From 4d889e5892713385d7401afdbeb2903ff2472df3 Mon Sep 17 00:00:00 2001 From: Gustav Eek Date: Tue, 29 Sep 2015 20:34:48 +0200 Subject: Initial commit on Sep 28 board meeting minutes --- 2015/2015-09-28-board.tex | 212 ++++++++++++++++++++++++++++++++++++++++++++++ 2015/Makefile | 1 + 2 files changed, 213 insertions(+) create mode 100644 2015/2015-09-28-board.tex diff --git a/2015/2015-09-28-board.tex b/2015/2015-09-28-board.tex new file mode 100644 index 0000000..60b2e48 --- /dev/null +++ b/2015/2015-09-28-board.tex @@ -0,0 +1,212 @@ +\input{../preamble/preamble} +\newcommand \meetingtype {Board Meeting} +\newcommand \meetingdate {September 28, 2015} +\newcommand \lastmeetingdate {April 28} +\newcommand \meetingplace {Språkbanken, Gothenburg} +\rhead{\footnotesize \meetingdate} + +\begin{document} +\selectlanguage{swedish} +\section*{Minutes, \meetingtype \\ \meetingdate} + +\newlength\tempOne% +\settowidth\tempOne{Time and place:\quad}% +\newlength\tempTwo% +\setlength\tempTwo{\linewidth}% +\addtolength{\tempTwo}{-\tempOne}% + +\parbox[t]{\tempOne}{% + Time and place: +}% +\parbox[t]{\tempTwo}{\meetingdate, \meetingplace}\mypar + +\parbox[t]{\tempOne}{% + Attendants: +}% +\parbox[t]{\tempTwo}{\mbox{}\vspace{-2\baselineskip}\vspace{2pt}% + \begin{multicols}{3}% +Gustav Eek\\ +Lorena Llozhi \\ +Guilhem Moulin\\ +Leif-Jöran Olsson\\ +Stian Rødven Eide\\ + \end{multicols}% +} +\newcommand \meetingchairman {Stian Rødven Eide} +\newcommand \meetingsecretary {Gustav Eek} +\newcommand \approval {Leif-Jöran Olsson} + +\begin{enumerate} +\item The meeting was opened. +\item \meetingchairman\ was elected meeting chairman, \meetingsecretary\ meeting secretary, and \approval\ approval. +\item The agenda was confirmed. +\item The meeting went through the minutes from \lastmeetingdate. + \begin{itemize} + \item A brainstorming session was postponed: The board members are + supposed to prepare for a brainstorming session regarding + nominating committee by bringing ten suggestions. + \item Nothing is heard on the JAK lecture. + \item Gustav committed to send out reminders for membership + fees. That is part done. The steps remaining is to contact those + that became members during 2014, but that have not responded on + their Fripost email addresses. Also no contact methods outside of + email have been used. + \end{itemize} +\item Reports + \begin{enumerate} + \item Economy. Five new members were reported since last meeting. In + total we have 98 paying members. + \item System. Guilhem reported the following June 6: + \begin{quote} + Quite a lot has happened on the admin front since last time we + met, but unfortunately I won't be able to attend the meeting + tomorrow to report what we did. So I'm sending an email instead + ;-) + \begin{itemize} + \item Upgrade the preseeding script to make it work with the + Debian Jessie installer. Also, now use multi-volume BTRFS + rather than LVM2 for new installations. + \item Upgrade all machines (antilop, benjamin, civett, elefant, + giraff, mistral) to Debian Jessie (8.0). Try to make use of + new features and options, and for instance harden internal TLS + tunnels to always use ephemeral Diffie-Hellman key echange + (for Perfect Forward Secrecy) and strong ciphers; switch the + LDAP database format from HDB to LMDB; make postfix SASL-bind + on the LDAP directory. + \item Migrate lists.fripost.org to civett. Change the list + manager from Mailman to Sympa, and run Sympa in FCGI mode. + \item New TLS attack (logjam) mitigation. On each host, generate a file + containing 2048-bits long primes for DH key exchange, and make all + our services use that file. + \item Migrate git.fripost.org (our gitolite installation) to civett. + Install gitweb and configure it in FCGI mode. Enable git pulls over + HTTP or HTTPS using git-http-backend (smart HTTP protocol). + \item Migrate wiki.fripost.org (ikiwiki) to civett, and merge the website + in there. Modifying the website is only allowed via ssh; modifying + the wiki is allowed via HTTPS, but not HTTP. + \item Auto configure the Bacula File Daemon / Storage Daemon / Director + using ansible. Previously this was done manually due to the presence + of passwords in the configuration files. Now each inter-host + communication is encrypted using stunnel with client certs. Bacula + fetches its passwords at startup using sed:\\ + \texttt{@|"sed -n '/^bconsole\\s/ {s//Password = /p; q}' /etc/bacula/passwords-dir"} + \item Use recipient address verification probes. Since we have a single + outgoing SMTP gateway, a message written on the webmail and sent to a + non-existing address would 1/ be accepted by the webmail's Postfix + instance, 2/ be forwarded to the outgoing SMTP gateway, 3/ bounce + back to the sender. To avoid non-delivery notices, the existence of + each recipient address is now verified *directly* on the webmail, + MSA, and outgoing SMTP gateway. At worst this adds a delay of a + couple of seconds, but there is also a caching mechanism. + \item Remove the webmail's Postfix instance. Instead we connect directly + to the outgoing SMTP gateway (the connection is encrypted with + stunnel), to speed up recipient address verification probes. Indeed + roundcube doesn't really need a local queue, since it only processes + mails that are sent manually. + \item Add a reserved virtual domain + \texthost{discard.fripost.org}. Each message sent to that domain is + silently discarded. Add new aliases \texttt{{noreply,no-reply}@fripost.org} + to \texttt{{noreply,no-reply}@discard.fripost.org.