Log of the DebianEdu meeting on irc channel #debian-edu of 2007-01-08

20:34:46 <white>        can people who are here to attend the meeting please indicate that they want to participate by doing /ME = Full Name
20:34:50 *      luk hat die Verbindung getrennt (Ping timeout: 480 seconds)
20:34:55 *      white = Steffen Joeris
20:34:58 *      sepski = Ronny Aasen
20:35:08 *      k4x = Kurt Gramlich
20:35:26 *      jever = JÃŒrgen Leibner
20:35:46 <C14r> C14r = Christian Kuelker
20:35:50 *      [-oskar-] = Xavier Oswald
20:35:52 *      white meeting in progress: Agenda point: Configuring Apache2 to serve https is needed
20:35:58 *      white hat das Thema geÀndert zu: meeting in progress: Agenda point: Configuring Apache2 to serve https is needed
20:36:05 <white>        i will step in until pere shows up
20:36:06 *      andreas Andreas Tille
20:36:26 <white>        jever: i guess you added this point to the agenda, can you explain it a bit?
20:36:42 <jever>        This point is mine, so I will explain
20:37:18 <jever>        while setting up cipux-cat-web it is aneed to get ssl-support
20:37:51 <C14r> I thin other apps need that too, SSL unter apache2
20:37:59 <C14r> thin=think
20:38:02 <white>        i guess sepski was working on apache configuration
20:38:03 <sepski>       I'm looking into it allready. it will ofcourse be a selfsigned certificate
20:38:09 <white>        sepski: do you want to say anything to that?
20:38:29 <white>        sepski: do you know how much work that will be for you?
20:38:39 <C14r> sepski: a selfsinged certificate is ok
20:38:43 <white>        e.g. are you assigned to it and will make it possible or do you need help?
20:38:54 <sepski>       i think it is pretty stright forward
20:39:00 <jever>        I exlained it on http://wiki.debian.org/DebianEdu/CipUX/FromScratch
20:39:22 <C14r> yes, but we also have to consider: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267477
20:39:25 <white>        sepski: so it is basically calling the generation scripts via cfengine?
20:39:28 *      pere (~pere@cm- hat #debian-edu betreten
20:39:47 <white>        pere: i started with moderating it and will give the voice to you if ok
20:39:52 *      pere = Petter Reinholdtsen, sorry I am late, got stuck in another meeting.
20:39:57 <white>        pere: we just started with the first point
20:40:02 <pere> just keep going, I'm fine with it.
20:40:07 <white>        ok
20:40:21 <white>        sepski: so you will set it up with cfengine?
20:40:47 <C14r> sepski: How about making a package from that, like apache2-ssl, like apache1 did?
20:41:17 <sepski>       generaly it's just running apache2-ssl-certificate it generates the keys automagicaly
20:41:22 <sepski>       and making a new sitefile
20:41:27 <sepski>       and enabeling that in cfengine
20:41:37 <C14r> and the port 443 in port.conf?
20:41:59 <sepski>       in the sitefile to avoid beeing policy violators
20:42:22 <white>        it seems to me that sepski is already making this possible
20:42:34 <white>        are there any questions concerning https via apache2 ?
20:42:35 <C14r> But someone says defining multiple virtual hosts with 443 make trouble ..
20:42:37 <pere> the problem with enabling ssl is to find a way to generate a sensible certificiate automaticaly.  is that solved?
20:42:49 <sepski>       the first hurdle i found is that i am missing the apache2-ssl-certificate script on my debian-edu install 
20:43:08 <sepski>       C14r, you can not define multiple virtual hosts with ssl correct
20:43:31 <C14r> I thought thats why 443 goes into ports.conf
20:44:10 <sepski>       C14r, just to have them in one place i guess. or if you have your apache listen on muliple interfaces
20:44:18 <sepski>       (and ports)
20:44:24 <C14r> sepski: ok
20:44:33 <sepski>       anyways im testing it and will report on the mailinglist
20:44:55 <white>        anyone any further comments on that?
20:45:06 <C14r> so we can assume that anny URL on debian-edu has https?
20:45:26 <jever>        sepski: thank you for your work :-)
20:45:35 <sepski>       that ssl script is in apache2-common, we have apache2.2-common ? 
20:46:11 <C14r> Is there a way for the application to know if SSL is installed on debian-edu? 
20:46:22 <sepski>       try to connect ? 
