From sara at sinodun.com  Wed Apr  3 15:21:32 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Wed, 3 Apr 2013 16:21:32 +0100
Subject: [Opendnssec-develop] More on OpenDNSSEC versions... Support policy
	and 1.5 anyone?
Message-ID: <B70F1BDE-B95F-4CE0-8629-23CA9D7EC435@sinodun.com>

Hi All, 

In the team meeting last week we had some more detailed discussion about the impact of the change in versioning scheme as recently agreed. 

1. Support for older versions

The consensus was that a significant portion of the user community will stay on 1.3 for the foreseeable future and that we should consider declaring it a Long Term Support release (following the Ubuntu model).  

- It was proposed that in practice this would mean committing to providing support (i.e. bug fixes only) for 1.3 for at least 1 year after 2.0 is released (assuming 2.0 is the next LTS). 
- 1.4 and any other 1.X minor releases would be 'standard releases'. 
- Support for standard releases would be something like N months (6,12?) following the subsequent release.

I think it would be helpful to the users if we could clarify our support policy when we describe the versioning change with the 1.4 release. So the key questions are:
Q: Does everyone agree with the principle of making 1.3 a LTS release?
Q: Does anyone have a specific opinion on what support we should provide for our standard releases?


2. Should we plan a 1.5 release?

The timeline for 2.0 is currently uncertain and in particular I think the testing effort required is very hard to quantify. So with only bug fixes going into 1.4 under the new scheme, the question becomes whether we should actively plan a 1.5 release or focus solely on 2.0. 

A 1.5 release would probably consist of a number of minor developments e.g. 

https://issues.opendnssec.org/issues/?jql=project%20%3D%20OPENDNSSEC%20AND%20labels%20%3D%20%221.5%3F%22%20ORDER%20BY%20assignee%20DESC

aimed at optimising existing functionality for users of 1.4 (several being based on user requests). As long as we effectively manage the scope then this kind of release should be straightforward to plan, test and release on a defined timescale e.g. 6 months. It would mean continued minor developments on the existing enforcer code that would then needed porting to 2.0 though. For what it is worth I believe a 1.5 release would provide value to 1.4 users for a relatively small overhead and mitigate a 'big bang' feel beyond 1.4. Feedback from the board is much appreciated on this :-)

Sara.



From roland.vanrijswijk at surfnet.nl  Thu Apr  4 05:59:00 2013
From: roland.vanrijswijk at surfnet.nl (Roland van Rijswijk)
Date: Thu, 4 Apr 2013 07:59:00 +0200 (CEST)
Subject: [Opendnssec-develop] Re: More on OpenDNSSEC versions... Support
	policy and 1.5 anyone?
In-Reply-To: <B70F1BDE-B95F-4CE0-8629-23CA9D7EC435@sinodun.com>
References: <B70F1BDE-B95F-4CE0-8629-23CA9D7EC435@sinodun.com>
Message-ID: <6432FDCE-C934-4CEF-957D-A00F49723B90@surfnet.nl>

Hi Sara,

Op 3 apr. 2013 om 17:21 heeft Sara Dickinson <sara at sinodun.com> het volgende geschreven:

> In the team meeting last week we had some more detailed discussion about the impact of the change in versioning scheme as recently agreed. 
> 
> 1. Support for older versions
> 
> The consensus was that a significant portion of the user community will stay on 1.3 for the foreseeable future and that we should consider declaring it a Long Term Support release (following the Ubuntu model).  
> 
> - It was proposed that in practice this would mean committing to providing support (i.e. bug fixes only) for 1.3 for at least 1 year after 2.0 is released (assuming 2.0 is the next LTS). 
> - 1.4 and any other 1.X minor releases would be 'standard releases'. 
> - Support for standard releases would be something like N months (6,12?) following the subsequent release.
> 
> I think it would be helpful to the users if we could clarify our support policy when we describe the versioning change with the 1.4 release. So the key questions are:
> Q: Does everyone agree with the principle of making 1.3 a LTS release?

+1, also with my operational hat on: we'll be sticking with 1.3 for a while

> Q: Does anyone have a specific opinion on what support we should provide for our standard releases?

Given the time it has taken us in the past to release .x versions, it seems reasonable to support them for up to one year.

