Log of the DebianEdu meeting on irc channel #debian-edu of 2007-01-08
20:34:46 <white> can people who are here to attend the meeting please indicate that they want to participate by doing /ME = Full Name 20:34:50 * luk hat die Verbindung getrennt (Ping timeout: 480 seconds) 20:34:55 * white = Steffen Joeris 20:34:58 * sepski = Ronny Aasen 20:35:08 * k4x = Kurt Gramlich 20:35:26 * jever = JÌrgen Leibner 20:35:46 <C14r> C14r = Christian Kuelker 20:35:50 * [-oskar-] = Xavier Oswald 20:35:52 * white meeting in progress: Agenda point: Configuring Apache2 to serve https is needed 20:35:58 * white hat das Thema geÀndert zu: meeting in progress: Agenda point: Configuring Apache2 to serve https is needed 20:36:05 <white> i will step in until pere shows up 20:36:06 * andreas Andreas Tille 20:36:26 <white> jever: i guess you added this point to the agenda, can you explain it a bit? 20:36:42 <jever> This point is mine, so I will explain 20:37:18 <jever> while setting up cipux-cat-web it is aneed to get ssl-support 20:37:51 <C14r> I thin other apps need that too, SSL unter apache2 20:37:59 <C14r> thin=think 20:38:02 <white> i guess sepski was working on apache configuration 20:38:03 <sepski> I'm looking into it allready. it will ofcourse be a selfsigned certificate 20:38:09 <white> sepski: do you want to say anything to that? 20:38:29 <white> sepski: do you know how much work that will be for you? 20:38:39 <C14r> sepski: a selfsinged certificate is ok 20:38:43 <white> e.g. are you assigned to it and will make it possible or do you need help? 20:38:54 <sepski> i think it is pretty stright forward 20:39:00 <jever> I exlained it on http://wiki.debian.org/DebianEdu/CipUX/FromScratch 20:39:22 <C14r> yes, but we also have to consider: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267477 20:39:25 <white> sepski: so it is basically calling the generation scripts via cfengine? 20:39:28 * pere (~pere@cm-84.208.119.064.chello.no) hat #debian-edu betreten 20:39:47 <white> pere: i started with moderating it and will give the voice to you if ok 20:39:52 * pere = Petter Reinholdtsen, sorry I am late, got stuck in another meeting. 20:39:57 <white> pere: we just started with the first point 20:40:02 <pere> just keep going, I'm fine with it. 20:40:07 <white> ok 20:40:21 <white> sepski: so you will set it up with cfengine? 20:40:47 <C14r> sepski: How about making a package from that, like apache2-ssl, like apache1 did? 20:41:17 <sepski> generaly it's just running apache2-ssl-certificate it generates the keys automagicaly 20:41:22 <sepski> and making a new sitefile 20:41:27 <sepski> and enabeling that in cfengine 20:41:37 <C14r> and the port 443 in port.conf? 20:41:59 <sepski> in the sitefile to avoid beeing policy violators 20:42:22 <white> it seems to me that sepski is already making this possible 20:42:34 <white> are there any questions concerning https via apache2 ? 20:42:35 <C14r> But someone says defining multiple virtual hosts with 443 make trouble .. 20:42:37 <pere> the problem with enabling ssl is to find a way to generate a sensible certificiate automaticaly. is that solved? 20:42:49 <sepski> the first hurdle i found is that i am missing the apache2-ssl-certificate script on my debian-edu install 20:43:08 <sepski> C14r, you can not define multiple virtual hosts with ssl correct 20:43:31 <C14r> I thought thats why 443 goes into ports.conf 20:44:10 <sepski> C14r, just to have them in one place i guess. or if you have your apache listen on muliple interfaces 20:44:18 <sepski> (and ports) 20:44:24 <C14r> sepski: ok 20:44:33 <sepski> anyways im testing it and will report on the mailinglist 20:44:55 <white> anyone any further comments on that? 20:45:06 <C14r> so we can assume that anny URL on debian-edu has https? 20:45:26 <jever> sepski: thank you for your work :-) 20:45:35 <sepski> that ssl script is in apache2-common, we have apache2.2-common ? 20:46:11 <C14r> Is there a way for the application to know if SSL is installed on debian-edu? 20:46:22 <sepski> try to connect ? 20:46:30 * luk (~luk@d54C49845.access.telenet.be) hat #debian-edu betreten 20:46:45 <C14r> sepski: might be a way 20:46:51 <sepski> but if it is a password form forinstance it should be configured with RequireSSL 20:46:52 <white> for those who are coming later to the meeting please indicate that you want to participate by doing /ME = Full Name 20:47:34 <white> C14r: do you have further questions/comments? 