17:56:26 <doktor5000__> #startmeeting 17:56:26 <Inigo_Montoya> Meeting started Fri Oct 19 17:56:26 2012 UTC. The chair is doktor5000__. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:56:26 <Inigo_Montoya> Useful Commands: #action #agreed #help #info #idea #link #topic. 17:56:55 <doktor5000__> #topic status quo of forums 17:57:07 <doktor5000__> #chair marjavanWaes maat Guest86593 17:57:07 <Inigo_Montoya> Current chairs: Guest86593 doktor5000__ maat marjavanWaes 17:57:15 <marjavanWaes> :) 17:57:19 <doktor5000__> #info Guest86593 = isadora 17:57:27 <doktor5000__> ok, what about the current forum situation? what has been decided regarding "outsourcing" the forums ? 17:57:39 <maat> So for this part 17:57:46 * doktor5000 is running for some food 17:58:13 <maat> we had a discussion during last coucil meeting 17:58:14 <marjavanWaes> doktor5000: the last thing i heard, was that we'd get a VM, but stay inside forums.mageia.org 17:58:28 <maat> but without the feedback of Oliver 17:58:42 <maat> they postponed it 17:59:12 <maat> so we will re-talk about that in council 17:59:25 <maat> dunno it it will be next or later 17:59:40 <marjavanWaes> and before there was a message from boklm that that same VM could first be used for the Brazilian forums 17:59:56 <maat> i expressed my concern about users needing to relog or deal with several passwords 18:00:06 <maat> phone sorry 18:00:10 <Guest86593> maat: what about reasoning for postponing? 18:00:12 <marjavanWaes> maat: np 18:01:29 <marjavanWaes> Guest86593: obgr_seneca was going to work something out, I may remember wrongly now, I think it was something that was needed to make it possible for users to use the same password when the forums would move to that VM 18:02:20 <Guest86593> marjavanWaes: thank you marja 18:03:19 <marjavanWaes> Guest86593: moving the forums to that VM would make it possible for the forum admin to get full access to the forums, so make it easier to do patches and upgrades 18:04:10 <Guest86593> marjavanWaes: sounds reasonable 18:04:46 <marjavanWaes> did anyone hear from the Brazilians, since I left for my time-out? 18:05:19 <Guest86593> marjavanWaes: no not here 18:06:33 <marjavanWaes> when I wrote to Otto that I presumed no data would get lost, if we weren't very fast, he didn't react to that sentence 18:07:49 <Guest86593> marjavanWaes: probably passed his attention? nevertheless important enough question 18:08:30 <marjavanWaes> IIRC he only wrote they suffered from lack of bandwidth...... but since he didn't confirm what I presumed, maybe better to ask again 18:09:12 <Guest86593> marjavanWaes: you know how terrible communication can be, maybe better try another shot 18:10:09 <maat> back 18:10:16 <maat> sorr 18:10:18 <maat> y 18:10:24 <Guest86593> maat: np ;) 18:10:48 <maat> <Guest86593> maat: what about reasoning for postponing? <-- let me answer 18:10:52 <marjavanWaes> maat: np, I think doktor5000 is still running for his food 18:11:29 <Guest86593> marjavanWaes: he must have eaten all the fridge 18:11:29 <maat> the major reason for everything is that sysadmins guys want to keeps people passwords safe 18:11:38 <marjavanWaes> Guest86593: :) 18:11:44 <maat> and for that i can only agree 18:12:10 <maat> forum system at the moment keeps a hash of the passwords 18:12:16 <maat> a complicated hash 18:12:41 <maat> but if they let others access to database or machine 18:12:54 <maat> and if one of us is eveil 18:13:24 <maat> there is a risk that the hersaid evil guy breaks a number of passwords 18:13:41 <maat> including those of sysadmins who logged in