> 2. Should we plan a 1.5 release?
> 
> The timeline for 2.0 is currently uncertain and in particular I think the testing effort required is very hard to quantify. So with only bug fixes going into 1.4 under the new scheme, the question becomes whether we should actively plan a 1.5 release or focus solely on 2.0. 
> 
> A 1.5 release would probably consist of a number of minor developments e.g. 
> 
> https://issues.opendnssec.org/issues/?jql=project%20%3D%20OPENDNSSEC%20AND%20labels%20%3D%20%221.5%3F%22%20ORDER%20BY%20assignee%20DESC
> 
> aimed at optimising existing functionality for users of 1.4 (several being based on user requests). As long as we effectively manage the scope then this kind of release should be straightforward to plan, test and release on a defined timescale e.g. 6 months. It would mean continued minor developments on the existing enforcer code that would then needed porting to 2.0 though. For what it is worth I believe a 1.5 release would provide value to 1.4 users for a relatively small overhead and mitigate a 'big bang' feel beyond 1.4. Feedback from the board is much appreciated on this :-)

In my opinion we should focus on 2.0; past experience with co-development going on on 1.4 and 2.0 has shown that the focus tends to shift to the closer goal (1.4 in that case). That was good since 1.4 needed the attention but I feel that if we don't now pick up on 2.0 it may end up on the back burner which would be a shame given all the effort that has gone in to it so far.

Those are my two cents ;-)

Cheers,

Roland

From jakob at kirei.se  Thu Apr  4 06:10:27 2013
From: jakob at kirei.se (Jakob Schlyter)
Date: Thu, 4 Apr 2013 08:10:27 +0200
Subject: [Opendnssec-develop] Re: More on OpenDNSSEC versions... Support
	policy and 1.5 anyone?
In-Reply-To: <6432FDCE-C934-4CEF-957D-A00F49723B90@surfnet.nl>
References: <B70F1BDE-B95F-4CE0-8629-23CA9D7EC435@sinodun.com>
	<6432FDCE-C934-4CEF-957D-A00F49723B90@surfnet.nl>
Message-ID: <EA9C5D9F-B536-492C-9D4A-7A366BDF93E4@kirei.se>

On 4 apr 2013, at 07:59, Roland van Rijswijk <roland.vanrijswijk at surfnet.nl> wrote:

> In my opinion we should focus on 2.0; past experience with co-development going on on 1.4 and 2.0 has shown that the focus tends to shift to the closer goal (1.4 in that case). That was good since 1.4 needed the attention but I feel that if we don't now pick up on 2.0 it may end up on the back burner which would be a shame given all the effort that has gone in to it so far.

+1

	jakob


-- 
Jakob Schlyter
Kirei AB - www.kirei.se





From yuri at nlnetlabs.nl  Thu Apr  4 09:43:43 2013
From: yuri at nlnetlabs.nl (Yuri Schaeffer)
Date: Thu, 04 Apr 2013 11:43:43 +0200
Subject: [Opendnssec-develop] Re: More on OpenDNSSEC versions... Support
	policy and 1.5 anyone?
In-Reply-To: <6432FDCE-C934-4CEF-957D-A00F49723B90@surfnet.nl>
References: <B70F1BDE-B95F-4CE0-8629-23CA9D7EC435@sinodun.com>
	<6432FDCE-C934-4CEF-957D-A00F49723B90@surfnet.nl>
Message-ID: <515D4B4F.9080006@nlnetlabs.nl>


> In my opinion we should focus on 2.0; past experience with
> co-development going on on 1.4 and 2.0 has shown that the focus tends
> to shift to the closer goal (1.4 in that case).

Absolutely!


From rick at openfortress.nl  Thu Apr  4 10:01:21 2013
From: rick at openfortress.nl (Rick van Rein (OpenFortress))
Date: Thu, 4 Apr 2013 12:01:21 +0200
Subject: [Opendnssec-develop] More on OpenDNSSEC versions... Support
	policy and 1.5 anyone?
In-Reply-To: <6432FDCE-C934-4CEF-957D-A00F49723B90@surfnet.nl>
References: <B70F1BDE-B95F-4CE0-8629-23CA9D7EC435@sinodun.com>
	<6432FDCE-C934-4CEF-957D-A00F49723B90@surfnet.nl>
Message-ID: <ABA9D7EB-760F-4E18-B078-D9D31D3D8753@openfortress.nl>

Hi,

> In my opinion we should focus on 2.0; past experience with co-development going on on 1.4 and 2.0 has shown that the focus tends to shift to the closer goal (1.4 in that case). That was good since 1.4 needed the attention but I feel that if we don't now pick up on 2.0 it may end up on the back burner which would be a shame given all the effort that has gone in to it so far.

+1

Given the limited time available to developers I think I was right in the first place to raise the importance of 2.0 for the project.  It is our way out of a difficult-to-maintain KASP Enforcer.

-Rick

From sara at sinodun.com  Thu Apr  4 15:00:02 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Thu, 4 Apr 2013 16:00:02 +0100
Subject: [Opendnssec-develop] RE: Jenkins email notifications
Message-ID: <BD98D3CB-9D39-4C7F-B7A6-6969A26A0367@sinodun.com>

Hi All, 

I've been meaning to ask for a while how useful people are finding the email notifications from jenkins. It is currently set up to send emails on a job/platform basis which can result in ~15 emails when one job fails everywhere, and then another 15 when it is fixed. The emails do contain a lot of useful information but personally I find the quantity a bit much (they don't thread with the current subject settings). 

