diff options
authorGustav Eek <gustav@fripost.org>2015-09-29 20:34:48 +0200
committerGustav Eek <gustav@fripost.org>2015-09-29 20:34:48 +0200
commit4d889e5892713385d7401afdbeb2903ff2472df3 (patch)
parentfb1e340b7ff96ad2c6c99d58cfae34db37b3c9ab (diff)
Initial commit on Sep 28 board meeting minutesge/2015-09-28-board
2 files changed, 213 insertions, 0 deletions
diff --git a/2015/2015-09-28-board.tex b/2015/2015-09-28-board.tex
new file mode 100644
index 0000000..60b2e48
--- /dev/null
+++ b/2015/2015-09-28-board.tex
@@ -0,0 +1,212 @@
+\newcommand \meetingtype {Board Meeting}
+\newcommand \meetingdate {September 28, 2015}
+\newcommand \lastmeetingdate {April 28}
+\newcommand \meetingplace {Språkbanken, Gothenburg}
+\rhead{\footnotesize \meetingdate}
+\section*{Minutes, \meetingtype \\ \meetingdate}
+\settowidth\tempOne{Time and place:\quad}%
+ Time and place:
+\parbox[t]{\tempTwo}{\meetingdate, \meetingplace}\mypar
+ Attendants:
+ \begin{multicols}{3}%
+Gustav Eek\\
+Lorena Llozhi \\
+Guilhem Moulin\\
+Leif-Jöran Olsson\\
+Stian Rødven Eide\\
+ \end{multicols}%
+\newcommand \meetingchairman {Stian Rødven Eide}
+\newcommand \meetingsecretary {Gustav Eek}
+\newcommand \approval {Leif-Jöran Olsson}
+\item The meeting was opened.
+\item \meetingchairman\ was elected meeting chairman, \meetingsecretary\ meeting secretary, and \approval\ approval.
+\item The agenda was confirmed.
+\item The meeting went through the minutes from \lastmeetingdate.
+ \begin{itemize}
+ \item A brainstorming session was postponed: The board members are
+ supposed to prepare for a brainstorming session regarding
+ nominating committee by bringing ten suggestions.
+ \item Nothing is heard on the JAK lecture.
+ \item Gustav committed to send out reminders for membership
+ fees. That is part done. The steps remaining is to contact those
+ that became members during 2014, but that have not responded on
+ their Fripost email addresses. Also no contact methods outside of
+ email have been used.
+ \end{itemize}
+\item Reports
+ \begin{enumerate}
+ \item Economy. Five new members were reported since last meeting. In
+ total we have 98 paying members.
+ \item System. Guilhem reported the following June 6:
+ \begin{quote}
+ Quite a lot has happened on the admin front since last time we
+ met, but unfortunately I won't be able to attend the meeting
+ tomorrow to report what we did. So I'm sending an email instead
+ ;-)
+ \begin{itemize}
+ \item Upgrade the preseeding script to make it work with the
+ Debian Jessie installer. Also, now use multi-volume BTRFS
+ rather than LVM2 for new installations.
+ \item Upgrade all machines (antilop, benjamin, civett, elefant,
+ giraff, mistral) to Debian Jessie (8.0). Try to make use of
+ new features and options, and for instance harden internal TLS
+ tunnels to always use ephemeral Diffie-Hellman key echange
+ (for Perfect Forward Secrecy) and strong ciphers; switch the
+ LDAP database format from HDB to LMDB; make postfix SASL-bind
+ on the LDAP directory.
+ \item Migrate lists.fripost.org to civett. Change the list
+ manager from Mailman to Sympa, and run Sympa in FCGI mode.
+ \item New TLS attack (logjam) mitigation. On each host, generate a file
+ containing 2048-bits long primes for DH key exchange, and make all
+ our services use that file.
+ \item Migrate git.fripost.org (our gitolite installation) to civett.
+ Install gitweb and configure it in FCGI mode. Enable git pulls over
+ HTTP or HTTPS using git-http-backend (smart HTTP protocol).
+ \item Migrate wiki.fripost.org (ikiwiki) to civett, and merge the website
+ in there. Modifying the website is only allowed via ssh; modifying
+ the wiki is allowed via HTTPS, but not HTTP.
+ \item Auto configure the Bacula File Daemon / Storage Daemon / Director
+ using ansible. Previously this was done manually due to the presence
+ of passwords in the configuration files. Now each inter-host
+ communication is encrypted using stunnel with client certs. Bacula
+ fetches its passwords at startup using sed:\\
+ \texttt{@|"sed -n '/^bconsole\\s/ {s//Password = /p; q}' /etc/bacula/passwords-dir"}
+ \item Use recipient address verification probes. Since we have a single
+ outgoing SMTP gateway, a message written on the webmail and sent to a
+ non-existing address would 1/ be accepted by the webmail's Postfix
+ instance, 2/ be forwarded to the outgoing SMTP gateway, 3/ bounce
+ back to the sender. To avoid non-delivery notices, the existence of
+ each recipient address is now verified *directly* on the webmail,
+ MSA, and outgoing SMTP gateway. At worst this adds a delay of a
+ couple of seconds, but there is also a caching mechanism.
+ \item Remove the webmail's Postfix instance. Instead we connect directly
+ to the outgoing SMTP gateway (the connection is encrypted with
+ stunnel), to speed up recipient address verification probes. Indeed
+ roundcube doesn't really need a local queue, since it only processes
+ mails that are sent manually.
