Meeting summary for 27 March 2024:
* *New: when to deprecate weak ciphers*
/Weak ciphers like 3DES and BF-CBC - what to do with them and when?/
/Originally it looks like it was planned to remove in 2.7 but that
may be too soon./
/For example OpenVPN Inc. still sees customers with 10+ year old
installations fairly regularly./
/A proposal to consider may be to deprecate it when crypto libraries
deprecate it./
/Weighing the expected complaints versus the low cost of just
maintaining weak ciphers until crypto libraries deprecate them - the
choice seems obvious./
/For now we'll stick with letting weak ciphers stay in unless there
is some convincing reason to remove it./
* *Closed: OpenVPN 2.6.10 release*
/This was released 20th of March./
* *Closed: OpenVPN 2.5.10 release*
/This was released 21st of March, including new Windows installers./
* *Closed: community funding initiative*
/ordex convinced OTF (Open Tech Fund) to let OpenVPN join the "FOSS
sustainability funding pilot run"./
/This allows to pay for allocated hours for mattock and cron2 to
work on OpenVPN community tasks./
/Some ongoing tasks are listed under 'Mattock Topics' in the meeting
notes and have already been going on for a while./
/This topic is therefore considered closed for now./
* *Closed: inactive setting data counter in openvpn2 and openvpn3*
/It looks like openvpn2 and openvpn3 handle the counting of traffic
for this differently./
/After some discussion it was decided illia will submit some
suggested fixes./
/This will now follow standard procedure for patch submission and
review. Closing topic./
* *Closed: tunnelblick and sophos UTM*
/Looks like Tunnelblick implemented a fix on their end./
/https://github.com/OpenVPN/openvpn/issues/525
<https://github.com/OpenVPN/openvpn/issues/525>/
* *Updated: website release process*
/Last week a website release was planned that would enable a new way
for updating Community Downloads page./
/Postponed to this week. We'll see./
* *Updated: forums topics*
/ecrist still working on forums. admin access issue looks resolved.
email issue looks resolved./
/Plan is to soon switch URLs so new forum is on forums.openvpn.net
and old forums is on archive address./
/- email confirmation on registration was suggested./
/- we still need to work on having some other people with some admin
or high mod access./
/- mod guide, hard or soft delete (chuck board?), what to do with
GDPR, etc. (write it down and actually make it available to mods,
maybe a hidden topic)/
/- access for mods to logs so one can see what others did/
* *Updated: DCO and Linux upstreaming, API change*/
/Upstreaming DCO to Linux is proceeding, it is in review stage at
the moment./
/ordex will prepare a v3 patchset soon based on feedback received./
/There will be an API change that makes it incompatible with the
current implementation./
/A graceful solution to that was already discussed and in motion.
giaan will be working on this./
/(in a nutshell, make OpenVPN understand old and new API, DKMS and
kernel versions both will then use new API, then we drop old API)//
* *Updated: mattock topics*
/Made it so --dev null tests can run arbitrary numbers of servers
concurrently, and have arbitrary amount of clients run in parallel
to these servers./
/Will probably look into separating the --dev null test data (test
cases) from the test scripts./
/Also started on debian snapshot publishing but didn't get very far
there yet./
As always you're welcome to join at #openvpn-meeting on Libera IRC
network every Wednesday at 13:00 Central European Time.
Kind regards,
Johan Draaisma
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
