openSUSE Project Management Tool: Issues
https://progress.opensuse.org/
https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?1582917784
2022-11-21T13:00:34Z
openSUSE Project Management Tool
Redmine
openSUSE admin - tickets #120805 (Closed): RedmineUP plugins — Black Fridays Sale
https://progress.opensuse.org/issues/120805
2022-11-21T13:00:34Z
lrupp
<p>-------- Ursprüngliche Nachricht --------<br>
Von: RedmineUP <a href="mailto:noreply@redmineup.com">noreply@redmineup.com</a><br>
Gesendet: 21. November 2022 05:16:06 UTC<br>
An: <a href="mailto:lars@linux-schulserver.de">lars@linux-schulserver.de</a><br>
Betreff: RedmineUP plugins — Black Fridays Sale</p>
<p><a href="https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=a67fdc73c7&e=52c1077643">https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=a67fdc73c7&e=52c1077643</a><br>
Dear Redmine Friend,<br>
Don't miss our Black Friday promotion and get the most wanted Redmine plugins with a huge 50% discount until 28th November.<br>
Buy now with 50% OFF » (<a href="https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=70e591ba75&e=52c1077643">https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=70e591ba75&e=52c1077643</a>)<br>
Discount applied also to upgrades and renewals.</p>
<a name="Apply-coupon-code-BFWEEK2022-or-use-links-below"></a>
<h2 >Apply coupon code BFWEEK2022 or use links below<a href="#Apply-coupon-code-BFWEEK2022-or-use-links-below" class="wiki-anchor">¶</a></h2>
<p>[Full-Stack Plugin Bundle]<br>
Complete Plugin PackBest deal</p>
<p>A complete pack of all PRO plugins:</p>
<p>Agile, Helpdesk, CRM, MailChimp, Invoices, People, Checklists, Products, Finance, Reporter, Questions, Zenedit, and Resources.</p>
<p>$1799 $899</p>
<a name="Buy-now-httpsredmineupus6list-managecomtrackclicku5b152775f661ee7b05f8b1384ampidf38a505862ampe52c1077643"></a>
<h2 >Buy now » (<a href="https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=f38a505862&e=52c1077643">https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=f38a505862&e=52c1077643</a>)<a href="#Buy-now-httpsredmineupus6list-managecomtrackclicku5b152775f661ee7b05f8b1384ampidf38a505862ampe52c1077643" class="wiki-anchor">¶</a></h2>
<p>[Agile plugin]<br>
Agile PRO pluginBest Selling</p>
<p>Use Agile boards for SCRUM/Kanban with swimlanes & sub-columns, customizable Agile charts, and Agile sprint planner.</p>
<p>$499 $249</p>
<a name="Buy-now-httpsredmineupus6list-managecomtrackclicku5b152775f661ee7b05f8b1384ampid593f540c16ampe52c1077643-BFWEEK2022ampSRCemail"></a>
<h2 >Buy now » (<a href="https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=593f540c16&e=52c1077643">https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=593f540c16&e=52c1077643</a> BFWEEK2022&SRC=email)<a href="#Buy-now-httpsredmineupus6list-managecomtrackclicku5b152775f661ee7b05f8b1384ampid593f540c16ampe52c1077643-BFWEEK2022ampSRCemail" class="wiki-anchor">¶</a></h2>
<p>[Helpdesk Plugin]<br>
Helpdesk pluginUSEFUL</p>
<p>Turn emails into tickets. Use autoresponder and replies template, email sorting rules, client panel, reports, API and widget.</p>
<p>$399 $199<br>
Buy Now » (<a href="https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=a7aa229403&e=52c1077643">https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=a7aa229403&e=52c1077643</a> BFWEEK2022&SRC=email)<br>
See all discounted plugins » (<a href="https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=1a7e33ef68&e=52c1077643">https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=1a7e33ef68&e=52c1077643</a>)</p>