I would like to try out switching the setup to send a single email per job which will contain information about which platform(s) failed but not the details of what failed (see below for an example). Since we have the groovy junit test results page set up in jenkins now I don't think this is much of a problem as it is easy to see the details via the web page. I would like to make the change tomorrow and see how it works out unless anyone thinks this is a bad idea. 

I've also changed the subject format slightly so the build status is the first item in the subject line so it is easier to see at a glance if the mail is for fixed or failed. If anyone has any other suggestions please let me know!

Thanks

Sara. 

> From: jenkins at opendnssec.org
> Date: 4 April 2013 14:25:46 GMT+01:00
> To: sara at sinodun.com
> Subject: Successful: email-test - Build # 2
> 
> email-test - Build # 2 - Successful:
> 
> Check console output at https://jenkins.opendnssec.org/job/email-test/2/ to view the results.
> 
> FAILED UNIT TESTS:
> No tests ran.
> 
> BUILD LOG:
> Started by user Sara Dickinson
> Building on master in workspace /var/lib/jenkins/jobs/email-test/workspace
> No emails were triggered.
> Triggering debian64-ods01
> Triggering openbsd64-ods10
> Triggering solaris-ods07
> Triggering centos32-ods13
> Triggering suse64-ods11
> Triggering redhat64-ods08
> Triggering netbsd64-ods09
> Triggering sl64-ods04
> Triggering freebsd64-ods06
> Triggering ubuntu32-ods12
> Triggering freebsd32-ods15
> Triggering opensuse32-ods14
> Triggering ubuntu12-amd64-ods03
> Triggering opensuse64-ods05
> Triggering ubuntu64-ods02
> debian64-ods01 completed with result SUCCESS
> openbsd64-ods10 completed with result SUCCESS
> solaris-ods07 completed with result SUCCESS
> centos32-ods13 completed with result SUCCESS
> suse64-ods11 completed with result SUCCESS
> redhat64-ods08 completed with result SUCCESS
> netbsd64-ods09 completed with result SUCCESS
> sl64-ods04 completed with result SUCCESS
> freebsd64-ods06 completed with result SUCCESS
> ubuntu32-ods12 completed with result SUCCESS
> freebsd32-ods15 completed with result SUCCESS
> opensuse32-ods14 completed with result SUCCESS
> ubuntu12-amd64-ods03 completed with result SUCCESS
> opensuse64-ods05 completed with result SUCCESS
> ubuntu64-ods02 completed with result SUCCESS
> Email was triggered for: Success
> Sending email for trigger: Success


From sion at nominet.org.uk  Fri Apr  5 09:55:26 2013
From: sion at nominet.org.uk (=?ISO-8859-1?Q?Si=F4n_Lloyd?=)
Date: Fri, 5 Apr 2013 10:55:26 +0100
Subject: [Opendnssec-develop] More on OpenDNSSEC versions... Support policy
	and 1.5 anyone?
In-Reply-To: <ABA9D7EB-760F-4E18-B078-D9D31D3D8753@openfortress.nl>
References: <B70F1BDE-B95F-4CE0-8629-23CA9D7EC435@sinodun.com>
	<6432FDCE-C934-4CEF-957D-A00F49723B90@surfnet.nl>
	<ABA9D7EB-760F-4E18-B078-D9D31D3D8753@openfortress.nl>
Message-ID: <515E9F8E.1090201@nominet.org.uk>

On 04/04/13 11:01, Rick van Rein (OpenFortress) wrote:
> Hi,
>
>> In my opinion we should focus on 2.0; past experience with co-development going on on 1.4 and 2.0 has shown that the focus tends to shift to the closer goal (1.4 in that case). That was good since 1.4 needed the attention but I feel that if we don't now pick up on 2.0 it may end up on the back burner which would be a shame given all the effort that has gone in to it so far.
> +1
>
> Given the limited time available to developers I think I was right in the first place to raise the importance of 2.0 for the project.  It is our way out of a difficult-to-maintain KASP Enforcer.
>

-1

This would not only freeze the enforcer but would also freeze the
signer; and development of the signer does not remove any resources from
enforcer-ng as I understand it. (We may well get feature requests as
people use the new adapters.)

I also think that with proper curation the list of improvements to the
enforcer can be kept to a minimum; but could prove useful to many users.

I realise the score is still +3.

