Hello OpenZaak community,
The Foundation for Public Code hosts resources which you are welcome to use
for collaboration around OpenZaak.
As video conference calls are essential, we host a Jitsi Meet instance.
If you sign up for an account, you can create your own rooms for your
conf-calls.
Instructions can be found in the Jitsi Meet User Guide:
https://about.publiccode.net/activities/tool-management/jitsi-guides.html
Sign up and we'll approve you once we see the notification.
If you have questions, please reach out.
Cheers,
-Eric
--
Eric Herman, Lead codebase steward for quality
Foundation for Public Code | https://publiccode.netgithub.com/publiccodenet | github.com/ericherman
eric(a)publiccode.net | +31 620719662 | @Eric_Herman
Open Zaak Technical Steering Group meeting 2021-05-12Attendees
- Jan Ainali
- Joeri Bekker
- Anton Boerma
- Eric Herman
- Sergei Maertens
- Tahir Malik
- Alba Roza
- Tjerk Vaags
Agenda
- Intro
- Status fof actions from previous meeting(s)
- Topics
- Logging
- Codecov security issue
- Delete Zaaktypen and Zaken
- Drop NLX config support
- Other
- Next meeting & chair
- Actions
Status fof actions from previous meeting(s)
- Create repo for Alfresco test image (done, Sergei)
-
https://hub.docker.com/repository/docker/openzaak/alfresco-content-services
- https://hub.docker.com/repository/docker/openzaak/alfresco-share
- Review PR/code for Alfresco test image (Anton)
- Response: Looking good, minor feedback pending.
- PR to Open Zaak to swap out images is WIP/pending, check next TSG
meeting
- RTD access for Sergei (Joeri)
- Done
- GOVERNENCE file approval by PST (?)
- Assigned to Joeri for next meeting.
Logging
How to approach this?
Describe how its done now in Open Zaak and document how it could be
monitored (general/broad) and mention a few specific tools as example.
Can write to file and parse with log4j, or whatever. Using volume mounts
for example.
Codecov security issue
For auditlog, paid account Docker Hub.
at $7/member/month this would cost about $500/year with the current org
members.
Jan saw there's apparently an OS organization which we can apply for:
https://www.docker.com/community/open-source/application
TSG agrees this is a useful thing to have and are in favour of pursuing
this.
Joeri follows up with PST. Maybe 3 people are enough.
https://openzaak.org/en/news/2021-04-16-codecov-security-update/
As for the handling of the security issue, the team agrees it was handled
correctly.
Emails that require action shall get a [action required] prefix so the
importance is clear. e-mail inboxes are filled by a lot of automated emails
so it's easy to glance over them.
Delete Zaaktypen and Zaken
#979 <https://github.com/open-zaak/open-zaak/issues/979>
With archiving, the same issues exists when objects need to be destroyed.
It's a hard problem to get a full overview of the state (all zaaktypes and
all related zaken)
Reference implementation allows deletion of zaaktype and leaves zaken
without an existing zaaktype.
Should we make a proposal to disallow deletion of zaaktypen to VNG?
Maybe Zaaktypen should not be really deleted but archived (marked as
deleted)?
Maybe clean up archived zaaktypen later?
Mark them as deleted and propose this to VNG/VNG Archiving group (Digitaal
Vernietigen - Amsterdam, DH, Anton).
Maybe also suggest a process on how should be deleted.
Quick term: Mark as deleted (hide from lists in admin and api, detail
available, cannot create new zaken with this zaaktype) since its different
from VNG behaviour anyway. Then suggest to VNG.
Drop NLX config support
NLX deprecated/is dropping support for the TOML config files, so this will
be removed from Open Zaak.
Other
Nothing.
Next chair and meeting
Tahir, next month
Actions
- Followup PR for Alfresco test image (sergei, for next meeting)
- GOVERNENCE file approval by PST (Joeri, bring up in PST)
- Docker Hub paid plan (Joeri, bring up in PST)
- Follow up on community plan application for Docker Hub (Tahir)
Recently there was a security incident at a third party (Codecov) used in
the development of Open Zaak. Open Zaak was not affected by this.
We've summarized the analysis that we performed and the steps taken on the
website <https://openzaak.org/en/news/2021-04-16-codecov-security-update/>.
Hi everyone,
Open Zaak 1.4.0 is released today. This is combined feature- and bugfix
release.
The new features are mostly focused on cloud integration, such as fully
automated
provisioning of the initial admin user during installation and integration
with Azure AD
for SSO. We also continue to improve the CMIS-adapter performance.
As always, the full release notes are available on the documentation website
<https://open-zaak.readthedocs.io/en/stable/development/changelog.html#id1> and
images are published to Docker Hub
<https://hub.docker.com/r/openzaak/open-zaak>.