alpha> there's a GDPR project in redmine for working on GDPR topics with SUSE legals
[21:03:06] <jdsn> rather a ticket queue than a list
[21:03:07] <pjessen> lcp15: well, I was wondering about that, but we are all very good at procrastinating
[21:03:09] <kl_eisbaer> https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/GDPR
[21:03:51] <deneb_alpha> kl_eisbaer, thanks for the link
[21:03:55] <kl_eisbaer> this is a start from one of our last meetings, trying to collect information about a) which systems are affected and b) how to automate that stuff
[21:04:25] <deneb_alpha> kl_eisbaer, this is great! thanks for sharing.
[21:04:44] <lcp15> pjessen: that applies to all  the infra work ;)
[21:04:50] <kl_eisbaer> The problem is, that we need to find some nice admins or developers, who can write smal scripts for each service, that are either grabbing out the relevant information or delete an account on the services
[21:05:41] <lethliel> kl_eisbaer: for some services that is not that easy to handle.
[21:05:48] <lcp15> yeah, some softwares already have those scripts
[21:05:54] <kl_eisbaer> some systems currently allow an admin to manually edit/delete an account - but I would love to see a more automated way  - otherwise we will not be able to handle this correctly.
[21:05:54] <deneb_alpha> one of the request was to have an easy way to communicate with external people. or, let me rephrase, an easy way for externals to contact the legal entity and ask for GDPR topics etc
[21:05:57] <lcp15> some others are gonna be a nightmare
[21:06:01] <pjessen> kl_eisbaer: gee, I forgot I wrote all that in the wiki
[21:06:19] <lethliel> If I think of OBS deleting users would kill the history
[21:06:36] <pjessen> lethliel: bugzilla too ?
[21:06:37] <kl_eisbaer> from my point of view, we should start with one service and test how it goes.
[21:06:48] <cboltz> maybe we need to define what exactly to delete before writing scripts - for example, what if someone sends a delete requests for wiki contributions?
[21:07:01] <lcp15> pjessen: I hope you are ready for rewriting that to fit mailman3, because I want to deploy it real soon
[21:07:05] <lcp15> >:D
[21:07:06] <deneb_alpha> kl_eisbaer, sounds like a good plan
[21:07:10] <cboltz> (and if we "only" delete the user, who will be the owner of those edits?)
[21:07:19] <pjessen> mind you - afaik, we are not obliged to delete what is required for operations.
[21:07:31] <lcp15> cboltz: usually a blank user is chosen
[21:07:35] <bmwiedemann1> users can be anonymized to deleted@example.com
[21:07:35] <kl_eisbaer> cboltz: you might think about a "anonymous" user, who could be used instead.
[21:07:36] <malcolmlewis> cboltz, we use ananoymous in the forum, we will not delete content
[21:07:37] <lcp15> so we would need a blank account
[21:08:13] <cboltz> ok, is the username "deleted" still available in our account system? ;-)
[21:08:37] <pjessen> cboltz: exterminated?
[21:08:42] <kl_eisbaer> I think we need to define general options, that each script understands (like "delete user $foo") - and each script for each service should handle these general options in a way, that is adjusted for each service.
[21:08:44] <lcp15> I don't think we have a way to check outside of creating the account
[21:09:11] <cboltz> but to make things more interesting: technically that would mean merging users in the wiki ($user_to_delete into "deleted") - and Mediawiki keeps a log of such user merges, which will contain $user_to_delete
[21:09:37] <kl_eisbaer> The important part (and that's one of the reasons why I started the wiki page): we should define the "general options" first...
[21:10:02] <lethliel> Yes.
[21:10:02] <bmwiedemann1> cboltz: just rename $user_to_delete to deleted123
[21:10:07] <pjessen> I have recently done an edit of the list archives,  just because some dude left his name in a post. took me an easy 30mins
[21:10:26] <kl_eisbaer> ...and we should document (at least roughly) how a service will behave
[21:10:31] <cboltz> bmwiedemann1: that also leaves $user_to_delete in the user rename log
[21:10:36] <lethliel> And we should just clarify what needs to be deleted.
