Open Zaak Technical Steering Group meeting 2021-05-12

Attendees

•  Jan Ainali
•  Joeri Bekker
•  Anton Boerma
•  Eric Herman
•  Sergei Maertens
•  Tahir Malik
•  Alba Roza
•  Tjerk Vaags

Agenda

• Intro
• Status fof actions from previous meeting(s)
• Topics
  • Logging
  • Codecov security issue
  • Delete Zaaktypen and Zaken
  • Drop NLX config support
  • Other
• Next meeting & chair
• Actions

Status fof actions from previous meeting(s)

• Create repo for Alfresco test image (done, Sergei)
  • https://hub.docker.com/repository/docker/openzaak/alfresco-content-services
  • https://hub.docker.com/repository/docker/openzaak/alfresco-share
• Review PR/code for Alfresco test image (Anton)
  • Response: Looking good, minor feedback pending.
  • PR to Open Zaak to swap out images is WIP/pending, check next TSG meeting
• RTD access for Sergei (Joeri)
  • Done
• GOVERNENCE file approval by PST (?)
  • Assigned to Joeri for next meeting.

Logging

How to approach this?

Describe how its done now in Open Zaak and document how it could be monitored (general/broad) and mention a few specific tools as example.

Can write to file and parse with log4j, or whatever. Using volume mounts for example.

Codecov security issue

For auditlog, paid account Docker Hub.

at $7/member/month this would cost about $500/year with the current org
members.

Jan saw there's apparently an OS organization which we can apply for:
https://www.docker.com/community/open-source/application

TSG agrees this is a useful thing to have and are in favour of pursuing
this.

Joeri follows up with PST. Maybe 3 people are enough.

https://openzaak.org/en/news/2021-04-16-codecov-security-update/

As for the handling of the security issue, the team agrees it was handled correctly.

Emails that require action shall get a [action required] prefix so the
importance is clear. e-mail inboxes are filled by a lot of automated emails so it's easy to glance over them.

Delete Zaaktypen and Zaken

#979

With archiving, the same issues exists when objects need to be destroyed. It's a hard problem to get a full overview of the state (all zaaktypes and all related zaken)

Reference implementation allows deletion of zaaktype and leaves zaken without an existing zaaktype.

Should we make a proposal to disallow deletion of zaaktypen to VNG?
Maybe Zaaktypen should not be really deleted but archived (marked as deleted)?
Maybe clean up archived zaaktypen later?

Mark them as deleted and propose this to VNG/VNG Archiving group (Digitaal Vernietigen - Amsterdam, DH, Anton).

Maybe also suggest a process on how should be deleted.

Quick term: Mark as deleted (hide from lists in admin and api, detail available, cannot create new zaken with this zaaktype) since its different from VNG behaviour anyway. Then suggest to VNG.

Drop NLX config support

NLX deprecated/is dropping support for the TOML config files, so this will
be removed from Open Zaak.

Other

Nothing.

Next chair and meeting

Tahir, next month

Actions

• Followup PR for Alfresco test image (sergei, for next meeting)
• GOVERNENCE file approval by PST (Joeri, bring up in PST)
• Docker Hub paid plan (Joeri, bring up in PST)
• Follow up on community plan application for Docker Hub (Tahir)