Hi everyone!
Open Zaak 1.6.0 and Open Notificaties 1.3.0 have just been released. Both
releases focused on upgrading our dependencies to keep receiving security
fixes from the underlying framework.
Users are advised to update as soon as possible to keep receiving future
security updates and keep the upgrade path as smooth as possible.
Additionally, the container images have been updated to use smaller base
images, both reducing the potential attack surface and resulting image
sizes.
Finally, a number of bugs in Open Zaak were fixed and some periodic project
maintenance performed. For the full list of changes and required manual
interventions while upgrading, please review the Open Zaak changelog
<https://open-zaak.readthedocs.io/en/stable/development/changelog.html#id1> and
the Open Notificaties release notes
<https://open-notificaties.readthedocs.io/en/stable/changelog.html#id1>.
As usual, the container images have been published to Docker Hub
<https://hub.docker.com/u/openzaak>.
Hi everyone,
I'd like to draw attention to this Github issue about funding:
https://github.com/open-zaak/open-zaak/issues/1104 I would like to have
this put on an agenda somewhere with people who make the budget-kind
decisions.
Some more context: recently there has been some questions about the Helm
Charts and container images of Open Zaak. In parallel of that, the
documentation of deploying on Kubernetes has been rewritten which
references these Helm charts. While processing the feedback, a budget issue
was raised on Github by me, pointing out the structural need to keep
supporting the infrastructure aspect of the community.
Hi Open Zaak community,
Some personal news as I'm leaving the Foundation for Public Code to start
another job in January. I will no longer belong to the organization
although I'll still be an enthusiastic public code supporter.
I didn't want to leave without sharing the Open Zaak videos I've worked on.
Here you can find the (still hidden) playlist
<https://youtube.com/playlist?list=PL_5ziu2gADmCnEhBPf2KXXjGqaAdI3epJ> that
will be published on Monday.
It's been an interesting time where I got to learn a lot about
open collaboration and got to know some of you better.
I wish you all the best in the future,
Alba
--
Alba Roza | Codebase Steward Communities & Product
alba(a)publiccode.net | @alba_roza
Foundation for Public Code | https://publiccode.net
We are proud to announce the release of Open Zaak 1.5.0! We have introduced
a number of new features, such as rootless container images, generic OpenID
Connect integration, performance improvements and a number of bugfixes.
Additionally, we have also updated the various deployment toolsets.
BEFORE upgrading, please make sure to read the release notes (
https://open-zaak.readthedocs.io/en/stable/development/changelog.html#id1)
and detailed upgrade instructions, as 1.5.0 requires some special
attention. You can read these here:
https://open-zaak.readthedocs.io/en/stable/installation/reference/1-5_upgra…
Additionally, Open Notificaties 1.2.1 has been released for a while without
any spotlight shining on it. The 1.2.x line also has container image best
practices applied. The changelog is available on
https://open-notificaties.readthedocs.io/en/stable/changelog.html.
Please note that Open Notificaties no longer supports RabbitMQ as celery
result backend. This should not be a problem if you deploy using our
Ansible collection or Helm charts, but if you're running your own tooling,
you have to switch to Redis for this. You can review the Ansible roles or
Helm charts as a reference, they have been updated.
We recommend everyone to upgrade to these new versions, if only for the
better practices applied in the container images.
As a final note and announced earlier in this mailing list, we also want to
point out that you can sign up to the "Release Early Notice List" on
https://odoo.publiccode.net/survey/start/086e0627-8bc0-4b65-8aa9-f6872aba89….
The Open Zaak technical steering team provides these notifications for some
releases because system administrators need time to schedule an update,
which can be especially important if a security vulnerability was resolved
in the update.
Hi all,
After the summer vacation, the technical steering meetings didn't continue.
In my opinion, this is fine and we only need to meet if necessary. But, I
think it's necessary to discuss a topic that we're struggling with at the
moment.
*Topic: Adding non-standard API features into Open Zaak*
In short, Open Zaak currently has version 1.0 of all ZGW API's implemented.
The ZGW API specifications however are evolving. Some of these API changes
are needed "now" and the question arrives if we should just add this
filter, this extra field, etc. without moving the entire API to the next
version (because that takes more time/money). Some features might even be
planned for a future version of the specification that is not released yet
(but we need now!)