20:47:51 <C14r> white: no thanks for the moment :) 20:47:58 <C14r> sepski: than you! 20:48:02 <sepski> the apache2-ssl-certificate script has been intentionally removed in the apache2.2-common package in Etch. 20:48:04 * luk = Luk Claes 20:48:21 <white> sepski: do you know what they use to generate the certificate 20:48:23 <white> ? 20:48:37 <sepski> but i can look into it and report. no need to hold the entire meeting on this issue 20:48:50 <white> ok, so we will get an update via mail on that issue 20:49:02 * white hat das Thema geÀndert zu: meeting in progress: Agenda point: Bits from the security team for Debian-Edu/Skolelinux 3.0 20:49:12 <white> I will explain it a bit: 20:49:27 <white> as all of you know we are coming closer to the etch release and testing is frozen 20:49:43 <white> therefore it is not possible to get new packages in and it is hard to get the curent packages updated 20:50:03 <white> this means that we will probably have some packages in our local pool which will be shipped with our 3.0 release 20:50:12 <luk> white: there is always me... 20:50:18 <luk> ;-) 20:50:19 <white> and therefore do not have security/stable support from debian 20:50:21 <white> luk: right :) 20:50:36 <white> i would like to keep these packages to an absolut minimum 20:51:00 <luk> then please coordinate with me 20:51:01 <white> but there are packages like admin tool or even gnash which might be needed and i wanted to ask about other people's opinion 20:51:26 <C14r> what is gnash? 20:51:34 <white> luk: i strongly doubt that our admin tool will make it into etch 20:51:47 <white> C14r: flash stuff for browsers :) 20:52:02 <luk> I'm afraid I don't have the time to look into what would need updates, though I'm happy to review all updates you ask me to look at... 20:52:11 <white> from the security point of view, every extra version or new package means that we have to take care of security support 20:52:12 <luk> uploading everything to unstable might also help... 20:52:25 <C14r> oh! (by the way which admin tool) 20:52:30 <white> luk: do you accept new packages for etch? 20:52:42 <white> C14r: i do not know, i thought you might know? 20:52:47 <luk> white: yep, not everything will be accepted, but much more than actually at the moment is IMHO 20:52:49 <C14r> :D 20:52:58 <white> i do not see any admin tools in debian which we can use, so i say $admintool 20:53:08 <C14r> white: ok 20:53:09 <luk> new packages not in this stage unless you can convince vorlon ;-) 20:53:14 <pere> white: I agree that we need to keep it to a minimum, but having uploaded packages to unstable might get them into the next testing, and that might get us some help from the testing security team. 20:53:40 <luk> indeed, where I also can help ;-) 20:53:47 <C14r> pere: good idea 20:53:57 <white> pere: sure, but I would like to track the packages not covered by the stable security team with special care 20:54:27 <white> so we might need to talk about specific packages when they get uploaded 20:54:28 <luk> white: count me in 20:54:33 <white> luk: i will :) 20:54:48 <C14r> white: If I can help, ask 20:54:58 <pere> white: yeah, absolutely. d-e-i and d-e-c are two such packages, gnash another. the admin tool probably too. are there others? 20:55:01 <white> in other words we do not define a general rule, just say that it should be a minimum and leave it to ftpmasters and security team to complain? 20:55:23 <white> pere: i sadly do not know, maybe someone else has a clue, maybe ltsp? 20:56:14 <white> i expect the d-e* packges to be candidates which is imho acceptable 20:56:17 <pere> yeah, at least ltspfs. 20:56:23 <white> i know that we need it for the admin tool 20:56:40 <white> gnash and ltsp(fs) are in heavy use with debian-edu (especially ltsp) 20:56:44 <white> anything else? 20:56:53 <klausade> apropo packages. there is a bug with the stopmotion version in testing (due to a bug in qt i belive) that makes is almost useless. there is a newer functioning version in unstable. imho stopmotion is a must in schools. 