Sion


From rick at openfortress.nl  Fri Apr  5 10:14:12 2013
From: rick at openfortress.nl (Rick van Rein (OpenFortress))
Date: Fri, 5 Apr 2013 12:14:12 +0200
Subject: [Opendnssec-develop] More on OpenDNSSEC versions... Support
	policy and 1.5 anyone?
In-Reply-To: <515E9F8E.1090201@nominet.org.uk>
References: <B70F1BDE-B95F-4CE0-8629-23CA9D7EC435@sinodun.com>
	<6432FDCE-C934-4CEF-957D-A00F49723B90@surfnet.nl>
	<ABA9D7EB-760F-4E18-B078-D9D31D3D8753@openfortress.nl>
	<515E9F8E.1090201@nominet.org.uk>
Message-ID: <1023490C-9215-44C9-AB32-B25CFA982127@openfortress.nl>

Hi,

> This would not only freeze the enforcer but would also freeze the
> signer; and development of the signer does not remove any resources from
> enforcer-ng as I understand it. (We may well get feature requests as
> people use the new adapters.)

A sensible remark.

> I also think that with proper curation the list of improvements to the
> enforcer can be kept to a minimum; but could prove useful to many users.

OK, you are the best one to judge that.

> I realise the score is still +3.

Maybe your vote counts heavier than just 1 on the matter of KASP maintenance...

-Rick



From yuri at nlnetlabs.nl  Fri Apr  5 11:26:50 2013
From: yuri at nlnetlabs.nl (Yuri Schaeffer)
Date: Fri, 05 Apr 2013 13:26:50 +0200
Subject: [Opendnssec-develop] RE: Jenkins email notifications
In-Reply-To: <BD98D3CB-9D39-4C7F-B7A6-6969A26A0367@sinodun.com>
References: <BD98D3CB-9D39-4C7F-B7A6-6969A26A0367@sinodun.com>
Message-ID: <515EB4FA.4080107@nlnetlabs.nl>

On 04-04-13 17:00, Sara Dickinson wrote:
> I've also changed the subject format slightly so the build status is
> the first item in the subject line so it is easier to see at a glance
> if the mail is for fixed or failed. If anyone has any other
> suggestions please let me know!

Thanks Sara! That's helpful.

Additionally I started using the follow script yesterday to persistently
insult me every 10 minutes when the enforcer NG is broken. Tested on
gnome3. Add profanity to taste.

---

#!/usr/bin/env python

import feedparser
import sys, os, time

time.sleep(15) #make sure notify daemon started

import pynotify

URL =
"https://jenkins.opendnssec.org/job/build-opendnssec-enforcer-ng/rssAll"
STATUS = {"stable":0, "normal":1, "broken":2}
IMG  = "/home/yuri/.ods-build-notify.png"

def status(title):
	for k,v in STATUS.iteritems():
		if title.find(k) >= 0:
			return v,k
	print("Fix you damned program")
	sys.exit(1)

pynotify.init("ods-build")

s = 0
while True:
	feed = feedparser.parse(URL)
	title = feed["items"][0].title
	state, desc = status(title)
	
	if s == 2 and state == 1:
		# only notify once
		n = pynotify.Notification("The build is now fixed", title, IMG)
		n.show()
	elif state == 2:
		n = pynotify.Notification("You broke the build, bud!", title, IMG)
		n.set_urgency(pynotify.URGENCY_CRITICAL)
		n.add_action("a", "I'll fix it now!", str)
		n.add_action("a", "I'll fix it now!", str)
		n.show()
	s = state
	time.sleep(600)


From sara at sinodun.com  Sat Apr  6 13:31:13 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Sat, 6 Apr 2013 14:31:13 +0100
Subject: [Opendnssec-develop] More on OpenDNSSEC versions... Support
	policy and 1.5 anyone?
In-Reply-To: <1023490C-9215-44C9-AB32-B25CFA982127@openfortress.nl>
References: <B70F1BDE-B95F-4CE0-8629-23CA9D7EC435@sinodun.com>
	<6432FDCE-C934-4CEF-957D-A00F49723B90@surfnet.nl>
	<ABA9D7EB-760F-4E18-B078-D9D31D3D8753@openfortress.nl>
	<515E9F8E.1090201@nominet.org.uk>
	<1023490C-9215-44C9-AB32-B25CFA982127@openfortress.nl>
Message-ID: <A72732E4-4FA1-4F30-804B-CA9A34D55C92@sinodun.com>


On 5 Apr 2013, at 11:14, Rick van Rein (OpenFortress) wrote:

> Hi,
> 
>> This would not only freeze the enforcer but would also freeze the
>> signer; and development of the signer does not remove any resources from
>> enforcer-ng as I understand it. (We may well get feature requests as
>> people use the new adapters.)
> 
> A sensible remark.
> 
>> I also think that with proper curation the list of improvements to the
>> enforcer can be kept to a minimum; but could prove useful to many users.
> 
> OK, you are the best one to judge that.
> 

Just to be clear - the intention was that the 1.5 release would take about as much development effort/resources as went into maintaining 1.3 (which has had both bug fixes and minor developments since 1.3.0) - it is just that the work is split across branches because of the new versioning scheme. 

Sara.



