19:00:01 <nirik> #startmeeting Infrastructure (2011-06-02)
19:00:01 <zodbot> Meeting started Thu Jun  2 19:00:01 2011 UTC.  The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:01 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
19:00:01 <nirik> #meetingname infrastructure
19:00:01 <nirik> #topic Robot Roll Call
19:00:01 <nirik> #chair goozbach smooge skvidal codeblock ricky nirik abadger1999
19:00:01 <zodbot> The meeting name has been set to 'infrastructure'
19:00:01 <zodbot> Current chairs: abadger1999 codeblock goozbach nirik ricky skvidal smooge
19:00:12 <nirik> who all is around for a meeting? :)
19:00:13 * skvidal is here
19:00:20 * StylusEater is here
19:00:42 * ricky /me
19:00:50 <wulfin> present
19:01:38 * abadger1999 here
19:01:42 * nirik waits a minute more for folks to wander in.
19:01:51 <CodeBlock> I'm here, but busy fixing something someone broke (non fi related) so might not be "here"
19:02:11 <Klainn> <--
19:02:22 <nirik> CodeBlock: no worries.
19:02:40 <goozbach> helldo
19:02:50 <nirik> morning goozbach
19:02:56 <mfurman> hello
19:02:56 <nirik> ok, I guess lets dive in...
19:03:00 <nirik> #topic New folks introductions and apprentice tasks/feedback
19:03:02 <goozbach> me is a bit behind
19:03:10 <goozbach> just got the apprentace email!
19:03:13 <goozbach> well stated
19:03:24 <nirik> Any new folks/apprentices want to introduce themselves and/or ask questions or provide feedback?
19:03:32 <nirik> yep. I just sent out the june email.
19:03:43 <wulfin> i'll step up as a returning newbie
19:03:43 <tideline> Hello I'm new to the group
19:03:47 <nirik> asking for feedback and seeing how many folks are using or finding useful the apprentice program.
19:04:06 <nirik> welcome mfurman, wulfin and tideline. ;)
19:04:16 <smooge> here
19:04:32 <wulfin> $DAYJOB has decided to give back the 10hrs a week I'm supposed to have for Fedora soooo...
19:04:44 <wulfin> glad to see the apprentice program and looking forward to it
19:05:00 <nirik> cool. ;) see us in #fedora-admin or #fedora-noc to get setup after the meeting.
19:05:04 <wulfin> and getting back to the FIG descripts i left half finished ')
19:05:14 * ricky cheers for $DAYJOB :-)
19:05:15 <goozbach> #info welcome mfurman wulfin tideline
19:05:32 <tideline> is the apprentice program something we all have to go through to be accepted in the admins group?
19:05:37 <nirik> we do have some easyfix tickets around... https://fedorahosted.org/fedora-infrastructure/report/14
19:05:42 <goozbach> #action (anyone) submit feedback about apprentice program
19:05:53 <nirik> tideline: nope, but it's a way for you to be able to login and look at config and see how things are setup...
19:06:07 <nirik> then it helps you decide what you might want to work on, and/or helps you gain trust to join other groups.
19:06:47 <skvidal> wulfin: 10hrs/week? wow
19:06:49 <StylusEater> nirik: I think your e-mail approach is good. Thanks.
19:06:56 <nirik> ok, lets move on then, unless there's any other questions or comments?
19:07:29 <wulfin> skvidal: yeah .. supposedly ... if I can eek out 4 i'll be happy
19:07:45 <nirik> #topic Upcoming Tasks/Items(nirik)
19:08:02 <nirik> upcoming items I have:
19:08:16 <nirik> soon: noc01 upgrade/replacement
19:08:19 * marchant is late
19:08:35 <nirik> soon also: ipv6 ip changes at ibiblio (I'm waiting on gateway from them)
19:08:53 <nirik> soon: setup puppet and app01 replacements.
19:09:04 <goozbach> nirik: please prefix each sub item with #info
19:09:10 <goozbach> that way I don't have to
19:09:11 <nirik> goozbach: ok. ;)
19:09:20 <nirik> #info soon: noc01 upgrade/replacement ( CodeBlock )
19:09:32 <nirik> #info soon: ipv6 ip changes at ibiblio (I'm waiting on gateway from them) (nirik)
19:09:41 <nirik> #info soon: setup puppet and app01 replacements. (nirik)
19:09:55 <nirik> #info secondary01->02 migration (smooge)
19:10:17 <nirik> #info 2011-06-14 or so: post release housecleaning tasks.