[21:10:46] <pjessen> lethliel: exactly!
[21:11:13] <kl_eisbaer> for me that's an AI for everyone to add this information in the wiki page for "his" service.
[21:11:20] <robin_listas> I don't think you have to worry about the logs. Logs are logs. Only worry about the published data
[21:11:33] <deneb_alpha> lethliel, that is something that SUSE legals can provide.
[21:11:38] <kl_eisbaer> after we have that information, we can have a 2nd discussion if this is enough for a beginning or if we need more...
[21:11:47] <pjessen> deneb_alpha: yes please.
[21:11:57] <cboltz> robin_listas: the wikis tend to have their logs public as special:$whateverLog
[21:12:08] <robin_listas> oh.
[21:12:15] <cboltz> exactly ;-)
[21:12:28] <deneb_alpha> pjessen, the list of services active and what is logged/where is an important start for legals
[21:12:48] <cboltz> deneb_alpha: the list of services is on status.opensuse.org ;-)
[21:12:52] <pjessen> deneb_alpha: hmm i knew that one was going to boomerang
[21:13:02] <lethliel> deneb_alpha: Will you contact them?
[21:13:36] <pjessen> okay, so kl_eisbaer was right - first a list of service and what is stored/logged
[21:13:38] <deneb_alpha> lethliel, pjessen I was tasked to work on this topic
[21:13:49] <lethliel> Ah :-)
[21:14:13] <lcp15> I know how to delete users in synapse at the very least
[21:14:35] <deneb_alpha> cboltz, yep, I know about status but a bit of help will be appreciated :)
[21:14:37] <kl_eisbaer> lcp15: so please put your knowledge into the wiki
[21:14:40] <lcp15> although, that's gonna only be our local server deletion, since all the data is federated, you will have to ask every node to remove stuff
[21:15:01] <lcp15> none of our business, just mentioning ;)
[21:15:51] <deneb_alpha> in theory we should have a description of the process (for each service). having clear status of what we are storing, how long, why etc
[21:15:55] <cboltz> deneb_alpha: just think of status.o.o as an overview or checklist - and for the full loop, you can subscribe to status updates on status.o.o with your mail address, so keep in mind that status.o.o is not listed on itsself ;-)
[21:16:12] <deneb_alpha> cboltz, ok, thanks
[21:16:27] <deneb_alpha> indeed make sense to follow that list
[21:16:34] <pjessen> I'd like to remind everyone about what kl
[21:16:50] <pjessen> I'd like to remind everyone about what kl_eisbaer said - an AI for everyone to add this information in the wiki page for "his" service
[21:17:23] <lethliel> So if I get it right this would be the approach? https://etherpad.opensuse.org/p/GDPR
[21:17:39] <lcp15> thankfully most of my stuff is static pages :P
[21:18:18] <deneb_alpha> lethliel, yep, the process is that
[21:18:29] <cboltz> lcp15: don't forget that we have at least author names on news.o.o, lizards.o.o archive etc. ;-)
[21:18:31] <deneb_alpha> and as I wrote, happy to support on this topic
[21:18:48] <deneb_alpha> cboltz, yep, also there
[21:19:10] <lcp15> cboltz: that's a very exclusive number of people
[21:19:33] <cboltz> practical question: I've seen a request where only mail address and realname were given - how can we map that to a username?
[21:19:58] <pjessen> cboltz: I have had two of those this week. good question.
[21:20:11] <cboltz> (for example, searching the wiki based on the mail address is nearly impossible - well, grepping the database dump, but... ;-)
[21:20:21] <lcp15> based on email maybe?
[21:20:35] <deneb_alpha> cboltz, for what I opened via ticket, the request was shared by suse legal and usually there's the person sending the request that is providing the info for being identified
[21:21:01] <deneb_alpha> pjessen, the request I opened were from suse legals.