From sara at sinodun.com  Mon Apr  8 09:12:49 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Mon, 8 Apr 2013 10:12:49 +0100
Subject: [Opendnssec-develop] RE: Team meeting - Tuesday 9 April @ 14:00 CET
Message-ID: <FB08B114-AAE8-4D95-8365-06F4409C07CB@sinodun.com>

Hi All, 

We have a team meeting tomorrow:

Date:      Tuesday 9 April 2013
Time:      14:00-15:00 CET, 13:00-14:00 GMT
Method:  Google+
Agenda:  https://wiki.opendnssec.org/display/OpenDNSSEC/2013-04-09+Agenda

I'll send out the results of the user survey on 1.4 on Tuesday morning so we can discuss in the meeting.

Sara.

From jerry at opendnssec.org  Mon Apr  8 14:05:21 2013
From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=)
Date: Mon, 8 Apr 2013 16:05:21 +0200
Subject: [Opendnssec-develop] Maintenance of dist.opendnssec.org and SVN
	tomorrow 9/4 Tuesday 14:30-15:00 CET
Message-ID: <D0499939-BF50-4381-A4A5-8BD94478FC82@opendnssec.org>

Hi,

Need to do some maintenance on dist/SVN tomorrow. Please don't use SVN during this time.

--
Jerry Lundstr?m - OpenDNSSEC Developer
http://www.opendnssec.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20130408/bfc919bd/attachment.bin>

From jerry at opendnssec.org  Tue Apr  9 12:44:47 2013
From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=)
Date: Tue, 9 Apr 2013 14:44:47 +0200
Subject: [Opendnssec-develop] Re: Maintenance of dist.opendnssec.org and SVN
	tomorrow 9/4 Tuesday 14:30-15:00 CET
In-Reply-To: <D0499939-BF50-4381-A4A5-8BD94478FC82@opendnssec.org>
References: <D0499939-BF50-4381-A4A5-8BD94478FC82@opendnssec.org>
Message-ID: <B2DCD3B0-24EE-4481-8577-950C3B7EE6AC@opendnssec.org>

On Apr 8, 2013, at 16:05 , Jerry Lundstr?m wrote:

> Need to do some maintenance on dist/SVN tomorrow. Please don't use SVN during this time.


All done.

--
Jerry Lundstr?m - OpenDNSSEC Developer
http://www.opendnssec.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20130409/a50e807a/attachment.bin>

From sara at sinodun.com  Tue Apr  9 15:54:43 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Tue, 9 Apr 2013 16:54:43 +0100
Subject: [Opendnssec-develop] RE: Documentation for new versioning scheme
	and support policy
Message-ID: <40995441-E7FC-4A3E-96A4-20D23FFE0C47@sinodun.com>

Hi All, 

As discussed in the meeting today I have written up a wiki page describing the new policies as recently agreed: 

https://wiki.opendnssec.org/pages/viewpage.action?pageId=3211964

Please review the wording and let me know if you have any issues or suggestions. (It will replace the text currently on this page: https://wiki.opendnssec.org/display/OpenDNSSEC/Release+Management+Process). 

Once everyone is happy with this then it will be emailed to the users list for feedback and will be linked from the 1.4 documentation. 

Regards

Sara. 



From rick at openfortress.nl  Tue Apr  9 17:42:22 2013
From: rick at openfortress.nl (Rick van Rein (OpenFortress))
Date: Tue, 9 Apr 2013 19:42:22 +0200
Subject: [Opendnssec-develop] RE: Documentation for new versioning scheme
	and support policy
In-Reply-To: <40995441-E7FC-4A3E-96A4-20D23FFE0C47@sinodun.com>
References: <40995441-E7FC-4A3E-96A4-20D23FFE0C47@sinodun.com>
Message-ID: <2825F935-731E-4040-802B-4D854F57A6BB@openfortress.nl>

Hey,

> As discussed in the meeting today I have written up a wiki page describing the new policies as recently agreed: 
> 
> https://wiki.opendnssec.org/pages/viewpage.action?pageId=3211964

Looks good.  One thing is missing which we take it for granted but new users might not, and that is the meaning of the third level of numbering.  We expect people to upgrade to a later one along that 3rd level stretch, and to make that pretty reliable we will not add features but merely patch bugs.

Cheers,
 -Rick




From rick at openfortress.nl  Tue Apr  9 17:45:31 2013
From: rick at openfortress.nl (Rick van Rein (OpenFortress))
Date: Tue, 9 Apr 2013 19:45:31 +0200
Subject: [Opendnssec-develop] Documentation for new versioning scheme and
	support policy
In-Reply-To: <2825F935-731E-4040-802B-4D854F57A6BB@openfortress.nl>
References: <40995441-E7FC-4A3E-96A4-20D23FFE0C47@sinodun.com>
	<2825F935-731E-4040-802B-4D854F57A6BB@openfortress.nl>
Message-ID: <FA025EAE-4520-465D-9D6B-6397E8D1DC18@openfortress.nl>

Oh,

> Looks good.  One thing is missing which we take it for granted but new users might not, and that is the meaning of the third level of numbering.  We expect people to upgrade to a later one along that 3rd level stretch, and to make that pretty reliable we will not add features but merely patch bugs.

