Open Zaak Technical Steering Group meeting 2021-05-12Attendees - Jan Ainali - Joeri Bekker - Anton Boerma - Eric Herman - Sergei Maertens - Tahir Malik - Alba Roza - Tjerk Vaags Agenda - Intro - Status fof actions from previous meeting(s) - Topics - Logging - Codecov security issue - Delete Zaaktypen and Zaken - Drop NLX config support - Other - Next meeting & chair - Actions Status fof actions from previous meeting(s) - Create repo for Alfresco test image (done, Sergei) - https://hub.docker.com/repository/docker/openzaak/alfresco-content-services - https://hub.docker.com/repository/docker/openzaak/alfresco-share - Review PR/code for Alfresco test image (Anton) - Response: Looking good, minor feedback pending. - PR to Open Zaak to swap out images is WIP/pending, check next TSG meeting - RTD access for Sergei (Joeri) - Done - GOVERNENCE file approval by PST (?) - Assigned to Joeri for next meeting. Logging How to approach this? Describe how its done now in Open Zaak and document how it could be monitored (general/broad) and mention a few specific tools as example. Can write to file and parse with log4j, or whatever. Using volume mounts for example. Codecov security issue For auditlog, paid account Docker Hub. at $7/member/month this would cost about $500/year with the current org members. Jan saw there's apparently an OS organization which we can apply for: https://www.docker.com/community/open-source/application TSG agrees this is a useful thing to have and are in favour of pursuing this. Joeri follows up with PST. Maybe 3 people are enough. https://openzaak.org/en/news/2021-04-16-codecov-security-update/ As for the handling of the security issue, the team agrees it was handled correctly. Emails that require action shall get a [action required] prefix so the importance is clear. e-mail inboxes are filled by a lot of automated emails so it's easy to glance over them. Delete Zaaktypen and Zaken #979 <https://github.com/open-zaak/open-zaak/issues/979> With archiving, the same issues exists when objects need to be destroyed. It's a hard problem to get a full overview of the state (all zaaktypes and all related zaken) Reference implementation allows deletion of zaaktype and leaves zaken without an existing zaaktype. Should we make a proposal to disallow deletion of zaaktypen to VNG? Maybe Zaaktypen should not be really deleted but archived (marked as deleted)? Maybe clean up archived zaaktypen later? Mark them as deleted and propose this to VNG/VNG Archiving group (Digitaal Vernietigen - Amsterdam, DH, Anton). Maybe also suggest a process on how should be deleted. Quick term: Mark as deleted (hide from lists in admin and api, detail available, cannot create new zaken with this zaaktype) since its different from VNG behaviour anyway. Then suggest to VNG. Drop NLX config support NLX deprecated/is dropping support for the TOML config files, so this will be removed from Open Zaak. Other Nothing. Next chair and meeting Tahir, next month Actions - Followup PR for Alfresco test image (sergei, for next meeting) - GOVERNENCE file approval by PST (Joeri, bring up in PST) - Docker Hub paid plan (Joeri, bring up in PST) - Follow up on community plan application for Docker Hub (Tahir)