Meeting notes - 10th December 2020 virtual meeting

Date: 10th December 2020

Participants: Adrian, pepe2k, richb, aparcar, chunkeey, lynxis, nbd, wigyori, stintel, Hauke, jow, Daniel, thess, Rafał, kaloz, blogic, ynezz

• In Hamburg we decided to make releases more often (every 6 months), but nothing changed.
  • currently blocked by DSA integration, kernel updates, https, ...
• have snapshot releases in addition?
  • Just cut master at a time
• Kernel: Use the testing kernel feature to use the next LTS kernel
• Keep master in usable state, including user space and Luci
  • DSA was a problem
    • rampis was the first big target which got it with kernel 5.4
  • add feature flags?
    • add global flag to activate all testing flags
    • Needs coordination
    • like the experimental flag in the kernel
    • two branches will probably not work because we do not have enough manpower
    • Daniel will implement this feature flag

• signed sysupgrade images was added some years ago
• secure master key and delegate keys to the builds
  • key revocation is implemented
• not activating by default for now, but sign it and allow to check if.
• this would make it easier for vendors to use strong crypto in their system
• For automatic update this would be needed
  • we could also sign a file with the hashes of the images
• do better security review of ucert, when we use it by default people will look closely at it
  • canonical format is needed

• Missing in LuCI, eta 2-3 weeks
• Missing default network configuration

• https://github.com/openwrt/openwrt/pull/3654 (3 ACKs, 1 NACK)
• https://github.com/openwrt/luci/pull/4637/ (merged already)
  • turn it off
  • disabling this would violate the 802.11 standard on some targets where the drivers/firmware fail to adjust the rates that management and control frames are transmitted at to the minimum basic rate that is advertised in the beacon and probe response frames
    • works normally
    • should be added to the release notes and people can turn it on again.
• enable ieee80211w by default after branching
• John will push ieee80211ax changes after branching
• ieee80211w could cause problems with very broken and/or old devices
  • we plan to ignore this
  • it should be very easy to disable these features to make old devices work

• shouldn't be in the release, experimental
• see also: https://biot.com/switches/

• landing page still on :80 with opt-in (single button enable) for HTTPS?
• no https in release

• proposal to branch of beginning of Jan and get the features which are in and nothing more.
• do not update the wifi driver for now keep them based on kernel 5.8 and do a minor update in March or so with an update to 5.10 based

• is EOL now

• 19.07 EOL date extension, currently set to January 2021
  • lets figure this out in the next few days and put it on the mailing list
  • increase to August 2021 for now

• Motivation for new rules...
• keep voting on the list
  • based on timezone it is hard for some people to join meeting
• having a binding road map will probably not work
  • OpenWrt is a hobby project for most of us and we would not commit to this
• For the next meeting people should prepare how we can improve the meeting
• put onto next meeting

• if it breaks just revert it, but inform the person before
  • it is not about the person, but about the code
• It is much more important to keep master working

• possible migration {git,gitlab}.openwrt.org
• CI testing?
• an other part of infrastructure we have to maintain
• Is there an open source gitlab hoster
  • The systemd team could host it?
• An overview over the current infrastructure would be nice next meeting

• What? https://github.com/openwrt/openwrt/pull/3534
• Keep devices/schema in main repo or have them separate (e.g. “devices.git”)?
  • does not have to be manually copied to wiki when we have it in git and mandatory for adding a new device
  • https://aparcar.github.io/devices/
  • possible to combine this with board.d files later
  • keep it in the main repo makes it easy to check if it is added in a commit which adds a new device

• Create public “press” repo with logos etc?
• A 2. version was posted in the forum
• a conversion to over a longer time would be ok
• SVG for the (new) OpenWrt logos: https://gist.github.com/jow-/503002651aa3ee3e8803b5ad29abf7ca

• the only official one: https://twitter.com/lede_project (still “LEDE”, time for rebrand?), but:
  • https://twitter.com/openwrt/
  • https://hub.docker.com/u/openwrt
• Is this handled by someone from the team? https://twitter.com/openwrtdevices
  • AFAIK access by lynxis, Adrian, at least one other non-committer
• The twitter owner does not answer we should involve SFC
  • For docker it could also work this way
  • John takes care of twitter

• Non-public communication, e.g. talking about not published security problems
• continue using contact@openwrt.org for this
• hackers@openwrt.org did not went so well
• use a closed forum category
• think about this topic and discuss about it in the next meeting

• projected EOL for 19.07 currently January, extend to August for now ok?
  • https://openwrt.org/docs/guide-developer/security

In about one month, Paul takes care.