19:10:22 <goozbach> that helps keep the repeats of goozbach spouting off in the channel to a minimum
19:10:23 <goozbach> :)
19:10:29 <nirik> #info 2011-06-17 FPCA drop dead date.
19:10:41 * abadger1999 has some stats on FPCA drop dead
19:10:52 <nirik> abadger1999: cool. Have em handy?
19:11:27 <abadger1999> http://http://toshio.fedorapeople.org/fpca/
19:11:36 <abadger1999> The summary is that it's not looking too good.
19:12:02 <abadger1999> Lots of packages are still losing owners.
19:12:03 <nirik> would another announcement help?
19:12:09 <abadger1999> Lots of groups are losing members
19:12:12 <abadger1999> Yeah, I think so.
19:12:31 <abadger1999> Also, we can start target the people who have specifically not signed the fpca if we want.
19:12:32 <smooge> I think another announcement will produce a little. Fedora people are very IRQ driven
19:12:43 <smooge> so I don't expect it to take effect until the 18th
19:12:46 <nirik> perhaps a blog post or something might help?
19:12:51 <nirik> (at least some)
19:13:00 <abadger1999> fas_users.txt has everyone who has signed the cla but not fpca
19:13:02 <smooge> ok I can do that
19:13:07 <nirik> smooge: cool.
19:13:13 <skvidal> nirik: title it "other things we're taking away b/c we're mean"
19:13:15 <smooge> plus we are going to see a bunch of onetimers go also
19:13:20 <skvidal> nirik: see if you can get some attention :)
19:13:24 <nirik> ha.
19:13:33 <abadger1999> union_important_users.txt has everyone that is a package owner/comaint/in a group requiring cla_done
19:13:59 <nirik> excellent.
19:14:10 <nirik> Lets start trying to bug people as much as we can...
19:14:33 <skvidal> i've been doing that for years
19:14:35 <skvidal> ohhhhhhh
19:14:37 <skvidal> you mean about this
19:14:37 <abadger1999> smooge: <nod>  a statistic there: important users: 2275, cla but not fpca signers: 22980
19:14:38 <skvidal> sorry
19:14:39 <ricky> If you want to be really crazy, it wouldn't be hard to get a nag message on their consoles every git commit :-)
19:14:49 <smooge> Actually I was thinking of taking one of those spam emails that make people send in passwords and just change it here
19:15:42 <mathezula> Ah, jeez, sorry I missed the meeting.
19:15:46 <nirik> well, lets try blog posts / another announcement / bugging people when we see them on irc and revisit next week?
19:15:49 <mathezula> I wish I could have been here to listen in.
19:15:54 <abadger1999> nirik: Sounds good.
19:16:04 <nirik> mathezula: ? this is the fedora infrastructure meeting BTW. ;)
19:16:12 <abadger1999> I figure we'll keep bugging people until we get the numbers down to a reasonable level.
19:16:20 <mathezula> oops hehe :)  Don't mind me, I'm not here lol
19:16:22 * mathezula steps out
19:16:29 <abadger1999> So the deadline will get extended a few times.
19:16:33 <nirik> so smooge is doing the blog post, who wants to do the announce email?
19:16:37 <goozbach> mathezula: there'll be logs/minutes
19:16:55 <goozbach> #action smooge to do blog post RE fpca
19:17:14 <nirik> spot: you want to send another FPCA announce/nag email? ;)
19:18:00 <spot> abadger1999: can you run a report and send me the specifics?
19:18:22 <nirik> spot: http://toshio.fedorapeople.org/fpca/ has lots of the info.
19:18:29 <spot> oh, okay
19:19:11 <spot> which one of those files is the list of users I need to email?
19:20:06 <nirik> I guess union_important_users.txt... right abadger1999 ?
19:20:45 <nirik> smooge: when did you want to do secondary? next week?
19:20:48 <skvidal> spot: if you want to email specific people - both ricky and I have a script to emit emails easily-ish
19:21:05 <smooge> nirik, spot, skvidal I will be on vacation from June 8th to June 16th.
19:21:12 <skvidal> smooge: cool
19:21:15 <skvidal> have a nice time
19:21:21 <spot> skvidal: okay, if i give you the text for the email, can you send it to the people who have not yet signed?
19:21:25 <abadger1999> spot, nirik: Correct union_important_users.txt
19:21:32 <nirik> smooge: oh yeah. ok. :) Have fun...
19:21:35 <smooge> I will be at SELF and with family so not sure if I will have a nice time :).