20:46:30 *      luk (~luk@d54C49845.access.telenet.be) hat #debian-edu betreten
20:46:45 <C14r> sepski: might be a way
20:46:51 <sepski>       but if it is a password form forinstance it should be configured with RequireSSL 
20:46:52 <white>        for those who are coming later to the meeting please indicate that you want to participate by doing /ME = Full Name
20:47:34 <white>        C14r: do you have further questions/comments?
20:47:51 <C14r> white: no thanks for the moment :)
20:47:58 <C14r> sepski: than you!
20:48:02 <sepski>       the apache2-ssl-certificate script has been intentionally removed in the apache2.2-common package in Etch.
20:48:04 *      luk = Luk Claes
20:48:21 <white>        sepski: do you know what they use to generate the certificate
20:48:23 <white>        ?
20:48:37 <sepski>       but i can look into it and report. no need to hold the entire meeting on this issue
20:48:50 <white>        ok, so we will get an update via mail on that issue
20:49:02 *      white hat das Thema geÀndert zu: meeting in progress: Agenda point: Bits from the security team for Debian-Edu/Skolelinux 3.0
20:49:12 <white>        I will explain it a bit:
20:49:27 <white>        as all of you know we are coming closer to the etch release and testing is frozen
20:49:43 <white>        therefore it is not possible to get new packages in and it is hard to get the curent packages updated
20:50:03 <white>        this means that we will probably have some packages in our local pool which will be shipped with our 3.0 release
20:50:12 <luk>  white: there is always me...
20:50:18 <luk>  ;-)
20:50:19 <white>        and therefore do not have security/stable support from debian
20:50:21 <white>        luk: right :)
20:50:36 <white>        i would like to keep these packages to an absolut minimum
20:51:00 <luk>  then please coordinate with me
20:51:01 <white>        but there are packages like admin tool or even gnash which might be needed and i wanted to ask about other people's opinion
20:51:26 <C14r> what is gnash?
20:51:34 <white>        luk: i strongly doubt that our admin tool will make it into etch
20:51:47 <white>        C14r: flash stuff for browsers :)
20:52:02 <luk>  I'm afraid I don't have the time to look into what would need updates, though I'm happy to review all updates you ask me to look at...
20:52:11 <white>        from the security point of view, every extra version or new package means that we have to take care of security support
20:52:12 <luk>  uploading everything to unstable might also help...
20:52:25 <C14r> oh! (by the way which admin tool)
20:52:30 <white>        luk: do you accept new packages for etch?
20:52:42 <white>        C14r: i do not know, i thought you might know?
20:52:47 <luk>  white: yep, not everything will be accepted, but much more than actually at the moment is IMHO
20:52:49 <C14r> :D
20:52:58 <white>        i do not see any admin tools in debian which we can use, so i say $admintool
20:53:08 <C14r> white: ok
20:53:09 <luk>  new packages not in this stage unless you can convince vorlon ;-)
20:53:14 <pere> white: I agree that we need to keep it to a minimum, but having uploaded packages to unstable might get them into the next testing, and that might get us some help from the testing security team.
20:53:40 <luk>  indeed, where I also can help ;-)
20:53:47 <C14r> pere: good idea
20:53:57 <white>        pere: sure, but I would like to track the packages not covered by the stable security team with special care
20:54:27 <white>        so we might need to talk about specific packages when they get uploaded
20:54:28 <luk>  white: count me in
20:54:33 <white>        luk: i will :)
20:54:48 <C14r> white: If I can help, ask
20:54:58 <pere> white: yeah, absolutely.  d-e-i and d-e-c are two such packages, gnash another.  the admin tool probably too.  are there others?
20:55:01 <white>        in other words we do not define a general rule, just say that it should be a minimum and leave it to ftpmasters and security team to complain?
20:55:23 <white>        pere: i sadly do not know, maybe someone else has a clue, maybe ltsp?
20:56:14 <white>        i expect the d-e* packges to be candidates which is imho acceptable
20:56:17 <pere> yeah, at least ltspfs.
20:56:23 <white>        i know that we need it for the admin tool
20:56:40 <white>        gnash and ltsp(fs) are in heavy use with debian-edu (especially ltsp)
20:56:44 <white>        anything else?
20:56:53 <klausade>     apropo packages. there is a bug with the stopmotion version in testing (due to a bug in qt i belive) that makes is almost useless. there is a newer functioning version in unstable. imho stopmotion is a must in schools.
20:56:56 <white>        otherwise we can say that the general rule is to say no
20:57:06 <pere> I guess we need to make a list of package diffs like we did the last time.