<p>Over 100 000 users downloaded our plugins and themes over 580 000 times</p>
<p><a href="https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=6e68d3140f&e=52c1077643">https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=6e68d3140f&e=52c1077643</a> <a href="https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=87bb776ac1&e=52c1077643">https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=87bb776ac1&e=52c1077643</a> <a href="https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=4712cb54d9&e=52c1077643">https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=4712cb54d9&e=52c1077643</a></p>
<p>============================================================</p>
<p>You receive this email as a client or user of RedmineUP resources.<br>
** Privacy Policy (<a href="https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=ca6880f50b&e=52c1077643">https://redmineup.us6.list-manage.com/track/click?u=5b152775f661ee7b05f8b1384&id=ca6880f50b&e=52c1077643</a>)<br>
| ** Say Goodbye – Unsubscribe (<a href="https://redmineup.us6.list-manage.com/unsubscribe?u=5b152775f661ee7b05f8b1384&id=9726f6795a&e=52c1077643&c=ab3680ac48">https://redmineup.us6.list-manage.com/unsubscribe?u=5b152775f661ee7b05f8b1384&id=9726f6795a&e=52c1077643&c=ab3680ac48</a>)</p>
<p>Copyright © 2020, RedmineUP, All rights reserved.</p>
openSUSE admin - tickets #111677 (Resolved): Decommissioning of unused machines
https://progress.opensuse.org/issues/111677
2022-05-27T07:46:49Z
lrupp
<p>Just out of interest, what should happen with the existing, but not used machines:<br>
[x] fedora-accounts.infra.opensuse.org (last login from hellcp in at Dec 2 - kept up-to date from other people since than)<br>
[x] fedora-freeipa.infra.opensuse.org (last login from hellcp in May 6 - kept up-to date from other people since than)<br>
[x] identification.infra.opensuse.org (last login from hellcp in Dec 2 - kept up-to date from other people since than)<br>
[ ] new-forum.infra.opensuse.org (last login from others than the people keeping the machine up-to date not detectable) - will keep it, see <a href="https://progress.opensuse.org/issues/111677#note-6" class="external">comment 6</a></p>
<p>If there is no general objection, the following will happen:<br>
[x] machines will be powered down at the end of June 2022<br>
[x] removed from monitoring <br>
[x] removed from backup<br>
[ ] delete the pillar/id/ files of these machines, but keep the actual salt code (roles etc.)<br>
[ ] machine images (incl. data) will be removed at the end of Dec 2022</p>
openSUSE admin - tickets #111674 (Rejected): New machine for Nextcloud
https://progress.opensuse.org/issues/111674
2022-05-27T07:27:47Z
lrupp
<p>I want to ask, if it would be possible to create a new machine for hosting Nextcloud, together with the following plugins:</p>
<ul>
<li>calendar (maybe including a shared "events" calendar?)</li>
<li>circle (creating/managing nextcloud internal groups for the other plugins)</li>
<li>cospend (shared budget manager)</li>
<li>deck (as replacement for Trello - kind of project management)</li>
<li>files (for internal/external file sharing)</li>
<li>polls (allowing users to create/manage internal polls)</li>
</ul>
<p>This hosted Nextcloud instance should be available to all openSUSE members, including a default storage space of 2G.</p>
openQA Tests - action #106508 (Workable): [opensuse][desktop][qe-core] html5test.opensuse.org pro...