[21:21:07] <lcp15> the bigger issue is that people may write their name differently depending on context, like that german ö and oe thing
[21:21:17] <lethliel> I will take the action item for OBS (to identify what is logged)
[21:21:17] <kl_eisbaer> cboltz: I guess we might end up in a lot of scripts doing stuff directly in the database. But IMHO especially for mediawiki, there is some GDPR stuff in the newer releases already
[21:21:20] <pjessen> deneb_alpha: yep, I understand
[21:21:43] <deneb_alpha> the info are directly shared by the person. if they are not providing the right info, well, not our business ;)
[21:21:49] <cboltz> kl_eisbaer: will you ever skip a chance to remind me that I have to do an update? ;-)
[21:21:57] <pjessen> cboltz: kl_eisbaer: I did quite a bit of grepping about in the forums database today.
[21:22:18] <kl_eisbaer> cboltz: your wiki servers are getting closer to connect ... :-P
[21:22:28] <lcp15> connect is dead
[21:22:35] <kl_eisbaer> wiki as well
[21:22:57] <lcp15> soon:tm:
[21:23:09] <lethliel> Sorry. I have to run now. So documenting my findings on https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/GDPR will be ok?
[21:23:23] <lcp15> yup
[21:23:40] <pjessen> deneb_alpha: I guess we need some sort of contract with legal - we can only act based on the information provided.
[21:23:43] <lcp15> I will update it with stuff from synapse as soon as I can
[21:23:57] <kl_eisbaer> that's btw one of the reasons why I push for updating our infrastructure zoo so often: this way we get hurt sometimes by small migration issues. But if we don't do that, we get hurt by big migration issues ...
[21:24:10] <lethliel> Ok. A nice evening to all of you.
[21:24:16] <deneb_alpha> pjessen, I think _we_ will get it.
[21:24:18] <kl_eisbaer> lethliel: yes, documenting there is ok. Have a nice night
[21:24:25] <cboltz> deneb_alpha: I'm not too sure about that. Let's assume we don't know the username, but the user exists in the wiki and later gets a mail via the "watched pages" feature - after we told him we don't have stored his mail address
[21:25:07] <robin_listas> cboltz: I think the connect platform has the alias, email, and real name info, but I don't know how to search for it.
[21:25:10] <cboltz> so just saying "$person didn't provide the username" might fire back
[21:25:11] <lcp15> lethliel: cya
[21:25:23] <kl_eisbaer> cboltz: ...and this user might get reached by other people because they grabbed his IRC nick from connect.o.o... That's why I'm saying we need to do this for each and every little service
[21:25:39] <deneb_alpha> cboltz, from what I know usually the person requesting is providing the info for being identified. what we should do is to have a clear vision of all our process but we can't do magics
[21:25:50] <deneb_alpha> kl_eisbaer, +1
[21:25:58] <pjessen> cboltz: good point - which is why I suggested a contract.  From many years in the big bad corporate world - CYA.
[21:26:22] <kl_eisbaer> pjessen: agree.
[21:26:40] <deneb_alpha> pjessen +1
[21:26:44] <kl_eisbaer> So "someone" needs to bring this up to SUSE legal. Any volunteers? :-)
[21:26:56] <deneb_alpha> kl_eisbaer, already done
[21:27:02] <kl_eisbaer> perfect, thanks!
[21:27:42] <deneb_alpha> for the list of people is it fine the one in the heroes team wiki page?
[21:28:00] <lcp15> I'm sure it's woefully outdated
[21:28:35] <deneb_alpha> in theory all the people with admin access should sign this "agreement" or how we can call it
[21:29:33] <deneb_alpha> we could consider this like a pre-work for the foundation ;) with an openSUSE legal entity we should have this too
[21:30:04] <pjessen> deneb_alpha: might look very different though.  (I also work with GDPR in real life).