Excuse me.  I read diagonally accross the <patch> elsewhere on the page, and was assuming it'd show up under Maintenance of Old Releases.

All that remains then is "Looks good."

-Rick

From matthijs at nlnetlabs.nl  Wed Apr 10 07:03:02 2013
From: matthijs at nlnetlabs.nl (Matthijs Mekking)
Date: Wed, 10 Apr 2013 09:03:02 +0200
Subject: [Opendnssec-develop] RE: Documentation for new versioning scheme
	and support policy
In-Reply-To: <40995441-E7FC-4A3E-96A4-20D23FFE0C47@sinodun.com>
References: <40995441-E7FC-4A3E-96A4-20D23FFE0C47@sinodun.com>
Message-ID: <51650EA6.9020001@nlnetlabs.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

No issues or suggestions from my side. The text is clear to me.

Best regards,
  Matthijs

On 04/09/2013 05:54 PM, Sara Dickinson wrote:
> Hi All,
> 
> As discussed in the meeting today I have written up a wiki page
> describing the new policies as recently agreed:
> 
> https://wiki.opendnssec.org/pages/viewpage.action?pageId=3211964
> 
> Please review the wording and let me know if you have any issues or
> suggestions. (It will replace the text currently on this page:
> https://wiki.opendnssec.org/display/OpenDNSSEC/Release+Management+Process).
> 
> 
> Once everyone is happy with this then it will be emailed to the
> users list for feedback and will be linked from the 1.4
> documentation.
> 
> Regards
> 
> Sara.
> 
> _______________________________________________ Opendnssec-develop
> mailing list Opendnssec-develop at lists.opendnssec.org 
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJRZQ6jAAoJEA8yVCPsQCW5NP8IAJlOyYDqf/lK9OSxecPN3ryV
l9YZzuQYVHm1Q+Uko/zdIwlmkv0jr8TKagfdyrIbIf8MN4wYR5rWmOHMGs+8Ysp8
Y4ofFIw1aLV4fJYrwJ3TZqDZILWD0+KL5hRS5MBJrt3/kAf6WqneMN0Gmv8fxtc9
LcZi1hBOAgdBV3TYwpDs2rRpvYNwEWQ1jedIo5vTbw3DMdhDvOXEVbLopOeoi+xb
rRAt5uf7CMTjjXX3a53Rc9Sqenxu9QUPgnjec6+UHYG2Xg5/9ZKkuKgITGPfXxbi
ouXtwNP0XiTAU6puN4ewUu9f5k0DA4fDuGnDJkfOewwhcrL6UNBoQcKba51pCWs=
=ABEf
-----END PGP SIGNATURE-----


From sara at sinodun.com  Wed Apr 10 11:17:48 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Wed, 10 Apr 2013 12:17:48 +0100
Subject: [Opendnssec-develop] RE: Documentation for 1.4
Message-ID: <6DBB1783-DD55-4131-BE63-3EBF02A7FF84@sinodun.com>

Hi All, 

With the full release of 1.4 around the corner could everyone just do a quick check to make sure that any changes they wanted to make to the 1.4 documentation are in place:

https://wiki.opendnssec.org/display/DOCSTRUNK/OpenDNSSEC+Documentation+Home

(I'll generate new PDFs for download from the web pages just prior to the release).

Thanks

Sara.



From sara at sinodun.com  Wed Apr 10 12:18:38 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Wed, 10 Apr 2013 13:18:38 +0100
Subject: [Opendnssec-develop] RE: 1.4.0 release 
Message-ID: <C544FD6F-E593-46B0-9383-E72542F5CE25@sinodun.com>

Hi All, 

Just a follow up from the meeting yesterday. We had 2 queries outstanding for the 1.4 release:

- enforcer problems reported by Paul Wouters on the user list. Paul is still running the rc2 code base i.e. with the multi-threaded enforcer code so we have recommended he upgrade.

- validns reporting a broken NSEC3 chain for a signed zone. Matthijs has confirmed that this is a bug in validns due to unsupported records not an OpenDNSSEC issue.

So pending any further feedback/issues I will write to the developer list again next week (when Matthijs is back from holiday) to review the decision to go ahead with a 1.4.0 production release. 

Regards

Sara.

