openzaak-discuss May 2021

openzaak-discuss@lists.publiccode.net

4 participants
4 discussions

Jitsi Server available to OpenZaak
by Eric Herman 31 May '21

31 May '21

Hello OpenZaak community, The Foundation for Public Code hosts resources which you are welcome to use for collaboration around OpenZaak. As video conference calls are essential, we host a Jitsi Meet instance. If you sign up for an account, you can create your own rooms for your conf-calls. Instructions can be found in the Jitsi Meet User Guide: https://about.publiccode.net/activities/tool-management/jitsi-guides.html Sign up and we'll approve you once we see the notification. If you have questions, please reach out. Cheers, -Eric -- Eric Herman, Lead codebase steward for quality Foundation for Public Code | https://publiccode.net github.com/publiccodenet | github.com/ericherman eric(a)publiccode.net | +31 620719662 | @Eric_Herman

1 0

Technical Steering Group meeting May 12, 2021
by Joeri Bekker 12 May '21

12 May '21

Open Zaak Technical Steering Group meeting 2021-05-12Attendees - Jan Ainali - Joeri Bekker - Anton Boerma - Eric Herman - Sergei Maertens - Tahir Malik - Alba Roza - Tjerk Vaags Agenda - Intro - Status fof actions from previous meeting(s) - Topics - Logging - Codecov security issue - Delete Zaaktypen and Zaken - Drop NLX config support - Other - Next meeting & chair - Actions Status fof actions from previous meeting(s) - Create repo for Alfresco test image (done, Sergei) - https://hub.docker.com/repository/docker/openzaak/alfresco-content-services - https://hub.docker.com/repository/docker/openzaak/alfresco-share - Review PR/code for Alfresco test image (Anton) - Response: Looking good, minor feedback pending. - PR to Open Zaak to swap out images is WIP/pending, check next TSG meeting - RTD access for Sergei (Joeri) - Done - GOVERNENCE file approval by PST (?) - Assigned to Joeri for next meeting. Logging How to approach this? Describe how its done now in Open Zaak and document how it could be monitored (general/broad) and mention a few specific tools as example. Can write to file and parse with log4j, or whatever. Using volume mounts for example. Codecov security issue For auditlog, paid account Docker Hub. at $7/member/month this would cost about $500/year with the current org members. Jan saw there's apparently an OS organization which we can apply for: https://www.docker.com/community/open-source/application TSG agrees this is a useful thing to have and are in favour of pursuing this. Joeri follows up with PST. Maybe 3 people are enough. https://openzaak.org/en/news/2021-04-16-codecov-security-update/ As for the handling of the security issue, the team agrees it was handled correctly. Emails that require action shall get a [action required] prefix so the importance is clear. e-mail inboxes are filled by a lot of automated emails so it's easy to glance over them. Delete Zaaktypen and Zaken #979 <https://github.com/open-zaak/open-zaak/issues/979> With archiving, the same issues exists when objects need to be destroyed. It's a hard problem to get a full overview of the state (all zaaktypes and all related zaken) Reference implementation allows deletion of zaaktype and leaves zaken without an existing zaaktype. Should we make a proposal to disallow deletion of zaaktypen to VNG? Maybe Zaaktypen should not be really deleted but archived (marked as deleted)? Maybe clean up archived zaaktypen later? Mark them as deleted and propose this to VNG/VNG Archiving group (Digitaal Vernietigen - Amsterdam, DH, Anton). Maybe also suggest a process on how should be deleted. Quick term: Mark as deleted (hide from lists in admin and api, detail available, cannot create new zaken with this zaaktype) since its different from VNG behaviour anyway. Then suggest to VNG. Drop NLX config support NLX deprecated/is dropping support for the TOML config files, so this will be removed from Open Zaak. Other Nothing. Next chair and meeting Tahir, next month Actions - Followup PR for Alfresco test image (sergei, for next meeting) - GOVERNENCE file approval by PST (Joeri, bring up in PST) - Docker Hub paid plan (Joeri, bring up in PST) - Follow up on community plan application for Docker Hub (Tahir)

1 0

Codecov security update: Open Zaak is not affected
by Sergei Maertens 10 May '21

10 May '21

Recently there was a security incident at a third party (Codecov) used in the development of Open Zaak. Open Zaak was not affected by this. We've summarized the analysis that we performed and the steps taken on the website <https://openzaak.org/en/news/2021-04-16-codecov-security-update/>.

1 0

Open Zaak 1.4.0 released
by Sergei Maertens 03 May '21

03 May '21

Hi everyone, Open Zaak 1.4.0 is released today. This is combined feature- and bugfix release. The new features are mostly focused on cloud integration, such as fully automated provisioning of the initial admin user during installation and integration with Azure AD for SSO. We also continue to improve the CMIS-adapter performance. As always, the full release notes are available on the documentation website <https://open-zaak.readthedocs.io/en/stable/development/changelog.html#id1> and images are published to Docker Hub <https://hub.docker.com/r/openzaak/open-zaak>.

2 1

2023

2022

2021

2020

openzaak-discuss May 2021