19:21:36 <skvidal> spot: yah I think I can manage that
19:21:43 <smooge> nirik, I can do it on Monday or tomorrow
19:21:56 <nirik> smooge: ok. Sounds good.
19:22:04 <Southern_Gentlem> smooge,  SELF is a nice con
19:22:11 <ricky> Cool :-)
19:22:14 <smooge> it should be a 40 minute outage at most
19:22:17 <smooge> with a simple revoke
19:22:31 <skvidal> spot: do you want it from you or from admin@ or what?
19:22:45 <spot> skvidal: either one is fine.
19:22:46 <smooge> I am going to be doing a talk on how to train your users
19:22:54 <nirik> #info we have rhel5 kernel updates to apply also. Possibly look at scheduling those next week (after we improve our process, see upcoming topic).
19:23:11 <nirik> spot, skvidal: thanks!
19:23:23 <nirik> Any other upcoming tasks folks would like to discuss?
19:24:05 <smooge> QA network move
19:24:17 <nirik> ah yes.
19:24:22 <smooge> that looks to be happening on the week of July 11th (probably the 12th)
19:24:33 * skvidal will likely not be around that week
19:24:39 <nirik> #info 2011-07-11 to 2011-07-14 smooge and nirik will likely be out in phx2.
19:24:42 <skvidal> it's eunice's b-day and that tends to make me vanish
19:24:48 <nirik> skvidal: no worries.
19:25:02 <nirik> we need to start a list of tasks to do while we are out there.
19:25:02 * skvidal will be putting in for pto for it soon
19:25:09 <nirik> Off the top of my head:
19:25:18 <smooge> you will be visiting her dimension which is 270 degrees perpendicular to ours?
19:25:18 <skvidal> nirik: could you put 'find compose-x86' on the list?
19:25:27 <smooge> found it
19:25:36 <skvidal> ah - good
19:25:36 <nirik> * Community/QA move and racks/networks setup.
19:25:44 <smooge> woo hoo I got something off my list :)
19:25:53 <nirik> * Inventory (clearly fixing any labels of anything we have)
19:26:05 <smooge> we will also be doing a relabeling and getting some sort of inventory tracking up
19:26:16 <ricky> Labeled cyclades will be awesome :-)
19:26:27 <nirik> * I'd like to get permission to take some front and back pics of our racks. (I have found them to be very very usefull to see whats connected where when you can't remember/didn't note it)
19:26:30 <skvidal> ricky: cmon - you know flipping between each port at a time is fun
19:26:45 <nirik> * remove old stuff that we don't want anymore.
19:26:52 <nirik> * Fix tapes in tape drive/replace with good ones.
19:26:58 <smooge> skvidal, ricky. Once I label them I will be sure to move all the wires around for good measure
19:27:28 <smooge> actually we will be putting in the whole new tape system (I hope)
19:27:41 <nirik> smooge: cool. has that arrived?
19:28:00 <smooge> it is arriving in pieces
19:28:02 <smooge> we have a cable
19:28:06 * nirik notes backup01 is still under warentee for a while, we might use it for something else after new backup is in.
19:28:11 <nirik> ha ha.
19:28:21 <skvidal> smooge: is it a power cable?
19:28:43 <smooge> no it is the cable between the quantum (which isnt there) and the computer (which isnt there)
19:29:08 <nirik> ok, so I will probibly be setting up a file or wiki page to collect on-site tasks so we can not miss anything and also prioritize.
19:29:13 <skvidal> spot: got the txt
19:29:20 <nirik> Any other upcoming tasks/notes?
19:29:37 <smooge> we will be there from Monday -> Thursday when our money will probably run out
19:30:09 <smooge> and spot will have to send us money via Western Union in small bills for greyhound to take us home.
19:30:18 <nirik> :)
19:30:24 * ricky is moving infra.fp.o to not go through the proxies - will be complete tonight or tomorrow depending on how fast the firewall requests go through
19:30:35 <nirik> ok.
19:30:43 * skvidal is modifying run-puppet to check infra.fp.o
19:30:51 <skvidal> to see if the host is disabled for running puppet or not
19:30:57 <smooge> ricky, firewall requests won't be happening for a bit. Red Hat quarterly freeze I believe is still in effect
19:31:01 <skvidal> at which point we will change the guidelines for disabling puppet :)
19:31:07 <ricky> Ah...  that's good to know.
19:31:09 <nirik> skvidal: sounds good.