The question: Should we be allowed to add some of these non-standard
features into Open Zaak (properly documented as a difference, and only if
it's in line with the future of the specifications)?
*Meeting proposal*
I propose to discuss this (and perhaps other topics) in the next meeting,
which I'll schedule on December 8, 14.00. If I don't hear anything before
November 17, I'll assume this date and time are okay.
Best regards,
Joeri Bekker
--
<https://opengem.nl>
Een initiatief van Maykin Media
Keizersgracht 117, 1015 CJ Amsterdam
tel.: +31 (0)20 753 05 23
http://www.maykinmedia.nl
Beste Allemaal,
In de afgelopen 1,5 half jaar heb ik met een aantal van jullie
samengewerkt. Het leek me daarom goed om jullie te melden dat Donderdag 27
oktober mijn laatste werkdag bij de Foundation for Public Code zal zijn.
Ik heb besloten dat het tijd is om een nieuwe uitdaging aan te gaan. Welke
dat is weet ik nog niet maar dat zal snel duidelijk worden ;-)
Ik wens jullie allemaal het beste en heel veel succes met het toepassen en
het in de dagelijkse praktijk brengen van Open Source in de overheid want
dat is en blijft hard nodig. Ook hoop ik dat de landelijke politiek de
komende kabinetsperiode meer structurele ondersteuning zal bieden voor
gemeenten en provincies om het gebruik van open source op te schalen en er
voor te zorgen dat het beheer en de ondersteuning van open source
communities en codebases beter wordt gewaarborgd.
Mijn telefoonnummer blijft hetzelfde en jullie kunnen mij vinden op
LinkedIn: https://www.linkedin.com/in/felixfaassen/
Mijn collega's Alba Rossa, Jan Ainali en Eric Herman zullen mijn taken
overnemen. Jullie kunnen ze bereiken via stewards(a)publiccode.net
Hartelijk dank voor de fijne samenwerking en ik spreek een aantal van
jullie wellicht nog in de Signalen product steering meeting.
Hartelijke groeten,
Felix
--
Felix Faassen, Codebase steward
Foundation for Public Code | https://publiccode.netgithub.com/publiccodenet | github.com/felixfaassen
felix(a)publiccode.net | +31 624633278
Hi all - apologies for the late communication about last month's TSG
meeting notes.
OpenZaak Technical Steering Group meeting 2021-07-14
<https://hackmd.io/qTkKrKPWRjOrumeAJzt9qg#Attendees>Attendees
- Jan Ainali
- Joeri Bekker
- Anton Boerma
- Eric Herman (possibly later)
- Sergei Maertens
- Tahir Malik
- Tjerk Vaags (excused)
<https://hackmd.io/qTkKrKPWRjOrumeAJzt9qg#Agenda>Agenda
- Intro
- Upstream standard
- Demodam
- Docker hub acccount
- Product Steering Team status
- Next meeting & chair
<https://hackmd.io/qTkKrKPWRjOrumeAJzt9qg#Upstream-standard>Upstream
standard
Example: https://github.com/open-zaak/open-zaak/issues/1003
- Some organizations consider forking Open Zaak (OZ’s position is to not
implement things that aren’t part of the standard)
- OpenZaak Kerngroep supposedly is bringing up these issues as well
- Have someone from VNG in the product steering and someone from OZ in
the Standards group with the purpose of communicating pressing issues of
bugs in the standard
- Action Tahir invites Michiel
- Start prep work on branch to implement this (based on ref impl)
- Warning: once you accomodate an organization, typically they relieve
the pressure on upstream because their needs are now fulfilled. Anton
confirms this sentiment.
<https://hackmd.io/qTkKrKPWRjOrumeAJzt9qg#Demodam-amp-NLX>Demodam & NLX
OpenZaak was installed very quickly.
-
Open Zaak builds absolute URLs based on the request Host header
- with NLX and internal kubernetes services you would get
https://open-zaak.namespace/zaken/api/v1/...