https://progress.opensuse.org/issues/106508
2022-02-10T07:07:48Z
lrupp
<p>Hi there,</p>
<p>I hope, I'm right with expecting the main 'users' of the html5test application here. If not, feel free to redirect me to the correct place.</p>
<p>jQuery < 1.9.0 is vulnerable to CVE-2012-6708, but html5test.opensuse.org provides <br>
<a href="https://html5test.opensuse.org/scripts/jquery/jquery-1.7.2.min.js" class="external">https://html5test.opensuse.org/scripts/jquery/jquery-1.7.2.min.js</a></p>
<p>As I could not find a reference in the main page pointing to this file, I would expect that you can simply delete it. But it is also possible to upgrade to a newer version (like jquery-1.9.1.min.js).</p>
<p>It also seems, that the page is not developed any longer (since 2018 - as mentioned <a href="https://github.com/WebPlatformTest/HTML5test/issues/569" class="external">here</a> as well). Maybe it's time to check for another test page?</p>
<p>Our current production system works with <a href="https://github.com/openSUSE/HTML5test" class="external">https://github.com/openSUSE/HTML5test</a> - any changes pushed there should end up in the production system two hours later.</p>
<p>Regards,<br>
Lars</p>
<a name="Acceptance-Criteria"></a>
<h2 >Acceptance Criteria<a href="#Acceptance-Criteria" class="wiki-anchor">¶</a></h2>
<p>AC1: Remove jquery if it is not needed, or update it if it is needed. Currently when loading the page jquery is not loaded, so it looks like it coudl be removed.<br>
AC2: Keep the page more or less working</p>
<a name="Additional-Suggestions"></a>
<h2 >Additional Suggestions<a href="#Additional-Suggestions" class="wiki-anchor">¶</a></h2>
<p>You may look if newer versions/forks is available, but removing the flawed jquery is priority.</p>
openSUSE admin - tickets #102602 (Closed): anna|elsa, daffy1|daffy2: SSL/TLS: Deprecated TLSv1.0 ...
https://progress.opensuse.org/issues/102602
2021-11-17T23:05:50Z
lrupp
<a name="Insight"></a>
<h2 >Insight<a href="#Insight" class="wiki-anchor">¶</a></h2>
<p>The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like:</p>
<ul>
<li>CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
*CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)</li>
</ul>
<a name="Impact"></a>
<h2 >Impact<a href="#Impact" class="wiki-anchor">¶</a></h2>
<p>An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection.</p>
<p>Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.</p>
<a name="Solution"></a>
<h2 >Solution<a href="#Solution" class="wiki-anchor">¶</a></h2>
<p>It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. </p>
<p>Just use <a href="https://ssl-config.mozilla.org/" class="external">https://ssl-config.mozilla.org/</a> as base for a good configuration.</p>
<a name="References"></a>
<h2 >References<a href="#References" class="wiki-anchor">¶</a></h2>
<p>CERT</p>
<p>DFN-CERT-2020-0177<br>
DFN-CERT-2020-0111<br>
DFN-CERT-2019-0068<br>
DFN-CERT-2018-1441<br>
DFN-CERT-2018-1408<br>
DFN-CERT-2016-1372<br>
DFN-CERT-2016-1164<br>
[...]</p>
openSUSE admin - tickets #95341 (New): No terms of service agreement on account creation
https://progress.opensuse.org/issues/95341
2021-07-11T09:49:34Z
lrupp
<p><a href="https://idp-portal.suse.com/univention/self-service/#page=createaccount" class="external">https://idp-portal.suse.com/univention/self-service/#page=createaccount</a> </p>
<p>Does neither show the terms of service not does it require an agreement to those. </p>
<p>While it might be obvious for us, I also like to mention that there is also no impress or other information about the owner of the page.</p>
<p>Please include at least some links to :</p>
<ul>
<li><a href="https://en.opensuse.org/Imprint" class="external">Imprint</a></li>
<li>Terms of service</li>
<li><a href="https://en.opensuse.org/Terms_of_site" class="external">Privacy policy</a></li>
</ul>
<p>I am well aware that openSUSE does not provide a real "Terms of service" page at the moment - IMHO this should be clarified with legal.</p>
openSUSE admin - tickets #68657 (Closed): swish-e indexing broken because of wrong config permiss...