19:31:13 <nirik> #topic Outages Retrospectives
19:31:19 <ricky> Then I'll just get the configs in place and sit for a bit
19:31:24 <smooge> ricky, do you have a ticket number for the change (or was it up to me?)
19:31:34 <nirik> So, I sent out an email on this. There are some ways we can do better, IMHO.
19:31:41 <ricky> I was going to file one today after I had the IP blocking configs in
19:32:21 <skvidal> ricky: and we'll need to update the docs on adding a host/ip range to include that
19:32:42 <skvidal> ricky: and I wouldn't cry a river to have iptables blocks in place, too, if we don't already
19:32:44 <ricky> Yup.  And make those docs exists too :-)
19:32:50 <skvidal> heh
19:32:53 <skvidal> I thought they did exist but okay
19:33:41 <nirik> yeah, adding a machine and retiring a machine SOPs can use more details/work. ;)
19:34:08 <smooge> ok question do we have an outage SOP?
19:34:11 <nirik> Anyone like/dislike my plan on splitting out the machines into groups?
19:34:16 <nirik> smooge: we do.
19:34:20 <ricky> Yeah, we do:https://fedoraproject.org/wiki/ISOP:OUTAGE
19:35:08 <smooge> nirik, in doing the updates/outages last year I found that doing things in groups was quite needed
19:36:04 <smooge> one item though was that groups changed between outages :/
19:36:17 <smooge> because X would no longer rely on Y but Z
19:36:40 <mathezula> hm.  this meeting was an insulting joke.   it wasn't actually discussed, it was just 3 people agreeing with whatever bob jensen said to them.  I'd like to escalate our request.  How would I do that?
19:36:56 <ricky> Yeah.  It'd be nice to have some system to which hosts guests live on so that the dependencies and relationships stay more stable.
19:37:12 <skvidal> mathezula: umm - I think you're talking about an earlier meeting
19:37:17 <mathezula> I am indeed.
19:37:51 <nirik> smooge: yeah, things do change... perhaps we just manually update the SOP before each mass update?
19:38:00 <nirik> mathezula: this would not be the place/time for that.
19:38:30 <mathezula> I see.  What would be the proper time and place?
19:38:46 <nirik> anyhow, we can collect more feedback from the list on the ideas? I'd like to try and use them next week for kernel updates.
19:38:52 <smooge> mathezula, not our meeting
19:39:11 <smooge> nirik, I will read and collect those items
19:39:12 <nirik> mathezula: next week at the same meeting from eariler? or that groups mailing list? or the board list?
19:39:19 <skvidal> nirik: I think we have to break things apart more
19:39:20 <mathezula> After reading 'your meetings' I am less impressed than I was initially, but if you have a suggestion for a different place or time I'd be happy to work around that
19:39:28 <mathezula> ok thank you, that's what I was asking for.
19:39:49 <skvidal> nirik: which will definitely require some duplication - to keep things from hitting a spof
19:40:13 <nirik> skvidal: sure, the c group needs to be into subgroups...
19:40:22 <skvidal> nirik: the points I raised a few meetings back about moving to app-specific dbs
19:40:30 <nirik> ie, appN, take one down, wait, next
19:40:41 <nirik> yes, the db's are a massive single point.
19:40:54 <skvidal> http://skvidal.fedorapeople.org/hidden/fedorasvcsfuture.png
19:41:27 <skvidal> the clusters of services there can be mapped pretty well to your group definitions in many cases
19:41:46 <nirik> yep.
19:41:55 <skvidal> I'll reply on list
19:41:57 <nirik> and in that model things would be less entangled... etc
19:42:00 <skvidal> less noise here
19:42:14 <nirik> we have some virt hosts that have group a and b and c things
19:42:22 <nirik> making them group a pretty much
19:42:45 <skvidal> which is unhappy-making :(
19:42:48 <nirik> anyhow, yes, feedback welcome.
19:43:07 <nirik> anything more on outage/upgrades?
19:43:12 <skvidal> related yah
19:43:39 <skvidal> I added to our virthost-lists.out output now to include whether or not an instance is set to autostart or not
19:43:53 <skvidal> for example
19:43:58 <skvidal> grep running:0 /var/log/virthost-lists.out
19:43:58 <skvidal> bvirthost02.phx2.fedoraproject.org:nfs01:running:0
19:43:58 <skvidal> bvirthost03.phx2.fedoraproject.org:koji01:running:0
19:43:58 <skvidal> bxen03.phx2.fedoraproject.org:kojipkgs01:running:0
19:43:58 <skvidal> virthost01.phx2.fedoraproject.org:insight01.stg:running:0
19:44:01 <skvidal> virthost01.phx2.fedoraproject.org:secondary02:running:0
19:44:03 <skvidal> virthost01.phx2.fedoraproject.org:smolt01:running:0
19:44:13 <skvidal> that command shows which hosts are currently running but are NOT set to autostart
19:44:25 <skvidal> and grep 'shutdown:1' /var/log/virthost-lists.out
19:44:33 <skvidal> shows hosts which are shutdown but set to autostart
19:44:53 <nirik> excellent.