[21:30:20] <pjessen> deneb_alpha: otherwise agree
[21:30:20] <deneb_alpha> pjessen, yep, unfortunately I know what you mean ;)
[21:30:34] <kl_eisbaer> deneb_alpha: we could use the list of people in Freeipa
[21:30:47] <kl_eisbaer> as these are the ones who somehow "access" data
[21:31:12] <kl_eisbaer> ...which would result in: our forum and wiki admins need to be listed there as well IMHO
[21:31:20] <deneb_alpha> kl_eisbaer, good starting point :)
[21:33:22] <jdsn> before we run out of topics, I have another one :)
[21:33:57] <lcp15> I hope it's freeipa related too :P
[21:33:57] <jdsn> earlier this year I volunteered kl_eisbaer an me to work on the opensuse MX servers - it turned out during the carveout activities we did not have much time for this - so is there someone who likes to help with that?
[21:33:57] <pjessen> jdsn: oh no, those have to be added three weeks in advance
[21:34:21] <pjessen> jdsn: I'll volunteer for that, sure.
[21:34:28] <jdsn> :)
[21:34:39] <kl_eisbaer> pjessen: mx{1,2}.infra.opensuse.org are waiting for some love ;-)
[21:34:50] <lcp15> mx stuff isn't for me, I only do mailman deployments for people apparently :P
[21:35:02] <pjessen> kl_eisbaer: cool, that is an itch I love to scratch
[21:35:26] <jdsn> pjessen: thanks
[21:35:45] <kl_eisbaer> but I guess it might be also a good idea to draft some pictures in our wiki again to paint the whole "mail delivery picture" .... I will take that item, if  nobody objects
[21:36:12] <lcp15> it would be cool
[21:36:45] <deneb_alpha> kl_eisbaer, kudos for picking this task. not an easy drawing I suppose
[21:37:12] <kl_eisbaer> pjessen: if you focus on the new mx, I can draft the picture and identify some small issues, I currently see in our setup. (for example, why are machines (like baloo) with external interfaces sent their messages through the relay instead of sending them out directly?)
[21:37:13] <pjessen> deneb_alpha: kl_eisbaer will delegate it to the children, I'm sure.
[21:37:32] <jdsn> pjessen: if you need help or some data from our suse mx servers for the migration, just ping me
[21:37:33] * lcp15 will be taking care of beautifying anything if required ;)
[21:37:39] <deneb_alpha> :)
[21:37:41] <kl_eisbaer> pjessen: psst: they are sleeping. Now they get nightmares ;-)
[21:38:01] <lcp15> jdsn: since you don't have objections to freeipa access anymore, how will actually getting access be handled
[21:38:04] <pjessen> kl_eisbaer: jdsn: thanks - I'll be in touch.
[21:38:32] <cboltz> kl_eisbaer: drawing the _current_ setup is probably scary (from the bits I know) - therefore I'd recommend to only draw the new setup ;-)
[21:38:34] <jdsn> lcp15: I thought you discussed that with kl_eisbaer alrady and only waited for our ok
[21:38:35] <kl_eisbaer> pjessen: FYI: I copied a lot of stuff on the two mx already from the suse mx setup. If you want to have  a look :-)
[21:38:50] <lcp15> jdsn: I don't remember tbh
[21:39:02] <jdsn> or I misunderstood it
[21:39:29] <lcp15> if kl_eisbaer can handle giving me access to it, then ignore me :P
[21:39:34] <kl_eisbaer> lcp15: as jdsn gave his ok, you will simply get root on the current freeipa machine ;-)
[21:39:35] <pjessen> kl_eisbaer: I guess you never got to some migration plan or similar?
[21:39:42] <jdsn> lcp15: I guess kl_eisbaer or cboltz will give you access
[21:39:45] <lcp15> kl_eisbaer: alright, perfect
[21:39:53] <kl_eisbaer> pjessen: for Email? Not really.
[21:40:09] <pjessen> kl_eisbaer: that's fine - just so I know where to start
[21:40:16] <kl_eisbaer> Especially as the new mx.opensuse.org machines should only forward external Emails to the internal servers.
