Hi,

Here's the summary of last week's meeting. The initial feature
deprecation process is described in it, as well as here:

http://www.secure-computing.net/wiki/index.php/OpenVPN/Developer_documentation

As we all need to follow the process, please let if there are any
problems with it. There's definitely room for improvement and
clarifications.

Btw. what do you think about including the full IRC chatlog in these
emails? It would make it much easier to see exactly what was discussed.
After all, the summary is only my personal interpretation of the discussion.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


COMMUNITY MEETING

Place: #openvpn-discussion on irc.freenode.net
List-Post: openvpn-devel@lists.sourceforge.net
Date: Thursday, 18th January 2010
Time: 19:00 UTC

Full log available here:

http://secure-computing.net/logs/%23%23openvpn-discussion.log

Next meeting on Thu 25th Feb 2010. Same place but different time (18:00 UTC)

SUMMARY

Discussed how to organize testing of the "testing" tree. Agreed that we need 
dedicated testers with known setups/configurations. 
For example, each tester would have a Wiki page built on a template, containing 
the OS (e.g. Debian Lenny, OpenBSD), features in use (e.g. IPv6), network 
topology etc. Agreed that we can expect these (dedicated) testers to always use 
the latest "testing" version to reduce variables to minimum.

Discussed LDAP authentication setup for the community site in some detail. The 
current plan is to have a central LDAP server handling user authentication and 
have a self-service user registration (e.g. with http://code.google.com/p/pwm) 
for users. This can be shared by all services provided by the community site 
server. Later the service can be extended to other community sites (e.g. 
OpenVPN e.V) securely using OpenVPN. The whole LDAP directory can even be 
replicated to these other sites to provide redundancy. An overview of this 
setup is currently available here:

 http://users.utu.fi/sjsepp/openvpn/Community_Authentication.dia
 http://users.utu.fi/sjsepp/openvpn/Community_Authentication.png (does not show 
100% correctly)

Discussed the possibility of using OpenID instead of LDAP. Samuli agreed to 
take a better look at OpenID authentication support in various web applications 
we might use.

Discussed the "FQDN for routes should expand to all IPs" patch and more 
specifically this part:

 From getaddr() [socket.c:220 - r5371]:

  if (h->h_addr_list[1]) /* more than one address returned */
    {
      int n = 0;
      /* count address list */
      while (h->h_addr_list[n])
        ++n;
      ASSERT (n >= 2);

      msg (D_RESOLVE_ERRORS, "RESOLVE: NOTE: %s resolves to %d
                              addresses, choosing one by random",
                   hostname,
                   n);

      /* choose address randomly, for basic load-balancing capability */
      ia.s_addr = *(in_addr_t *) (h->h_addr_list[get_random () % n]);
    }

Agreed that this randomization is not probably required in most scenarios and 
as such should be removed or deprecated. For more thorough discussion see the 
full chatlog.

Discussed removal of features from the code (e.g. above randomization code). On 
the other hand backwards compatibility was seen as important. On the other hand 
excessive use of #ifdef's or run-time configuration options will erode the code 
in the long run. It was agreed that a feature deprecation process is necessary 
to accommodate both users (who depend on certain features) and developers (who 
depend on understandable code). Decided to start with something like this to 
minimize end-user impact:

1. Ask users if they are depending on a feature considered for deprecation 
(e.g. using the openvpn-users mailing list)
   1.1. If users complain, discuss the issue and possible solutions with them
   1.2. If there are no complaints, proceed to 2

2. Add logging code to deprecated pieces of code that are thought to affect a 
lot of users. For example, make it output a warning to the logs (e.g. "WARNING: 
this feature is being deprecated and will be removed soon"). Keep the code 
enabled by default.
  2.1. If users complain now, discuss the issue and possible solutions with them
  2.2. If there are no complaints, proceed to 3

3. Make the feature disabled by default, but allow enabling it at compile-time 
(use #ifdef's).
  3.1. If users complain now, discuss the issue and possible solutions with them
  3.2. If there are no complaints, proceed to 4

4. Remove the feature entirely from the code
  4.1. If users complain now, discuss the issue and possible solutions with them
  4.2. If there are no complaints, proceed to 5

5. Finished. The feature was not really important to anyone and is not 
cluttering the code anymore.

Each feature could be kept around in "deprecated" mode in the first stable 
release, disabled but available in the second and  removed in the third 
release. This will give users plenty of time to reach, depending on the release 
cycle.

Also agreed that each feature deprecation / removal needs to be documented 
visibly in the release notes.

Cron2 acknowledged the Eurephia patch from dazo based on clarifications given 
by James.

Decided to move the meeting time one hour earlier (18:00 UTC).

Reply via email to