+ \item Add a reserved virtual domain
+ \texthost{discard.fripost.org}. Each message sent to that domain is
+ silently discarded. Add new aliases \texttt{{noreply,no-reply}@fripost.org}
+ to \texttt{{noreply,no-reply}@discard.fripost.org.}
+ \item Provide Thunderbird, Evolution, KMail and Kontact autoconfiguration
+ at \url{https://fripost.org/.well-known/autoconfig/mail/config-v1.1.xml}
+ \item Mark fripost-{admin,docs,tools,web} repos as deprecated, and remove
+ write permission to avoid diverging work.
+ \item Publish the preseeding and ansible scripts at
+ \url{http://gitweb.fripost.org/?p=fripost-install.git}
+ \end{itemize}
+ \end{quote}
+ \item The host \texthost{zetkin} at Stefan is no longer used
+ \item We migrated to Sympa for email list handling
+ \item Guilhem is now a member of the Debian Roundcube package
+ maintenance team
+ \item Bacule is included in the Ansible auto configuration according to above
+ \item For web access to Git repositories the transition from
+ gitweb to cgit was made.
+ \item There was an incident with a fibre outrage August 24 at
+ DFRI. The host \texthost{elefant} was affected, that hosts
+ webmail and MX. The webmail was configuration onto
+ \texthost{civett} and the \dns\ record redirected
+ temporarily. The total web mail downtime was 3 h
+ \item A physical move of computers was made at DFRI August 26.
+ \item On September 17, \texthost{mistral} was affected by a power
+ outrage with a reboot as consequence. The routines for this type
+ of scenario need attention and rehearsal between Guilhem and
+ Leif-Jöran. They will agree on a place and time for that.
+ \end{itemize}
+ \item Google in schools.
+ \begin{itemize}
+ \item During the work meeting August 10 (attendants were Lola,
+ Gustav, and Guilhem) we decided to investigate the possibilities
+ to invite to a public debate. Suggestions on people to invite
+ were a legal expert from Datainspektionen, a legal expert from
+ the municipality, a municipality politician, a school director,
+ a parent, somebody from Skolinspektionen.
+ \item Gustav's sister works at Skolinspektionen. Her advice is to
+ (1) take general contact,
+ \url{skolinspektionen@skolinspektionen.se} and ask for their
+ opinion on the subject; (2) call the press service,
+ 08-58\,60\,90\,60, ask for the communication department, and
+ repeat the question; (3) go to media that should be interested
+ if we can find a whining story with some infringed parent; and
+ finally (4) note that Gothenburt is inspected right now, so this
+ is the time to act.
+ \end{itemize}
+ \end{enumerate}
+\item Activity days and other activities
+ \begin{enumerate}
+ \item Previous activities
+ \begin{itemize}
+ \item No activities were arranged for the Mayday.
+ \item Activity day May 25. ``Öka din frihet med några enkla,
+ konkreta steg''. Albin and Gustav presented. Eleven participants
+ came. It became more of a discussion than a lecture. There was
+ also a slight misalignment in expectation. The general
+ expectation was on a concrete demonstration, rather than on a
+ philosophical lecture. Overall the activity day was successful,
+ still.
+ \end{itemize}
+ \item Coming activities. Several activities are planned for the
+ ``Framtidsveckan'' October 5--11:
+ \begin{itemize}
+ \item A booth and a seminar October 5 at 16 at Operahuset during
+ the week's opening ceremony. Lola and Gustav will attend.
+ \item An introductory workshop on cryptography October 8. Olof
+ and Gustav will host that.
+ \item A lecture and booth at ``Omställningsnatta'' October
+ 9. Lola, Guilhem, and Gustav will attend the event, and Gustav
+ will give the lecture.
+ \item A booth during ``Omställningskonferensen'' October
+ 10--11. Olof, Lola, and Gustav will attend alternating.
+ \end{itemize}
+ The planing is under control. For \fscons a few activities are
+ accepted. Fripost will have a booth attended by Lola. Gustav will
+ give the talk ``On Fripost''. Fripost will also host a two parted
+ key signing party. Details need more discussion, but the
+ suggestion on the table is that Olle will introduce with a hands
+ on session followed with regular key-signing hosted by
+ Guilhem. There is a spare ticket for the place at the table.
+ \end{itemize}
+ \end{enumerate}
+\item Outreach and information spread
+ \begin{enumerate}
+ \item Follow up. Gustav's announcement about ``Framtidsveckan''
+ could be made more direct. Some aspects were somewhat unclear.
+ \item Items to attend. Send out an email to the members list,
+ advertising the spare entrance to \fscons.
+ \end{enumerate}
+\item A discussion was rasied on what to call the to-do-list agenda
+ item, and what should be covered on the item. Decision was to call
+ it ``Att-göra-listor''. The discussion on what to cover was
+ postponed.
+\item No other issues.
+\item Next meeting will take place October 28 at 18:00 at Språkbanken
+\item The meeting was closed.
+ \signatureline{\meetingsecretary, meeting secretary}
+ \hfill
+ \signatureline{\approval, approval}
diff --git a/2015/Makefile b/2015/Makefile
index d3ae081..181a1f0 100644
--- a/2015/Makefile
+++ b/2015/Makefile
@@ -6,6 +6,7 @@ MINUTES = \
2015-03-22-annual \
2015-03-25-board \
2015-04-28-board \
+2015-09-28-board \
common-makefile = ../resources/Makefile-common