= Progress call: 17:00 UTC = * freedombox 21.4.4 in bullseye and buster-backports (James) * Accepted unblock for 21.4.4 * Uploaded to buster-backports * Removed fuse3 change in buster-backports * Not a problem for bullseye * Fix for holding the freedombox package is included in 21.4.4. Only change for bullseye * Bullseye release August 14th * Kiwix app (Joseph) * Offline Wikipedia * User uploads or !FreedomBox downloads zim file * Lightweight (only kiwix-tools. No browser). * Already used in village deployments * https://en.wikibooks.org/wiki/FreedomBox_for_Communities/Offline_Wikipedia * Kiwix content page * https://wiki.kiwix.org/wiki/Content_in_all_languages * btrfs-tools package missing in bullseye. Impacts on container/VM? (fioddor) * Just use btrfs-progs instead. * Container script is currently using btrfs-progs. * !WordPress (sunil) * Almost completed * Functional tests, backup and restore working * Using MariaDB, since that's the only database supported. * Security features * User Management: can potentially use LDAP, but the plugin is not ready * Initial setup page will be for internal networks only and then the site will be made public. * Containerizing the PHP-FPM application in the future. * Plugins and themes directory is writable in Debian. * Plugins are at the user's own risk. * Make sure that the user reads this disclaimer. Have plugins disabled by default and make enabling them an explicit action. * Client configuration for !FreedomBox Mail (GSoC) * Roundcube * Edit /etc/roundcube/config.inc.php * IMAP URL: ssl://freedombox * SMTP URL: tls://freedombox port 587 * FQDN must match your TLS certificate * Mozilla Thunderbird * May use Let's Encrypt (not tested) * TB does not accept self-signed certificates that are also certificate authorities * Claws Mail works * Implicit SSL for IMAP * STARTTLS for SMTP (port 587) * Fallback logic for non-admin view rendering (GSoC) * https://salsa.debian.org/freedombox-team/freedombox/-/issues/2094 * configuration block vs. user_configuration and admin_configuration * Sunil to assist with merging the patch * TLS/SSL settings in Postfix and Dovecot (GSoC) * Debian Postfix still uses weak algorithms (improvements available starting v3.x) * Use this tool instead: https://ssl-config.mozilla.org/ (Intermediate configuration) * tls_preempt_cipherlist = no (reason being some bad mail clients fall back to insecure ciphers if server preferences cannot be honored) * Also change the certificate fingerprint algorithm to SHA-256 (default in v3.x) * Certificate verification problem in Postfix SMTP client (???) * 127.0.0.1 freedombox host2.test.example * Email deliverable from user1@freedombox to user2@host2.test.example * TLS certificate matches `freedombox` but not `host2.test.example` * To investigate * Dynamic DNS (GSoC) * VM for testing mail server, Let's Encrypt, email authentication * fliu to send SSH key for AWS * Preparing the wiki page for !UserManual (GSoC) * Create page on wiki * Ikiwiki: How do you set up the CGI for Ikiwiki, any documentation on that? * ikiwiki --setup Somehow not working? * Add CGI handler in Apache * https://salsa.debian.org/freedombox-team/freedombox/-/blob/master/plinth/modules/ikiwiki/data/etc/apache2/conf-available/ikiwiki-plinth.conf * Debconf 21 BoF session for !FreedomBox * BoF is confirmed * BoF may be recorded (BoF were recorded last year)