} + \item Provide Thunderbird, Evolution, KMail and Kontact autoconfiguration + at \url{https://fripost.org/.well-known/autoconfig/mail/config-v1.1.xml} + \item Mark fripost-{admin,docs,tools,web} repos as deprecated, and remove + write permission to avoid diverging work. + \item Publish the preseeding and ansible scripts at + \url{http://gitweb.fripost.org/?p=fripost-install.git} + \end{itemize} + \end{quote} + \item The host \texthost{zetkin} at Stefan is no longer used + \item We migrated to Sympa for email list handling + \item Guilhem is now a member of the Debian Roundcube package + maintenance team + \item Bacule is included in the Ansible auto configuration according to above + \item For web access to Git repositories the transition from + gitweb to cgit was made. + \item There was an incident with a fibre outrage August 24 at + DFRI. The host \texthost{elefant} was affected, that hosts + webmail and MX. The webmail was configuration onto + \texthost{civett} and the \dns\ record redirected + temporarily. The total web mail downtime was 3 h + \item A physical move of computers was made at DFRI August 26. + \item On September 17, \texthost{mistral} was affected by a power + outrage with a reboot as consequence. The routines for this type + of scenario need attention and rehearsal between Guilhem and + Leif-Jöran. They will agree on a place and time for that. + \end{itemize} + \item Google in schools. + \begin{itemize} + \item During the work meeting August 10 (attendants were Lola, + Gustav, and Guilhem) we decided to investigate the possibilities + to invite to a public debate. Suggestions on people to invite + were a legal expert from Datainspektionen, a legal expert from + the municipality, a municipality politician, a school director, + a parent, somebody from Skolinspektionen. + \item Gustav's sister works at Skolinspektionen. Her advice is to + (1) take general contact, + \url{skolinspektionen@skolinspektionen.se} and ask for their + opinion on the subject; (2) call the press service, + 08-58\,60\,90\,60, ask for the communication department, and + repeat the question; (3) go to media that should be interested + if we can find a whining story with some infringed parent; and + finally (4) note that Gothenburt is inspected right now, so this + is the time to act. + \end{itemize} + \end{enumerate} +\item Activity days and other activities + \begin{enumerate} + \item Previous activities + \begin{itemize} + \item No activities were arranged for the Mayday. + \item Activity day May 25. ``Öka din frihet med några enkla, + konkreta steg''. Albin and Gustav presented. Eleven participants + came. It became more of a discussion than a lecture. There was + also a slight misalignment in expectation. The general + expectation was on a concrete demonstration, rather than on a + philosophical lecture. Overall the activity day was successful, + still. + \end{itemize} + \item Coming activities. Several activities are planned for the + ``Framtidsveckan'' October 5--11: + \begin{itemize} + \item A booth and a seminar October 5 at 16 at Operahuset during + the week's opening ceremony. Lola and Gustav will attend. + \item An introductory workshop on cryptography October 8. Olof + and Gustav will host that. + \item A lecture and booth at ``Omställningsnatta'' October + 9. Lola, Guilhem, and Gustav will attend the event, and Gustav + will give the lecture. + \item A booth during ``Omställningskonferensen'' October + 10--11. Olof, Lola, and Gustav will attend alternating. + \end{itemize} + The planing is under control. For \fscons a few activities are + accepted. Fripost will have a booth attended by Lola. Gustav will + give the talk ``On Fripost''. Fripost will also host a two parted + key signing party. Details need more discussion, but the + suggestion on the table is that Olle will introduce with a hands + on session followed with regular key-signing hosted by + Guilhem. There is a spare ticket for the place at the table. + \end{itemize} + \end{enumerate} +\item Outreach and information spread + \begin{enumerate} + \item Follow up. Gustav's announcement about ``Framtidsveckan'' + could be made more direct. Some aspects were somewhat unclear. + \item Items to attend. Send out an email to the members list, + advertising the spare entrance to \fscons. + \end{enumerate} +\item A discussion was rasied on what to call the to-do-list agenda + item, and what should be covered on the item. Decision was to call + it ``Att-göra-listor''. The discussion on what to cover was + postponed. +\item No other issues. +\item Next meeting will take place October 28 at 18:00 at Språkbanken +\item The meeting was closed. +\end{enumerate} + +\parbox{\linewidth}{ + \signatureline{\meetingsecretary, meeting secretary} + \hfill + \signatureline{\approval, approval} +} + +\end{document} diff --git a/2015/Makefile b/2015/Makefile index d3ae081..181a1f0 100644 --- a/2015/Makefile +++ b/2015/Makefile @@ -6,6 +6,7 @@ MINUTES = \ 2015-03-22-annual \ 2015-03-25-board \ 2015-04-28-board \ +2015-09-28-board \ common-makefile = ../resources/Makefile-common -- cgit v1.2.3