- or you have to use a publicly accessible URL
-
Options:
- ask NLX team to configure the Host header to use
- implement OPENZAAK_DOMAIN environment variable (best option)
- Action Sergei creates ticket
- Use (reverse) proxy -> tricky w/r to ALLOWED_HOSTS validation and
not recommended
-
Joeri wrote two articles on the Common Ground website:
-
https://commonground.nl/groups/view/d9c2f667-2f3e-4153-a79b-57dde7f56cc2/te…
-
https://commonground.nl/groups/view/d9c2f667-2f3e-4153-a79b-57dde7f56cc2/te…
<https://hackmd.io/qTkKrKPWRjOrumeAJzt9qg#Docker-hub-account>Docker hub
account
- Didn’t get any info back
- Submitted contact form again on 12-7-2021
- We keep waiting
<https://hackmd.io/qTkKrKPWRjOrumeAJzt9qg#Product-Steering-Team-status>Product
Steering Team status
- The PST is shutting down?
- Decision is not made yet - once there is a decision we need to see the
impact on Governance.md
<https://hackmd.io/qTkKrKPWRjOrumeAJzt9qg#%E2%80%A6-other>… other
- OpenID Connect integration is being worked on
- Next release (probably) end of the month (1.5.0)
- contains the patch to not run as root in the container
- Action: Sergei will prepare this
<https://hackmd.io/qTkKrKPWRjOrumeAJzt9qg#Next-meeting-amp-chair>Next
meeting & chair
August 18th - Tahir will ask Tjerk to chair it - tbc
* Action: Tahir checks if Tjerk can chair it
<https://hackmd.io/ng83iugPTSaJVE6lJuWHfw#Open-Zaak-Technical-Steering-Group…>
Open Zaak Technical Steering Group meeting 2021-06-16
<https://hackmd.io/ng83iugPTSaJVE6lJuWHfw#Attendees>
Attendees
* Jan Ainali
* Joeri Bekker
* Anton Boerma
* Eric Herman (late)
* Sergei Maertens
* Tahir Malik
* Alba Roza
* Tjerk Vaags
<https://hackmd.io/ng83iugPTSaJVE6lJuWHfw#Agenda>
Agenda
* Intro
* Status of actions from previous meeting(s)
* Topics
* Next meeting & chair
* Actions
<https://hackmd.io/ng83iugPTSaJVE6lJuWHfw#Status-of-actions-from-previous-me…>
Status of actions from previous meeting(s)
* Followup PR for Alfresco test image (sergei, for next meeting)
* merged & part of the main branch now, all good
* GOVERNENCE file approval by PST (Joeri, bring up in PST)
* PST doesn’t want to approve - They see issues which need to be addressed by core team
* Agreed that we’ll remove the DRAFT version and set this to final. If needed in the future it can be revised again.
* Docker Hub paid plan (Joeri, bring up in PST)
* PST doesn’t want to approve - Not their role, more a core team issue
* Follow up on community plan application for Docker Hub (Tahir)
* Request done: Haven’t heard back
https://docs.google.com/forms/u/0/d/e/1FAIpQLSd11DjfgeaKSRdqp6Br85MzQQuM4ig…
<https://hackmd.io/ng83iugPTSaJVE6lJuWHfw#Other>
Other
Tahir indicated there is a test suite for DRC alone. Discussed is they will open up their repository on Gitlab
Nothing.
* not much happening w/r to development/bug fixing -> no releases scheduled atm
* DRC Tests (Document API)
* Agreed to set the Contezza gitlab repo open for public and create som documentations within Open Zaak under section Tools for testing
* Add it as a repo within VNG to test the standard
Two ideas from Joeri
* adding a CLI tool to drop the database content without dropping configuration (=clean slate). Accepted that it’s a good feature to have.
* Introduce workshops for suppliers on how to monitor Open Zaak & manage life-cycle & how to extend Open Zaak to achieve this with (your own) monitoring tools. Can possibly be developed further into a video format, but the TSG thinks this is useful.
<https://hackmd.io/ng83iugPTSaJVE6lJuWHfw#Next-chair-and-meeting>
Next chair and meeting
, next month on the 14th of juli and Sergei will be chair
<https://hackmd.io/ng83iugPTSaJVE6lJuWHfw#Actions>
Actions
* Response from Dockerhub
* Ideas for the workshop
* Add a pruning session on the 14th of juli
* Create a recurring session for the meeting
Met vriendelijke groet,
[cid:8c0ad0e4-641b-40f9-b30c-363143b67a0a]
Tahir Shazad Malik
email tahir.malik(a)contezza.nl<mailto:tahir.malik@contezza.nl>
mobile +31 (0)6 14 77 50 82
office +31 (0)848 68 89 02
website www.contezza.nl<http://www.contezza.nl>
[linkedIn]<https://www.linkedin.com/in/tsmalik/> [Twitter] <http://twitter.com/tahirshazad/>
Afwezig: vrijdag
Hello OpenZaak community,
The Foundation for Public Code hosts resources which you are welcome to use
for collaboration around OpenZaak.