19:44:55 <skvidal> that's updated every hour now so it should help us catch issues on updates/reboots
19:44:55 <ricky> Cool, we can do regular cleanups of those
19:44:57 <nirik> thank you for doing that.
19:45:14 <skvidal> also - I finished up func-change-password
19:45:25 <skvidal> and I'll put it in place on puppet1 shortly - it's in upstream func now
19:45:32 <skvidal> func-change-password --hosts=blah username
19:45:44 <nirik> nice.
19:45:46 <skvidal> it'll prompt you for the new password and then push the change out to all the hosts
19:46:00 <skvidal> it does it by crypting the pw locally and sending that in a file over and using chpasswd
19:46:08 <smooge> will fix those on virthost01 after meeting
19:46:16 <skvidal> I did that so the crypt doesn't even show up in a process log or an environment dump anywhere
19:46:28 <skvidal> smooge: I think smolt01 is not a mistake on virthost01
19:46:40 <skvidal> finally - as  a part of what came out of the updates issues
19:46:42 <smooge> most likely. but the other two are
19:46:56 <skvidal> I wrote up something that I think ricky and I are going to work on a bit at a time (once infra.fp.o is direct)
19:47:03 <skvidal> http://skvidal.fedorapeople.org/hidden/fi-systems-mgmt-tool
19:47:29 <skvidal> it essentially is a mechanism to collect our data in one place and force (okay nag) us to keep it current
19:47:34 <nirik> this will help a lot with inventory and making sure our data is good.
19:47:40 <skvidal> that's the plan, yes
19:47:51 <nirik> thanks skvidal
19:47:51 <CodeBlock> I'm here now. Sorry about that
19:47:56 <nirik> CodeBlock: just in time...
19:48:04 <nirik> #topic Congrats Codeblock
19:48:05 <StylusEater> skvidal: better than nagios ... :-)
19:48:11 <nirik> http://blog.ianweller.org/2011/06/01/congrats-to-ricky-elrod/
19:48:17 <nirik> Congrats CodeBlock. ;)
19:48:20 <skvidal> StylusEater: don't make me injure myself
19:48:31 <CodeBlock> wow an entire meeting section for me. ;)
19:48:39 <CodeBlock> thanks guys :D You are all awesome :)
19:48:56 <ianweller> CodeBlock: congrats again :)
19:49:18 <CodeBlock> ianweller: Thank you much, and thank you for the work you did to make the scholarship happen :)
19:49:29 <ianweller> CodeBlock: btw, you get the opportunity to run it next year if you want. :)
19:49:39 <ianweller> just throwing that out there. that's a thing we did starting this year
19:49:46 * ianweller -> escapes meeting
19:49:52 <nirik> #topic Meeting tagged tickets:
19:49:52 <nirik> https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&group=milestone&keywords=~Meeting&order=priority
19:50:10 <nirik> any meeting tagged tickets (or any others) people would like to point out/talk about?
19:50:39 <StylusEater> .ticket 2804
19:50:41 <zodbot> StylusEater: #2804 (Decide on FAS password requirements.) - Fedora Infrastructure - Trac - https://fedorahosted.org/fedora-infrastructure/ticket/2804
19:50:49 <nirik> ah yes...
19:50:53 <StylusEater> This came up the other day.
19:51:02 <ricky> Thanks, StylusEater :-)
19:51:14 <nirik> personally I don't care how long they are, as I use keepassx, but I suspect many people will push back if we make them too long.
19:51:42 <StylusEater> I put a link to an academic paper in the ticket along with a brief synopsis.
19:51:46 <nirik> we also have had poor luck in the past with expring/forcing people to change them. (although we could well try again)
19:52:13 <StylusEater> nirik: I agree. Balance is key.
19:52:46 <ricky> Yeah, I'd be fine with having relatively lax requirements - the question is whether 8 chars is too lax...
19:52:51 <Southern_Gentlem> once per year seems to be the industry standard
19:52:58 <ricky> And I think nowadays, it is.  Cracking has gotten extremely good.