on the forum 18:14:10 <marjavanWaes> ah, I never thought of that last line 18:14:27 <maat> iphone gin 18:14:33 <marjavanWaes> maat: np 18:14:33 <maat> phone again 18:14:55 <Guest86593> maat: thanks for your explanation 18:15:57 <marjavanWaes> so now those hashes are protected by the current setup 18:16:18 <Guest86593> maat: but is there any idea at sysadmin for a workaround 18:16:40 * doktor5000 is back, sorry also headed in between to ... somewhere else which comes after food 18:17:08 <marjavanWaes> doktor5000: welcome :) 18:17:48 <doktor5000> maat: those hashes, are those direct md5 hashes of the passwords, unsalted? 18:17:56 <marjavanWaes> Guest86593: obgr_seneca was working on that.... and I think maĆ¢t had a suggestion last tuesday 18:18:14 <doktor5000> in that case you could just google for the hashes and get the plaintext passwords ... :/ 18:18:23 <marjavanWaes> doktor5000: ouch 18:19:04 <marjavanWaes> doktor5000: does that work for strong passwords, too, or only for real-word-passwords? 18:20:58 <doktor5000> marjavanWaes: that works for mostly all md5 hashes, not depending on the real password 18:21:08 <marjavanWaes> ouch 18:23:59 <Guest86593> doktor5000: no way of protecting against decryption? 18:26:34 <doktor5000> not using unsalted m5 hashes, as that is quite unsecure, or not using something md5-based for password hashes at all 18:26:47 <doktor5000> but we're drifting 18:27:27 <doktor5000> #info decision about forums "outsourcing" was postponed, will be discussed in next council meeting 18:27:49 <marjavanWaes> doktor5000: Guest86593: how are we currently doing on "difficult" users? 18:28:21 <Guest86593> marjavanWaes: i have no issues around 18:28:31 <marjavanWaes> or I should say: how are you doing, since I don't see many posts 18:28:32 <doktor5000> #action obgr_seneca is still looking for a way to securely store passwords, and to not keep hashes in forum db 18:28:39 <marjavanWaes> Guest86593: good to hear :) 18:29:36 <marjavanWaes> doktor5000: what is lemonldap? would that be a solution for the same problem? 18:30:14 <doktor5000> that is a solution for single sign-on via ldap ... maat, could you please explain in a few words? 18:30:35 <marjavanWaes> doktor5000: if he doesn't respond, he is still on the phone 18:31:06 <maat> back 18:31:08 <maat> so 18:31:23 <maat> where we partially disagree with sysadmins 18:31:55 <maat> they could live with users having to deal with several passwords 18:32:07 <maat> while i consider this would be not good for mageai 18:32:57 <maat> but we could use thigs like openid or lemonldap or cas 18:33:14 <maat> to add single sign on for our websites 18:33:37 <maat> then passwords would only remain in identidy server 18:34:17 <maat> and other websites would only get the information that the user in the session xxxxxxx is allowed to do soooooomething 18:34:28 <maat> sorry for the oooo keyboard problemmmmm 18:34:35 <marjavanWaes> ah, so the identity server is contacted whenever someone wants to sing on somewhere in mageia...... so it could be used for the blog, too 18:34:35 <doktor5000> np 18:34:51 <marjavanWaes> s/sing/sign/ 18:34:57 <maat> the principle is that a user connecting 18:35:03 <maat> iow clicking on login 18:35:16 <maat> is bounced to identity 18:35:27 <maat> there he gives his login & password 18:35:37 <maat> the he is bounced back to forum 18:35:55 <marjavanWaes> OK 18:35:59 <maat> with something attached to him allowinnnnnngforum to know who he is 18:36:22 <maat> the processus is very light for users 18:36:58 <maat> they only ntice that the url between