[21:40:27] <kl_eisbaer> ...or to the alias Emails from our community members
[21:40:59] <kl_eisbaer> both new mx are in Salt already, so anyone should be able to login there
[21:42:13] <lcp15> bmwiedemann: ah, since you are planning to set up openidc in id.o.o I assume, what is your estimate on how soon can we get metadata for a few apps
[21:42:39] <lcp15> we need it for hyperkitty and synapse at the very least
[21:43:14] <lcp15> and discourse I think???
[21:44:04] <cboltz> lcp15:   ssh root@freeipa.i.o.o   should work for you
[21:44:13] <lcp15> excellent
[21:44:18] <lcp15> well, migration time
[21:44:32] <kl_eisbaer> lcp15: you got admin rights in freeipa now (WebUI) and should be able to login on the machine and do the usual sudo su -
[21:44:33] <lcp15> after I update the centos machine to centos8.2
[21:47:02] <kl_eisbaer> ok - any urgent topics left for today?
[21:47:15] <lcp15> looking at the time, I assume we won't have the time to address the old tickets, so maybe let's move that to next month
[21:47:52] <cboltz> seems to become a tradition ;-)
[21:48:14] <jdsn> we should keep good habits :)
[21:48:22] <deneb_alpha> thanks a lot folks for the time spent on the GDPR topic and sorry if took too long :)
[21:48:25] <lcp15> I go over those tickets every couple of months regardless of the meetings
[21:48:27] <kl_eisbaer> hey: one of two more years does not really count, or? :-D
[21:48:46] <pjessen> everyone, I feel it's been a very productive meeting. tnx.
[21:48:48] <robin_listas> (me knows nothing) how about a separate meeting only for tickets? (running)
[21:49:03] * cboltz catches robin_listas
[21:49:17] <pjessen> cboltz: strangle or torture?
[21:49:20] <lcp15> at this point we might need to call a 2 day conference to address them all
[21:49:31] <lcp15> one meeting is just not cutting it
[21:49:42] <kl_eisbaer> robin_listas: this is called oSC - I will ask Doug for a new "entry game for everyone: ticket wrangling" :-)
[21:49:52] <deneb_alpha> :)
[21:50:23] <cboltz> pjessen: https://laughingsquid.com/cat-5-o-nine-tails-ethernet-cable-whip/ ;-)
[21:50:23] <pjessen> maybe we ought to dedicate the next meeting to some ticket maintenance ?
[21:50:30] <kl_eisbaer> access to oSC will only be granted after successfully closing a ticket. First come, oldest tickets served
[21:50:42] <robin_listas> I did trouble ticketing for a job, long ago. I know what it entails. But I simply have no knowledge about here and this to be of help.
[21:50:45] <bmwiedemann1> btw: for my new server I had to email t-online to whitelist the IP, so it would be good to only have 1 outgoing mailserver IP
[21:51:17] <pjessen> bmwiedemann1:  there are ways - thanks for the hint
[21:51:18] <lcp15> kl_eisbaer: I literally need to write a big web app for one of the tickets, not gonna happen
[21:51:32] <pjessen> goodnight everyone
[21:51:54] <lcp15> alright, the meeting is over, we can all go home now
[21:51:55] <kl_eisbaer> good night. And thanks for the productive meeting!
[21:51:56] <cboltz> kl_eisbaer: do the tickets I closed when I got access to progress.o.o still count? That should give me access for at least the next century ;-)
[21:51:57] <jdsn> n8
[21:51:58] <deneb_alpha> thanks to everyone, was a pleasure to join the meeting :)
[21:52:21] <bmwiedemann1> gn
[21:52:26] <kl_eisbaer> cboltz: some will even earn a new t-shirt ... ;-)
[21:53:18] <cboltz> thanks everybody, and special thanks to lcp15 for leading the meeting
[21:54:07] <deneb_alpha> bye
[22:27:09] <cboltz> lcp15: are you also interested in doing the "meeting paperwork" (uploading the IRC log to the meeting ticket, and creating the ticket for the next meeting) ? ;-)