From matthijs at nlnetlabs.nl  Wed Apr 10 12:38:17 2013
From: matthijs at nlnetlabs.nl (Matthijs Mekking)
Date: Wed, 10 Apr 2013 14:38:17 +0200
Subject: [Opendnssec-develop] Re: [validns-users] NSEC3 and unsupported RR
	types
In-Reply-To: <20130410115653.GD64976@heechee.tobez.org>
References: <51654B1F.5040005@nlnetlabs.nl>
	<20130410115653.GD64976@heechee.tobez.org>
Message-ID: <51655D39.109@nlnetlabs.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/10/2013 01:56 PM, Anton Berezin wrote:
> Hi,
> 
> On Wed, Apr 10, 2013 at 01:21:03PM +0200, Matthijs Mekking wrote:
> 
>> We are planning to use validns in our test scripts, as we believe
>> it is good to validate zones with a different code base than the
>> signer. We see one test failing. The zone in question covers all
>> RR types.
>> 
>> First, the zone also includes all obsoleted RR types and validns
>> does not support those. Second, it complains about a broken NSEC3
>> chain. I don't know if the two have correlation.
> 
> Yes, lsjuf2e6mg5p2lhd4ifn9j1d0tau9v6m NSEC3 was not parsed
> correctly due to all the unsupported RR types it mentions, so I
> think there is only one real problem - unsupported RR types.
> 
> I'll see about adding support for them.

Cool. Thanks a lot.

> 
> Do you mind if I include your wonderfully convoluted zone into my
> own test suite?

Not at all :)

Best regards,
  Matthijs

> 
> Cheers, \Anton.
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJRZV04AAoJEA8yVCPsQCW5oVoIAJfgbUwMSzPLogiYRKRfgDmB
vNBRLXvdJVC0J47q28x2Yp38Y8z/ZkC3OYXXBFchbb4a4YVOU0PVM3DscERtMM/V
/rs8y8AygEy33d/bxY3Qtg04jsqsOLiZYP3B+8+X0I1WXTc1IQiph81irMioWeky
VT+WPPSx8o0+NNKaAjLfYp7/JyIIVMxmhch7y6K8OxEdfFjG+VI3+5spssmhXd8A
Qm7EPDfxu/3sqjMUCADm/sKDHIw3nYrUcQjEP/7duMAOGAjk9Lc/NqYULt9m0ghY
dNonr1X3e/reKrasolqBEx3cDH/fTN8VBrnck4Gh2HrtbPmx1cksgQXFBudZveo=
=StsA
-----END PGP SIGNATURE-----


From jerry at opendnssec.org  Wed Apr 10 18:25:15 2013
From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=)
Date: Wed, 10 Apr 2013 20:25:15 +0200
Subject: [Opendnssec-develop] Fwd: [Opendnssec-maintainers] supported
	sqlite3 version
References: <5165ACC4.3030800@redhat.com>
Message-ID: <3578459610276473334@unknownmsgid>

Did we not discuss having mysql as primary db? That would solve all issues
with dists not having the right sqlite version.

/Jerry

Begin forwarded message:

*From:* Paul Wouters <pwouters at redhat.com>
*Date:* 10 april 2013 20:17:40 CEST
*To:* opendnssec-maintainers at lists.opendnssec.org
*Subject:* *Re: [Opendnssec-maintainers] supported sqlite3 version*

On 04/10/2013 08:16 AM, John Dickinson wrote:

The OpenDNSSEC developers would like your input on the impact of changing
the required version of sqlite3 in future releases of OpenDNSSEC (v1.3,
v1.4 and v2). Currently the enforcer checks for at least sqlite3 >= 3.3.9
which is very old.


We would like to raise this requirement to sqlite3 >= 3.7.0 as this would
allow us to:

1. Enforce foreign key constraints. http://www.sqlite.org/foreignkeys.html

2. Make use of the WAL to better handle locking issues.
http://www.sqlite.org/wal.html


Impact of this change:


RHEL and derivatives ship with 3.6.20

Ubuntu 10.04 LTS ships with 3.6.22


Users of these OS's would need to install/upgrade sqlite3. Users on recent
*BSD or Solaris 11 should be OK.


That is a nightmare because you'd have to create an sqlite36 package or an
sqlite37 package that installs in a non-default location to avoid affecting
other software that cannot use 3.7 due to possible API changes. It will not
be possible to ship such a version of opendnssec in EPEL-6 as we currently
do.

I would recommend waiting for RHEL and ubuntu LTS to be upgraded before
demanding this switch. RHEL-7 will have sqlite 3.7.x.

Related, opendnssec won't be able to get into RHEL-6 properly (as opposed
to being in EPEL-6) as long as it uses a non-approved/non-certified crypto
library (botan). The only allowed crypto libraries are nss, openssl and
libgcrypt.

Paul

_______________________________________________
Opendnssec-maintainers mailing list
Opendnssec-maintainers at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-maintainers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20130410/561e6752/attachment.htm>

From rick at openfortress.nl  Thu Apr 11 11:22:51 2013
From: rick at openfortress.nl (Rick van Rein (OpenFortress))
Date: Thu, 11 Apr 2013 13:22:51 +0200
Subject: [Opendnssec-develop] Minutes of 2013-04-09
Message-ID: <2953363A-1B78-45B5-B1A9-BF1D1EE6C6CD@openfortress.nl>

Hello,

I have just posted the minutes of our last meeting at https://wiki.opendnssec.org/display/OpenDNSSEC/2013-04-09+Minutes

If you want things changed: either jump in yourself or ask me to do it for you.