20:56:56 <white> otherwise we can say that the general rule is to say no 20:57:06 <pere> I guess we need to make a list of package diffs like we did the last time. 20:57:17 <klausade> white: get hold of bjoernen and ask about stopmotion. 20:57:29 <sepski> are the chances to get ltspfs into etch nill ? they have been tested in a etch enviorment, and would be usefull to non debian-edu also. atlest asking in 8 days time cant hurt ? 20:57:32 <white> klausade: stay tuned, we can directly work on that after the meeting :) 20:57:42 <luk> klausade: please mail debian-release for a request for hint for stopmotion 20:58:13 <white> sepski: i do not think that the release team will accept a complete new package 20:58:17 <white> i somehow doubt that 20:58:55 <white> is somebody volunteerig for making the diffs? 20:59:12 <pere> is stopmotion important enough for us to divert from the package in etch? 20:59:19 <luk> if you ask to include a new package you should at least argue why so that we (as release-team) get convinced it's (near) release critical 20:59:28 <white> i personally would appreciate a small report through the ML about which packages mmight stay in etch local 20:59:44 <luk> pere: maybe it can be hinted in? 20:59:53 <luk> in testing I mean... 20:59:55 <sepski> white, i guess you'r correct. that's the whole idea about the freeze... 21:00:01 * luk is looking at the diff... 21:00:30 <pere> luk: yes, perhaps. that would be good. 21:00:44 <white> so far nobody is volunteering looking into it? 21:01:08 <white> i will start a thread on debian-edu@l.d.o. then and explain it there as well and request that people come up with packages, ok? 21:01:37 <white> is there anything else regarding security for 3.0 and packages in local? 21:01:50 <C14r> yes the discussion on th ML 21:02:00 <white> i guess Werner and me will come up with a more up to date plan when we are getting closer to the release 21:02:05 <white> C14r: sure, will do so after the meeting 21:02:12 <C14r> white: ok 21:02:21 * white hat das Thema geÀndert zu: meeting in progress: Agenda point: any other points? 21:02:34 <pere> postoffice setup? 21:02:35 <white> does anybody here have another point which he would like to mention? 21:02:42 <pere> finnarne said it was broken. anyone know more? 21:02:44 <C14r> Its ok to say somthing? 21:02:52 * white hat das Thema geÀndert zu: meeting in progress: Agenda point: postoffice setup in debian-edu 21:03:09 <white> C14r: yes which point to you want to have discussed? we will do it after this one 21:03:24 <C14r> white: status of CipUX 21:03:27 <white> anyone knows about the postoffice setup 21:03:37 <white> C14r: ok, directly after this 21:03:46 <C14r> white: ok 21:03:49 <jever> what about smtp support to isp? 21:03:55 <white> pere: maybe we should ask finnarne to write a bug report? 21:04:22 <white> jever: i did not look into it for quite a long time, sorry no idea 21:04:24 <pere> we want a working smtp and imap server, and a working mail client configured to use the imap server. by default it should wonly work internally, but it should be possible to configure to send email outside. 21:04:48 <white> pere: are we still going to use courier-imap? 21:05:00 <jever> pere: I'm working on it 21:05:03 <pere> no idea. it still have some nasty old bugs. 21:05:14 <pere> what are the alternative? 21:05:18 <sepski> dovecot ? 21:05:30 <C14r> postfix, exim? 21:05:37 <sepski> dont know about it's ldap capabilities 21:05:41 <white> jever: are you taking care of the mail setup? 21:05:50 <pere> if we replace it, we should pick one with the same storage format on disk, to ease conversion. 21:05:54 <white> sepski: postfix should work, i do not know about exim 21:06:03 <pere> C14r: I believe that is unrelated to imap server. 21:06:11 <C14r> pere: ups! 21:06:18 <jever> white: yes, I'm looking into it as good I can 21:06:23 <C14r> C14r: cyrus 21:06:40 <white> jever: ok, maybe you can provide some information via the ML as i think it is quite critical for some schools 21:06:54 <white> maybe by starting to point out what the current status is 21:07:01 <jever> white: that's why I'm doing it 21:07:01 <sepski> choosing application must the the priveledge of the person doing the work. but that it should use the same storage to ease migration 21:07:21 <sepski> jever, ask me if you need support 21:07:24 <white> jever: thanks a lot, so I will read your mail on debian-edu@l.d.o. :) 21:07:30 <white> sepski: thank you too 21:07:31 <sepski> or testing 21:07:34 <jever> sepski: thank you 21:07:42 <white> anything else regarding this point? 