20:57:17 <klausade>     white: get hold of bjoernen and ask about stopmotion.
20:57:29 <sepski>       are the chances to get ltspfs into etch nill ?  they have been tested in a etch enviorment, and would be usefull to non debian-edu also. atlest asking in 8 days time cant hurt ? 
20:57:32 <white>        klausade: stay tuned, we can directly work on that after the meeting :)
20:57:42 <luk>  klausade: please mail debian-release for a request for hint for stopmotion
20:58:13 <white>        sepski: i do not think that the release team will accept a complete new package
20:58:17 <white>        i somehow doubt that
20:58:55 <white>        is somebody volunteerig for making the diffs?
20:59:12 <pere> is stopmotion important enough for us to divert from the package in etch?
20:59:19 <luk>  if you ask to include a new package you should at least argue why so that we (as release-team) get convinced it's (near) release critical
20:59:28 <white>        i personally would appreciate a small report through the ML about which packages mmight stay in etch local 
20:59:44 <luk>  pere: maybe it can be hinted in?
20:59:53 <luk>  in testing I mean...
20:59:55 <sepski>       white, i guess you'r correct. that's the whole idea about the freeze...
21:00:01 *      luk is looking at the diff...
21:00:30 <pere> luk: yes, perhaps.  that would be good.
21:00:44 <white>        so far nobody is volunteering looking into it?
21:01:08 <white>        i will start a thread on debian-edu@l.d.o. then and explain it there as well and request that people come up with packages, ok?
21:01:37 <white>        is there anything else regarding security for 3.0 and packages in local?
21:01:50 <C14r> yes the discussion on th ML
21:02:00 <white>        i guess Werner and me will come up with a more up to date plan when we are getting closer to the release
21:02:05 <white>        C14r: sure, will do so after the meeting
21:02:12 <C14r> white: ok
21:02:21 *      white hat das Thema geÀndert zu: meeting in progress: Agenda point: any other points?
21:02:34 <pere> postoffice setup?
21:02:35 <white>        does anybody here have another point which he would like to mention?
21:02:42 <pere> finnarne said it was broken.  anyone know more?
21:02:44 <C14r> Its ok to say somthing?
21:02:52 *      white hat das Thema geÀndert zu: meeting in progress: Agenda point: postoffice setup in debian-edu
21:03:09 <white>        C14r: yes which point to you want to have discussed? we will do it after this one
21:03:24 <C14r> white: status of CipUX
21:03:27 <white>        anyone knows about the postoffice setup
21:03:37 <white>        C14r: ok, directly after this
21:03:46 <C14r> white: ok
21:03:49 <jever>        what about smtp support to isp?
21:03:55 <white>        pere: maybe we should ask finnarne to write a bug report?
21:04:22 <white>        jever: i did not look into it for quite a long time, sorry no idea
21:04:24 <pere> we want a working smtp and imap server, and a working mail client configured to use the imap server.  by default it should wonly work internally, but it should be possible to configure to send email outside.
21:04:48 <white>        pere: are we still going to use courier-imap?
21:05:00 <jever>        pere: I'm working on it
21:05:03 <pere> no idea.  it still have some nasty old bugs.
21:05:14 <pere> what are the alternative?
21:05:18 <sepski>       dovecot ? 
21:05:30 <C14r> postfix, exim?
21:05:37 <sepski>       dont know about it's ldap capabilities
21:05:41 <white>        jever: are you taking care of the mail setup?
21:05:50 <pere> if we replace it, we should pick one with the same storage format on disk, to ease conversion.
21:05:54 <white>        sepski: postfix should work, i do not know about exim
21:06:03 <pere> C14r: I believe that is unrelated to imap server.
21:06:11 <C14r> pere: ups!
21:06:18 <jever>        white: yes, I'm looking into it as good I can 
21:06:23 <C14r> C14r: cyrus
21:06:40 <white>        jever: ok, maybe you can provide some information via the ML as i think it is quite critical for some schools
21:06:54 <white>        maybe by starting to point out what the current status is
21:07:01 <jever>        white: that's why I'm doing it
21:07:01 <sepski>       choosing application must the the priveledge of the person doing the work. but that it should use the same storage to ease migration
21:07:21 <sepski>       jever, ask me if you need support
21:07:24 <white>        jever: thanks a lot, so I will read your mail on debian-edu@l.d.o. :)
21:07:30 <white>        sepski: thank you too
21:07:31 <sepski>       or testing
21:07:34 <jever>        sepski: thank you
21:07:42 <white>        anything else regarding this point?