login form and forum is different 18:37:03 <maat> the nice part 18:37:09 <maat> is that once logged 18:37:22 <maat> if they go to bugzilla or wiki 18:37:31 <maat> they dont need to log in again 18:38:02 <Guest86593> logged in at once for the mageia-cloud 18:38:09 <maat> yep 18:38:13 <maat> that's the idea 18:38:25 <marjavanWaes> sounds great...... but I can perfectly understand that a too small sysadmin team doesn't look forward to doing this 18:38:35 <maat> very simple 18:38:58 <maat> and we have kharec in the community who worked on lemon ldap 18:39:03 <maat> and he packaged it for mageia 18:39:18 <maat> so even more simple 18:39:25 <marjavanWaes> ah, you mentioned him in the meeting 18:39:35 <maat> given that the plugins are already available for mediawiki and bugzilla 18:39:43 <maat> the biggest work would be for us 18:39:59 <maat> to create a phpbb connector 18:41:54 <marjavanWaes> maat: do you know what solution obgr_seneca is working on? lemonldap or something else? 18:42:22 <maat> i guess it is openid 18:42:39 <maat> id federation more than simple sso 18:42:58 <maat> useful when there are several "sources" for users id creations 18:43:13 <maat> but more complex 18:44:11 <marjavanWaes> maat: do you have time to mail obgr_seneca about this? 18:44:20 <maat> an other option is that he's just looking at forum code to see if we can prevent phpbb from storing passwords 18:44:23 <maat> well 18:44:35 <maat> not real passwords but teirh hashes 18:44:40 <marjavanWaes> maat: in case he is still strugling 18:45:16 <maat> we could mail him the logs of this discussion 18:45:23 <maat> i'd be happy to help him 18:45:27 <marjavanWaes> maat: agreed 18:45:32 <maat> even if i don't have loads of time 18:46:08 <Guest86593> maat: constructive, thx 18:46:11 <marjavanWaes> #action marja will mail the logs of this meeting to obgr_seneca, so he will know maat is willing to help 18:48:20 <Guest86593> st3ve: welcome 18:49:12 <marjavanWaes> st3ve: good morning :) 18:49:21 <Guest86593> i'll return in some ten minutes, excusez moi 18:49:56 <marjavanWaes> about the brazilian forum, if we don't get that VM soon..... at least maat and I and jstephan have a mageia.* or mageia*.* domain 18:49:59 <marjavanWaes> Guest86593: np 18:50:25 <st3ve> hi all 18:50:27 <maat> yes 18:50:30 <st3ve> marjavanWaes: good to see you back 18:50:37 <marjavanWaes> should we find a temporary solution outside mageia.org for those guys? 18:50:45 <maat> but i hope we'll never get to such ends 18:50:48 <marjavanWaes> st3ve: thx 18:51:54 <maat> for the brazilian forum 18:51:56 <marjavanWaes> maat: me too, I'd rather only do it if there is really no other way..... and only temporarily for the brazilian forum (which is already outside mageia.org) 18:52:25 <marjavanWaes> maat: of course not for the DE and EN forums 18:52:25 <maat> i thinkwe could open an independant vm even if on the same hardware 18:52:42 <maat> to deal with urgency 18:53:03 <maat> then we could work on stadardization and sso 18:53:12 <maat> standardization 18:56:57 <marjavanWaes> maat: so forums team should have 2 vm's.... or is it easy to split one in two? 18:57:45 <maat> that would be 2 vm at first 18:57:56 <maat> unless we can have one vm with jails 18:58:04 <marjavanWaes> OK 18:58:09 <maat> which could be far better to save cpu 18:59:14 <marjavanWaes> #info to deal with suddenly added forums from outside mageia.org, forums team should have two vm's or one vm with jails 19:00:41 <maat> something like vserver for example 19:00:52 <maat> http://en.wikipedia.org/wiki/Linux-VServer 19:01:28 <Guest86593> *back again 19:01:28 <marjavanWaes> nice :) 19:01:35 <marjavanWaes> Guest86593: welcome back 19:01:43 <marjavanWaes> doktor5000: are you still around? 