https://progress.opensuse.org/issues/68657
2020-07-06T07:33:49Z
lrupp
<p>Today I wondered why the search.cgi on lists.opensuse.org did not work. </p>
<p>Looks like the index file got somehow broken, which might be a result of the latest upgrade of the machine.</p>
<p>During further investigation/trying to rebuild the index, I noticed that the configuration file /etc/swish-e.conf was owned by root:root with permissions 640. This resulted in the user "archive" not being able to read the configuration any longer and the cron jobs were failing. Looks like they failed silently?</p>
<p>I fixed the permissions now and started to run a full reindex in a screen session of user "archive" (which will take some time, I guess). </p>
<p>So the original issue should be fixed - fixable now (the cron jobs should also be able to start working now).</p>
<p>BUT: we should think about a way to monitor the indexing somehow. This needs investigation.</p>
openSUSE admin - tickets #68512 (Closed): Adjust login.template pages to new layout
https://progress.opensuse.org/issues/68512
2020-06-29T13:15:47Z
lrupp
<p>Our current login pages are still using the old bento layout. </p>
<p>Time to refresh them...</p>
openSUSE admin - tickets #67600 (Resolved): IPv6 network migration
https://progress.opensuse.org/issues/67600
2020-06-02T15:16:06Z
lrupp
<p>As SUSE is becoming independent, some networks need to be re-arranged. One of them is the IPv6 network.</p>
<p>The old IPv6 network range (2620:113:80c0:8000::/50) in Nuremberg will go away end of the month. openSUSE still has some machines using this old IPv6 address since 2012. These machines need to be switched to the new IPv6 range (2001:67c:2178::/50), which is already in place and can be used directly.</p>
openSUSE admin - tickets #67444 (Resolved): IPv4 network renumbering of machines in Provo
https://progress.opensuse.org/issues/67444
2020-05-29T08:44:53Z
lrupp
<p>SUSE is getting a new ISP in Provo - and a new set of external IP addresses. </p>
<p>So far, openSUSE got 91.193.113.64/27 assigned, which allows the usage of 32 IPv4 addresses. There is currently no IPv6 available in the new network, but people are working on this.</p>
<p>Default Gateway for all machines will be 91.193.113.94</p>
<p>Please have a look at the checklist for affected machines and their (old) => new IP address assignments.</p>
<p>The new network is protected by a stateful firewall, managed by SUSE-IT. The attached pdf contains the services and ports that are currently requested.</p>
openSUSE Marketing - action #67435 (In Progress): Nice and shiny 404 page
https://progress.opensuse.org/issues/67435
2020-05-28T22:09:28Z
lrupp
<p><a href="https://www.opensuse.org/foo" class="external">https://www.opensuse.org/foo</a> and similar, broken URLs are currently showing a standard 404 page.</p>
<p>We should have a nicer 404 with some additional information for people (like links to search engines?). Like a grumpy Geeko, who tried to find something which is not there - or similar.</p>
<p>In addition, other error pages (like 503 - Geeko unavailable) or maintenance pages might also be helpful.</p>
openSUSE admin - tickets #67195 (Closed): Wiki does not show news feed
https://progress.opensuse.org/issues/67195
2020-05-24T19:55:55Z
lrupp
<p><a href="https://en.opensuse.org/Portal:Distribution" class="external">https://en.opensuse.org/Portal:Distribution</a> (resp. <a href="https://en.opensuse.org/Portal:Distribution/News" class="external">https://en.opensuse.org/Portal:Distribution/News</a> ) is not showing any news, only:<br>
<code>Failed to load RSS feed from https://news.opensuse.org/category/distribution/feed/</code></p>
openSUSE admin - tickets #63979 (Resolved): UTF-8 problems with jekyll
https://progress.opensuse.org/issues/63979
2020-02-28T15:02:33Z
lrupp
<p>Please have a look at <a href="https://news.opensuse.org/2011/06/09/world-ipv6-day-results/" class="external">https://news.opensuse.org/2011/06/09/world-ipv6-day-results/</a></p>
<p>Nürnberg != Nürnberg</p>
<p>This is just an example I stumbled over. There might be more. IMHO something that should be fixable via "sed" in the source now. </p>
openSUSE Marketing - action #62744 (Resolved): Vote for openSUSE