21:07:45 <pere> sep: yeah. we standardize on the protocol level, and on disk storage format if possible. 21:08:04 <white> ok then we switch to the next point 21:08:17 * white hat das Thema geÀndert zu: meeting in progress: Agenda point: status of Cipux 21:08:25 <white> C14r: please start 21:08:38 <C14r> C14r: so happy to announce that CipUX 3.2.14 is Linitian and Linda free 21:08:51 <C14r> Due to hige testing from jever and [-oskar-] 21:08:56 <C14r> hig=huge 21:09:10 <C14r> There ae some things to fix in the next days 21:09:12 <xorAxAx> .oO(linda is free?) 21:09:21 <C14r> (1) the installer 21:09:22 <pere> is it in the debian-edu etch-test repository? 21:09:23 <luk> s/free/clean/ 21:09:36 <white> for those who are coming later to the meeting please indicate that you want to participate by doing /ME = Full Name 21:09:38 <sepski> C14r, i am eager to test it when the packages reach etch-test :) 21:09:54 <C14r> (2) some bug or misunderstanding in usage of lib-frombuilder 21:10:05 <C14r> (3) the SSL issue with apache2 we discussed+ 21:10:23 <C14r> jever: wich plattforms are u testing, or plan to test? 21:10:36 <C14r> [-oskar-]: can also tell us you progress? 21:10:55 <white> C14r: are there plans to upload the packages to debian and debian-edu local (later is really important for the daily builds) 21:11:01 <[-oskar-]> I was sick but I have plan to test it on a plain debian system.. 21:11:03 <C14r> pere: it is on alioth 21:11:06 <sepski> C14r, what do you mean when you say "the installer" with regards to cipux ? 21:11:13 <jever> I plan to test i386 and ppc(prep) 21:11:25 <C14r> sepski: a script holger has askm me to write 21:11:27 * klausade = klaus ade johnstad 21:11:31 <C14r> to install CipUX with one command 21:11:43 <white> C14r: installing or configuring? 21:11:50 <C14r> configure 21:11:53 <pere> C14r: great. I hoped it would be in the debian-edu repository by now. it was promised to show up there before christmas, so I hoped those promises would be fulfilled by now. 21:11:55 <C14r> installing is with apt 21:12:03 <sepski> C14r, is there anything stopping you from uploading the package now, and adding the script later? so we can get a look at it ? 21:12:22 <C14r> pere: I understand you pont 21:12:25 <sepski> also make it plicy compliant so we can do the renegade changes in d-e-config :) 21:12:27 <C14r> pont=point 21:12:29 <white> C14r: can the configuration done via debonf so we can follow the policy? 21:12:47 <C14r> sepski: as [-oskar-] is doojng this, please ask him 21:13:05 <white> [-oskar-]: can you give some hints about the configuration part? 21:13:23 <C14r> white: partly yes, but it is not all about policy 21:13:46 <C14r> white: but that is beyou my knowledge for now 21:13:59 <white> maybe someone can write the information to the ML 21:14:20 <white> for the debian-edu repository we have heaps ofpeople around in this channel i guess 21:14:41 <C14r> white: good Idea 21:14:45 <white> anyone wants to add any information about cipux? 21:14:59 <white> C14r: it just needs to follow the archive policy, which is described in the wiki :) 21:15:02 <[-oskar-]> I will send a mail on the list with feedback.. 21:15:07 <white> [-oskar-]: thanks 21:15:20 <[-oskar-]> and I will review each file if the licence is ok 21:15:20 <white> does anybody have another point which he wants to have discussed? 21:15:29 <sepski> [-oskar-], actualy if it makes packages there no no harm in uploading them to etch-test quite often. it's afterall where the -testing takes part. We wont bite (hard) if they are not spit polished :) 21:15:35 <C14r> white: the idea of holger was to look at that script to make it conform 21:16:02 <white> ok, maybe it should be published as h01ger is currently relocating to australia 21:16:05 <white> and at a conference 21:16:09 <pere> [-oskar-]: but please, do not wait for the feedback before getting the package into etch-test. we need to test its impact on the CD. 21:16:11 <white> i am not sure how much spare time he has 21:16:11 <sepski> white, where are you taking this agenda from ? is my http://wiki.debian.org/DebianEdu/Meeting lagging ? 