19:02:23 <doktor5000> marjavanWaes: yep 19:02:29 <marjavanWaes> good 19:03:21 <marjavanWaes> I doubt this is the correct time to ask anything of sysadmin team (about vserver, for instance) 19:04:01 <doktor5000> we should wait till after the discussion in council meeting ... IMHO 19:04:15 <doktor5000> to ask anything, that is 19:04:27 <marjavanWaes> doktor5000: yes, that seems a lot better...... so the Brazilians must wait 19:04:45 <doktor5000> actually i didn't like how this was handled last time, and the wording that Anne used ... 19:05:00 <maat> agreed 19:05:17 <maat> the goal is to make things easier for everybody 19:05:44 <marjavanWaes> doktor5000: I don't think she would have made you and maat chair, if she was still for 100% of the same opinion 19:06:58 <maat> Anne is in a very complex postition... all pression finishes on her shoulders 19:07:14 <marjavanWaes> maat: very true 19:07:19 <maat> and it's impossible to satisfy everybody 19:07:41 <maat> so whatever she decides there will be upset people :-( 19:08:22 <maat> i have to face that for the job 19:08:25 * marjavanWaes couldn't live with that, so it is good we have her 19:08:40 <marjavanWaes> maat: ouch 19:08:49 <maat> so she has all my respect & admiration 19:08:57 <marjavanWaes> :) 19:09:08 <maat> but i'd not accept her position even for a truck of gold 19:09:21 <marjavanWaes> lol 19:09:33 <marjavanWaes> nor would I 19:09:35 <maat> well 19:09:47 <maat> perhaps if it is a very big truck ^^ 19:09:58 <marjavanWaes> grinz 19:10:15 <marjavanWaes> then you'd hire someone to do the job :) 19:10:21 <maat> lol 19:10:24 <maat> indeed ! 19:10:27 <marjavanWaes> Is there more to discuss? 19:10:36 <doktor5000> well i know that also from work, you can't please everyone, but you can try to improve overall situation so everyone is maybe not happy, but a little happier 19:10:41 <maat> at the moment nope for big subjects 19:10:53 <Guest86593> marja: nothing 19:10:54 <maat> but we have started to let devs enter the team 19:10:57 <marjavanWaes> doktor5000: that is the best solution, when that is possible 19:11:08 <maat> did we have patches or things to review ? 19:11:35 <maat> doktor5000: yes but it's a tiring fulltime job :) 19:11:38 * marjavanWaes forgot to ask jstephan to join the meeting..... his nick is in #mageia-de 19:11:46 <maat> np 19:11:54 <maat> we'll see that with him next time :) 19:12:03 <doktor5000> maat: moderators group has still not been pruned of ohan and stef74 https://forums.mageia.org/en/memberlist.php?mode=group 19:12:13 <maat> yes 19:12:14 <doktor5000> maat: noone said such a job would be easy ... 19:12:17 <maat> i'm late on that 19:12:30 <maat> thans for the reminder 19:12:34 <maat> thanks 19:12:45 <maat> (keyboaaaard!) 19:12:55 <maat> :'-( 19:15:38 <maat> so perhaps it's time to end the meeting ok ? 19:15:45 <marjavanWaes> fine with me 19:15:47 <maat> marjavanWaes: Guest86593 doktor5000 ? 19:15:53 <maat> things to add ? 19:15:55 <Guest86593> fine with me too 19:15:58 <marjavanWaes> st3ve: ? 19:16:09 <maat> yep st3ve sorry :) 19:17:10 <st3ve> yep 19:17:31 <doktor5000> #endmeeting 19:17:37 <marjavanWaes> :) 19:17:46 <Guest86593> good night to all, ........enjoy life 19:17:50 <marjavanWaes> didn't it get logged? 19:17:57 <doktor5000> well, seems not 19:18:00 <doktor5000> #chair 19:18:02 <maat> fail of #endmeeting ? 19:18:07 <doktor5000> #endmeeting 19:18:16 <marjavanWaes> #endmeeting