21:07:45 <pere> sep: yeah.  we standardize on the protocol level, and on disk storage format if possible.
21:08:04 <white>        ok then we switch to the next point
21:08:17 *      white hat das Thema geÀndert zu: meeting in progress: Agenda point: status of Cipux
21:08:25 <white>        C14r: please start
21:08:38 <C14r> C14r: so happy to announce that CipUX 3.2.14 is Linitian and Linda free
21:08:51 <C14r> Due to hige testing from jever and [-oskar-] 
21:08:56 <C14r> hig=huge
21:09:10 <C14r> There ae some things to fix in the next days
21:09:12 <xorAxAx>      .oO(linda is free?)
21:09:21 <C14r> (1) the installer
21:09:22 <pere> is it in the debian-edu etch-test repository?
21:09:23 <luk>  s/free/clean/
21:09:36 <white>        for those who are coming later to the meeting please indicate that you want to participate by doing /ME = Full Name
21:09:38 <sepski>       C14r, i am eager to test it when the packages reach etch-test :)
21:09:54 <C14r> (2) some bug or misunderstanding in usage of lib-frombuilder
21:10:05 <C14r> (3) the SSL issue with apache2 we discussed+
21:10:23 <C14r> jever: wich plattforms are u testing, or plan to test?
21:10:36 <C14r> [-oskar-]: can also tell us you progress?
21:10:55 <white>        C14r: are there plans to upload the packages to debian and debian-edu local (later is really important for the daily builds)
21:11:01 <[-oskar-]>    I was sick but I have plan to test it on a plain debian system..
21:11:03 <C14r> pere: it is on alioth
21:11:06 <sepski>       C14r, what do you mean when you say "the installer" with regards to cipux ? 
21:11:13 <jever>        I plan to test i386 and ppc(prep)
21:11:25 <C14r> sepski: a script holger has askm me to write 
21:11:27 *      klausade = klaus ade johnstad
21:11:31 <C14r> to install CipUX with one command
21:11:43 <white>        C14r: installing or configuring?
21:11:50 <C14r> configure
21:11:53 <pere> C14r: great.  I hoped it would be in the debian-edu repository by now.  it was promised to show up there before christmas, so I hoped those promises would be fulfilled by now.
21:11:55 <C14r> installing is with apt
21:12:03 <sepski>       C14r, is there anything stopping you from uploading the package now, and adding the script later? so we can get a look at it ? 
21:12:22 <C14r> pere: I understand you pont
21:12:25 <sepski>       also make it plicy compliant so we can do the renegade changes in d-e-config :)
21:12:27 <C14r> pont=point
21:12:29 <white>        C14r: can the configuration done via debonf so we can follow the policy?
21:12:47 <C14r> sepski: as [-oskar-] is doojng this, please ask him
21:13:05 <white>        [-oskar-]: can you give some hints about the configuration part?
21:13:23 <C14r> white: partly yes, but it is not all about policy
21:13:46 <C14r> white: but that is beyou my knowledge for now
21:13:59 <white>        maybe someone can write the information to the ML
21:14:20 <white>        for the debian-edu repository we have heaps ofpeople around in this channel i guess
21:14:41 <C14r> white: good Idea
21:14:45 <white>        anyone wants to add any information about cipux?
21:14:59 <white>        C14r: it just needs to follow the archive policy, which is described in the wiki :)
21:15:02 <[-oskar-]>    I will send a mail on the list with feedback..
21:15:07 <white>        [-oskar-]: thanks
21:15:20 <[-oskar-]>    and I will review each file if the licence is ok
21:15:20 <white>        does anybody have another point which he wants to have discussed?
21:15:29 <sepski>       [-oskar-], actualy if it makes packages there no no harm in uploading them to etch-test quite often. it's afterall where the -testing takes part. We wont bite (hard) if they are not spit polished :)
21:15:35 <C14r> white: the idea of holger was to look at that script to make it conform
21:16:02 <white>        ok, maybe it should be published as h01ger is currently relocating to australia
21:16:05 <white>        and at a conference
21:16:09 <pere> [-oskar-]: but please, do not wait for the feedback before getting the package into etch-test.  we need to test its impact on the CD.
21:16:11 <white>        i am not sure how much spare time he has
21:16:11 <sepski>       white, where are you taking this agenda from ? is my http://wiki.debian.org/DebianEdu/Meeting lagging ? 