https://progress.opensuse.org/issues/62744
2020-01-29T00:48:58Z
lrupp
<p>I know: voting is lame and there are 1000 votes available each day. But:</p>
<p><a href="https://opensource.com/article/20/1/favorite-linux-distribution" class="external">https://opensource.com/article/20/1/favorite-linux-distribution</a></p>
<p>Maybe someone can spread the word to our channels?</p>
openQA Infrastructure - action #62666 (New): Move openqa.opensuse.org into opensuse private network
https://progress.opensuse.org/issues/62666
2020-01-24T19:46:45Z
lrupp
<p>Dear openQA admins</p>
<p>We are currently working towards a better separation of SUSE and openSUSE machines. This should finally allow more community contributors to be able to jump in and either help with the current infrastructure or deploy and develop new stuff - independent from any SUSE influence.</p>
<p>There are just a few machines left to finish this migration - and your openQA setup is one of it.</p>
<p>So it like to ask if you could consider to move your current admin machine (ariel) from the "SUSE owned" private network 192.168.254.0/24 into the "openSUSE Heroes owned" network 192.168.47.0/24?</p>
<p>Details:</p>
<p>Current situation:</p>
<ul>
<li>192.168.254.15 is the current IP of your host in this network</li>
<li>traffic to your webservice <a href="https://openqa.opensuse.org/">https://openqa.opensuse.org/</a> gets routed via a HAproxy pair from the internet to this interface</li>
<li>your machine currently reaches out to other networks ("the internet") via a gateway in this network</li>
<li>you access this machine (and the machines behind it) via a port forwarding rule </li>
</ul>
<p>New, proposed situation:</p>
<ol>
<li>47.78 will be the new IP of your host in the new network (this might change if you wait too long, but don't worry, we have enough IP addresses at the moment ;-)</li>
<li>traffic to your webservice <a href="https://openqa.opensuse.org/">https://openqa.opensuse.org/</a> gets routed via another HAproxy pair from the internet to this interface</li>
<li>your machine will reach out to other networks ("the internet") via another gateway in this network</li>
<li>you access this machine (and the machines behind it) via a dedicated openVPN, which is reachable from everywhere</li>
</ol>
<p>Especially the last point might be interesting for you, as all the others are more or less just cosmetic.</p>
<p>This openVPN is the "openSUSE heroes" openVPN, which has in general nothing to do with anything you might currently use. The openSUSE Heroes try to have security in mind with everything they do - and therefor decided to trust only themselves and their loved distribution. So they setup an own authentication provider and a this dedicated VPN to combine security, maintainability and effectiveness. The result are dedicated accounts for everyone who works on openSUSE related infrastructure - while including the ability to work from wherever he is at the moment. All you need is your account and the openVPN certificates for this. If you agree to get switched, I currently see two possible solutions to work on the infrastructure for openQA:</p>
<ol>
<li>use a jumphost, which has to be inside the SUSE network </li>
<li>get dedicated accounts and VPN credentials and use them</li>
</ol>
<p>Both options might be used in parallel (while - from a security point - only using the 2nd option would be preferred), which hopefully will not become too complicated for you. </p>
<p>Benefit: if there will be community members, who like to help and work on openQA, they could easily be allowed to do so.</p>
<p>Alternatively, you can decide to "stay on the SUSE side", which will imply no change of your current workflows. You might be the only openSUSE infrastructure project staying under SUSE-IT umbrella in this case - but this option clearly exists.</p>
<p>With kind regards,<br>
Lars <em>on behalf of the openSUSE heroes</em></p>
<p>PS: I tried to add everyone as "watcher" to this ticket, who has currently an account on ariel. I clearly missed some and apologize for this, but I could not really figure out everyone's "ariel login" <-> "bugzilla login" mapping. </p>