As video conference calls are essential, we host a Jitsi Meet instance.
If you sign up for an account, you can create your own rooms for your
conf-calls.
Instructions can be found in the Jitsi Meet User Guide:
https://about.publiccode.net/activities/tool-management/jitsi-guides.html
Sign up and we'll approve you once we see the notification.
If you have questions, please reach out.
Cheers,
-Eric
--
Eric Herman, Lead codebase steward for quality
Foundation for Public Code | https://publiccode.netgithub.com/publiccodenet | github.com/ericherman
eric(a)publiccode.net | +31 620719662 | @Eric_Herman
Open Zaak Technical Steering Group meeting 2021-05-12Attendees
- Jan Ainali
- Joeri Bekker
- Anton Boerma
- Eric Herman
- Sergei Maertens
- Tahir Malik
- Alba Roza
- Tjerk Vaags
Agenda
- Intro
- Status fof actions from previous meeting(s)
- Topics
- Logging
- Codecov security issue
- Delete Zaaktypen and Zaken
- Drop NLX config support
- Other
- Next meeting & chair
- Actions
Status fof actions from previous meeting(s)
- Create repo for Alfresco test image (done, Sergei)
-
https://hub.docker.com/repository/docker/openzaak/alfresco-content-services
- https://hub.docker.com/repository/docker/openzaak/alfresco-share
- Review PR/code for Alfresco test image (Anton)
- Response: Looking good, minor feedback pending.
- PR to Open Zaak to swap out images is WIP/pending, check next TSG
meeting
- RTD access for Sergei (Joeri)
- Done
- GOVERNENCE file approval by PST (?)
- Assigned to Joeri for next meeting.
Logging
How to approach this?
Describe how its done now in Open Zaak and document how it could be
monitored (general/broad) and mention a few specific tools as example.
Can write to file and parse with log4j, or whatever. Using volume mounts
for example.
Codecov security issue
For auditlog, paid account Docker Hub.
at $7/member/month this would cost about $500/year with the current org
members.
Jan saw there's apparently an OS organization which we can apply for:
https://www.docker.com/community/open-source/application
TSG agrees this is a useful thing to have and are in favour of pursuing
this.
Joeri follows up with PST. Maybe 3 people are enough.
https://openzaak.org/en/news/2021-04-16-codecov-security-update/
As for the handling of the security issue, the team agrees it was handled
correctly.
Emails that require action shall get a [action required] prefix so the
importance is clear. e-mail inboxes are filled by a lot of automated emails
so it's easy to glance over them.
Delete Zaaktypen and Zaken
#979 <https://github.com/open-zaak/open-zaak/issues/979>
With archiving, the same issues exists when objects need to be destroyed.
It's a hard problem to get a full overview of the state (all zaaktypes and
all related zaken)
Reference implementation allows deletion of zaaktype and leaves zaken
without an existing zaaktype.
Should we make a proposal to disallow deletion of zaaktypen to VNG?
Maybe Zaaktypen should not be really deleted but archived (marked as
deleted)?
Maybe clean up archived zaaktypen later?
Mark them as deleted and propose this to VNG/VNG Archiving group (Digitaal
Vernietigen - Amsterdam, DH, Anton).
Maybe also suggest a process on how should be deleted.
Quick term: Mark as deleted (hide from lists in admin and api, detail
available, cannot create new zaken with this zaaktype) since its different
from VNG behaviour anyway. Then suggest to VNG.
Drop NLX config support
NLX deprecated/is dropping support for the TOML config files, so this will
be removed from Open Zaak.
Other
Nothing.
Next chair and meeting
Tahir, next month
Actions
- Followup PR for Alfresco test image (sergei, for next meeting)
- GOVERNENCE file approval by PST (Joeri, bring up in PST)
- Docker Hub paid plan (Joeri, bring up in PST)
- Follow up on community plan application for Docker Hub (Tahir)