21:16:36 <white>        sepski: i am just asking for additional points as we still have a couple of minutes left
21:16:45 <luk>  white: extra point thjazi (if not talked about already?)
21:17:03 *      white hat das Thema geÀndert zu: meeting in progress: Agenda point: build daemons
21:17:07 <white>        luk: go ahead
21:17:09 <[-oskar-]>    h01ger: please upload it, it should be ok and then I will send you some files if modifications are needed
21:17:19 <[-oskar-]>    sepski: yes
21:17:59 <white>        luk: i suggest it is a buildd you want to talk about?
21:18:05 <luk>  the buildd logs of both notus and thjazi (powerpc and amd64 buildds for etch-skolelinux) go now also to holger
21:18:31 <luk>  thjazi has finally been setup correctly and the first builds are getting uploaded
21:18:35 <white>        luk: does it help you if i step in as long as holger is away and help out with uploading binaries?
21:18:36 <[-oskar-]>    I will be able to help about the powerpc support soon, I will have a pegasos available for testing soon
21:19:08 <luk>  uploading the binaries is no problem at all for the moment...
21:19:12 <white>        ok
21:19:44 <luk>  well, I only wanted to share this status update, feel free to ask questions ;-)
21:19:50 <white>        ah ok
21:19:59 <white>        luk: is the upload problem with the ppc buildd solved?
21:20:33 <white>        and for the ftpmasters we need to make sure that all binaries are in sync, i guess i detected some packages which were out of sync between etch and etch-test on some archs
21:20:42 <luk>  AFAICS it's a bit unpleasant, but no real problem, the uploads happen after some tries
21:21:02 <white>        luk: ok, as long as the 's are patient :)
21:21:07 <luk>  and every failed try there is a mail sent to the buildd admin
21:21:30 <white>        does anybody has a question concerning debian-edu buildd infrastructure or any other agenda point?
21:21:44 <luk>  next meeting date?
21:22:00 <pere> three weeks?
21:22:02 <white>        yes, i suggest today in 3 weeks?
21:22:15 <white>        ah well i am on vacations then
21:22:25 <luk>  I'd rather have a Tuesday or Wednesday, but who am I ;-)
21:22:42 <sepski>       white, so you have lots of  time to spend on debian-edu great :)
21:22:46 <white>        i will leave my home on 26th and go to bavaria with no internet access for 1,5-2 weeks and then relocate to .au
21:23:03 <white>        sepski: no internet access, just reading books and stuff :)
21:23:17 <sepski>       :)
21:23:22 <luk>  white: you're leaving to another continent before I got the chance to meet you in person :-(
21:23:24 <white>        and i hope that i can use my university account and won't be away for a couple of weeks like last time
21:23:40 <white>        luk: we can catch up during the next weeks :)
21:23:55 <white>        but please go ahead and fix a meeting
21:24:00 <pere> I'm busy most tuesdays.
21:24:01 <white>        today in 3 weeks?
21:24:11 <white>        what about monday 29th?
21:24:12 <jever>        ack
21:24:18 <white>        (i won't be there)
21:24:32 <white>        is that date ok for most of you mates?
21:24:55 <sepski>       ok for me 
21:25:01 *      white hat das Thema geÀndert zu: meeting in progress: Agenda point: next meeting (date)
21:25:02 <luk>  I'll probably be late or not attending, though ok for me :-)
21:25:10 <pere> I believe it should work for me.
21:25:22 <white>        ok then it is fixed by now as most of you agree on it
21:25:32 <white>        may i ask a last question which might be of a bit interest
21:25:41 *      k4x upload of the first SkoleLiveWorkstation based on etch and profile standalone will be ready in about 2 hours
21:25:42 <white>        pere: do you have plans with ghost.skolelinux.no ?
21:26:17 *      white hat das Thema geÀndert zu: meeting in progress: Agenda point: ghost.skolelinux.no as a testing machine?
21:27:04 <white>        well this is a point which can also be discussed at a later point
21:27:07 <pere> white: not really.  it was a xen test machine.  I have plans for xen, though. and ldap.skolelinux.no
21:27:24 <white>        pere: ok, i guess we will read possible status updates from drift on the devel list :)
21:27:42 <white>        i close this meeting now and thank everybody for their work and attention
21:28:04 <pere> great.  thank you.
21:28:10 <C14r> white: thx!
21:28:22 <luk>  tnx
21:28:27 <k4x>  tnx
21:28:42 <sepski>       thanks :)
21:28:48 <jever>        Thanks