19:53:06 <nirik> Southern_Gentlem: yeah, but last time we tried there was a pretty nasty outcry...
19:53:09 <StylusEater> nirik: can we differentiate based on id? so infra people have to have more complex passwords compared to people who don't particpate in the "innards"
19:53:36 <nirik> StylusEater: I suppose so, but it might be better to implement a yubikey / someother OTP type thing for shell access.
19:53:38 <ricky> It's possible, but it's not pretty code-wise to enforce that.
19:53:38 <Southern_Gentlem> nirik,  then you point them at the past breakins
19:53:52 <StylusEater> ricky: true
19:54:20 <nirik> There's apparently a rfc: http://www.ietf.org/rfc/rfc4226.txt for HOTP
19:54:24 <StylusEater> it seems the study I found indicates 12 alpha is sufficiently complex ... surprisingly enough
19:54:29 * ricky still supports the idea of running simple crackers on our nss db (without storing the results or anything) and notifying people...   People say that's a whole can of worms though :-(
19:54:36 <nirik> which claims to have implementations in android/iphone/whatever.
19:54:44 <ricky> But it's a pretty effective way :-/
19:55:04 <nirik> if we go with the recommendations in the ticket, we at least have the paper to point to. ;)
19:55:17 <CodeBlock> ricky: would certainly be interesting
19:55:18 * nirik looks to see how old it is.
19:55:21 <StylusEater> nirik: I can dig up some more if you'd like.
19:55:27 <ricky> There's also http://www.nongnu.org/python-crack/ which is basically equivalent to what I mentioned, but for some reason turns less heads :-)
19:55:34 <StylusEater> nirik: 2010
19:55:35 <nirik> StylusEater: with the same conclusions? :)
19:55:50 <StylusEater> nirik: hopefully similar conclusions...
19:56:20 <ricky> I do like the idea of the craziness of the requirements decreasing with length.  It's a mouthful to explain to somebody, but it makes sense.
19:56:23 <smooge> ricky, here is the issue with passwords. If a hash is known, it needs to be considered gotten no matter if it is 256 characters long. And most cracking these days does not depend on password or length
19:56:46 <smooge> basically you ask the person for their password somewhere and then use it everywhere else
19:57:04 <nirik> in the interest of avoiding too many colors for the bikeshead, I'm fine with implementing the suggested thing in the ticket
19:57:34 <ricky> I don't know..  I don't consider my password gotten if the hash is leaked.  I'd definitely still change it ASAP, I know that my situation is far better than somebody who just barely meets the requirements.
19:57:49 <ricky> Yeah, I was hoping this would just be a "pick something and do it" item :-)
19:58:04 <ricky> Although http://www.nongnu.org/python-crack/doc/crack-api.html is seeming more and more attractive as well now
19:58:05 <StylusEater> smooge: so sha-2 + random salt + random cycles
19:58:34 <smooge> nirik I am ok with what is in the ticket.
19:58:36 <ricky> I recently switched FAS's password hash from md5-based crypt to sha2-based crypt
19:58:50 <StylusEater> ricky: sweet ... good to know :-)
19:59:00 <ricky> So it'll be out next release.
19:59:53 <nirik> The problem with cracking them and letting people know is that then if we emailed them we aren't sure if they got it or someone in between or whatever.
20:00:05 <smooge> ricky, I will bring up my bikeshed after the meeting to better explain
20:00:07 <nirik> it would be much better to do that at change time...
20:00:17 <nirik> ie, 'pick another password, this one is poor'
20:00:22 <ricky> That's always a problem with email though :-/, but I'm fine with doing it at change time too.
20:00:44 <nirik> if it's easy to do at change time, then thats cool.
20:00:50 <ricky> (And we do plaintext email password resets, by the way - unfortunate, but there's no other practical way :-()
20:00:56 <nirik> #agreed will use values from ticket for now.
20:01:00 <ricky> (We do support GPG-encrypted ones if you add a GPG key, most people don't)
20:01:09 <nirik> yeah, bummer. ;(
20:01:18 <nirik> ok, any other items?
20:01:21 <nirik> #topic Open Floor
20:01:23 <smooge> though for too many geek conversations it needs to be 'pick another password, we guessed it using this easily known technique <link to outline>'
20:01:32 <nirik> smooge: yeah.
20:02:27 <nirik> ok, go forth and infrastructure! (ok, thats probibly not a verb, but anyhow...)
20:02:36 <nirik> #endmeeting