21:16:36 <white> sepski: i am just asking for additional points as we still have a couple of minutes left 21:16:45 <luk> white: extra point thjazi (if not talked about already?) 21:17:03 * white hat das Thema geÀndert zu: meeting in progress: Agenda point: build daemons 21:17:07 <white> luk: go ahead 21:17:09 <[-oskar-]> h01ger: please upload it, it should be ok and then I will send you some files if modifications are needed 21:17:19 <[-oskar-]> sepski: yes 21:17:59 <white> luk: i suggest it is a buildd you want to talk about? 21:18:05 <luk> the buildd logs of both notus and thjazi (powerpc and amd64 buildds for etch-skolelinux) go now also to holger 21:18:31 <luk> thjazi has finally been setup correctly and the first builds are getting uploaded 21:18:35 <white> luk: does it help you if i step in as long as holger is away and help out with uploading binaries? 21:18:36 <[-oskar-]> I will be able to help about the powerpc support soon, I will have a pegasos available for testing soon 21:19:08 <luk> uploading the binaries is no problem at all for the moment... 21:19:12 <white> ok 21:19:44 <luk> well, I only wanted to share this status update, feel free to ask questions ;-) 21:19:50 <white> ah ok 21:19:59 <white> luk: is the upload problem with the ppc buildd solved? 21:20:33 <white> and for the ftpmasters we need to make sure that all binaries are in sync, i guess i detected some packages which were out of sync between etch and etch-test on some archs 21:20:42 <luk> AFAICS it's a bit unpleasant, but no real problem, the uploads happen after some tries 21:21:02 <white> luk: ok, as long as the 's are patient :) 21:21:07 <luk> and every failed try there is a mail sent to the buildd admin 21:21:30 <white> does anybody has a question concerning debian-edu buildd infrastructure or any other agenda point? 21:21:44 <luk> next meeting date? 21:22:00 <pere> three weeks? 21:22:02 <white> yes, i suggest today in 3 weeks? 21:22:15 <white> ah well i am on vacations then 21:22:25 <luk> I'd rather have a Tuesday or Wednesday, but who am I ;-) 21:22:42 <sepski> white, so you have lots of time to spend on debian-edu great :) 21:22:46 <white> i will leave my home on 26th and go to bavaria with no internet access for 1,5-2 weeks and then relocate to .au 21:23:03 <white> sepski: no internet access, just reading books and stuff :) 21:23:17 <sepski> :) 21:23:22 <luk> white: you're leaving to another continent before I got the chance to meet you in person :-( 21:23:24 <white> and i hope that i can use my university account and won't be away for a couple of weeks like last time 21:23:40 <white> luk: we can catch up during the next weeks :) 21:23:55 <white> but please go ahead and fix a meeting 21:24:00 <pere> I'm busy most tuesdays. 21:24:01 <white> today in 3 weeks? 21:24:11 <white> what about monday 29th? 21:24:12 <jever> ack 21:24:18 <white> (i won't be there) 21:24:32 <white> is that date ok for most of you mates? 21:24:55 <sepski> ok for me 21:25:01 * white hat das Thema geÀndert zu: meeting in progress: Agenda point: next meeting (date) 21:25:02 <luk> I'll probably be late or not attending, though ok for me :-) 21:25:10 <pere> I believe it should work for me. 21:25:22 <white> ok then it is fixed by now as most of you agree on it 21:25:32 <white> may i ask a last question which might be of a bit interest 21:25:41 * k4x upload of the first SkoleLiveWorkstation based on etch and profile standalone will be ready in about 2 hours 21:25:42 <white> pere: do you have plans with ghost.skolelinux.no ? 21:26:17 * white hat das Thema geÀndert zu: meeting in progress: Agenda point: ghost.skolelinux.no as a testing machine? 21:27:04 <white> well this is a point which can also be discussed at a later point 21:27:07 <pere> white: not really. it was a xen test machine. I have plans for xen, though. and ldap.skolelinux.no 21:27:24 <white> pere: ok, i guess we will read possible status updates from drift on the devel list :) 21:27:42 <white> i close this meeting now and thank everybody for their work and attention 21:28:04 <pere> great. thank you. 21:28:10 <C14r> white: thx! 21:28:22 <luk> tnx 21:28:27 <k4x> tnx 21:28:42 <sepski> thanks :) 21:28:48 <jever> Thanks