Cheers,
 -Rick

From sara at sinodun.com  Thu Apr 11 12:09:47 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Thu, 11 Apr 2013 13:09:47 +0100
Subject: [Opendnssec-develop] Minutes of 2013-04-09
In-Reply-To: <2953363A-1B78-45B5-B1A9-BF1D1EE6C6CD@openfortress.nl>
References: <2953363A-1B78-45B5-B1A9-BF1D1EE6C6CD@openfortress.nl>
Message-ID: <F47B22E2-DEC0-49E4-808F-786C68FD1A13@sinodun.com>

Hi Rick, 

Many thanks for this. I updated the text describing the reported issues with 1.4 as I think a signer and an enforcer issue were mixed up! Hope this is OK.

Sara.

On 11 Apr 2013, at 12:22, Rick van Rein (OpenFortress) wrote:

> Hello,
> 
> I have just posted the minutes of our last meeting at https://wiki.opendnssec.org/display/OpenDNSSEC/2013-04-09+Minutes
> 
> If you want things changed: either jump in yourself or ask me to do it for you.
> 
> Cheers,
> -Rick_______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop



From sara at sinodun.com  Thu Apr 11 12:15:59 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Thu, 11 Apr 2013 13:15:59 +0100
Subject: [Opendnssec-develop] Re: [Opendnssec-maintainers] supported sqlite3
	version
In-Reply-To: <3578459610276473334@unknownmsgid>
References: <5165ACC4.3030800@redhat.com> <3578459610276473334@unknownmsgid>
Message-ID: <A9E31A16-D613-4FA8-84EE-94B7F13F782D@sinodun.com>


On 10 Apr 2013, at 19:25, Jerry Lundstr?m wrote:

> Did we not discuss having mysql as primary db? That would solve all issues with dists not having the right sqlite version.
> 
> /Jerry
> 

We previously agreed recommending that SQLite was used only for testing, not in production:

https://wiki.opendnssec.org/display/DOCSTRUNK/Installation#Installation-Database

but it is still the default database for 1.3 and 1.4.... 

We had a long discussion in the team meeting yesterday and decided we should continue to investigate using 3.7 since the fixes should be straightforward and should address the locking issue. 

Sara.

From sion at nominet.org.uk  Thu Apr 11 13:00:13 2013
From: sion at nominet.org.uk (=?ISO-8859-1?Q?Si=F4n_Lloyd?=)
Date: Thu, 11 Apr 2013 14:00:13 +0100
Subject: [Opendnssec-develop] Re: [Opendnssec-maintainers] supported
	sqlite3 version
In-Reply-To: <A9E31A16-D613-4FA8-84EE-94B7F13F782D@sinodun.com>
References: <5165ACC4.3030800@redhat.com> <3578459610276473334@unknownmsgid>
	<A9E31A16-D613-4FA8-84EE-94B7F13F782D@sinodun.com>
Message-ID: <5166B3DD.10008@nominet.org.uk>

On 11/04/13 13:15, Sara Dickinson wrote:
> On 10 Apr 2013, at 19:25, Jerry Lundstr?m wrote:
>
>> Did we not discuss having mysql as primary db? That would solve all issues with dists not having the right sqlite version.
>>
>> /Jerry
>>
> We previously agreed recommending that SQLite was used only for testing, not in production:
>
> https://wiki.opendnssec.org/display/DOCSTRUNK/Installation#Installation-Database
>
> but it is still the default database for 1.3 and 1.4.... 
>
> We had a long discussion in the team meeting yesterday and decided we should continue to investigate using 3.7 since the fixes should be straightforward and should address the locking issue. 
>

And of course we have a user base who are largely on sqlite and may not
want to change.

Hopefully we can use WAL for people who have 3.7 but remain compatible
with 3.6 (especially in light of Paul's comments).


From sara at sinodun.com  Tue Apr 16 12:39:03 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Tue, 16 Apr 2013 13:39:03 +0100
Subject: [Opendnssec-develop] RE: High availability documentation
Message-ID: <EC56C912-2125-4345-996F-5F4BF3150118@sinodun.com>

Hi All, 

So I have taken a first stab at writing a page on this based mainly on the discussions on the mailing list. Still needs a lot of work but please take a look if you have time and correct/update the content! 

Thanks

Sara.

From jad at sinodun.com  Wed Apr 17 09:33:54 2013
From: jad at sinodun.com (John Dickinson)
Date: Wed, 17 Apr 2013 09:33:54 +0000
Subject: [Opendnssec-develop] script to aid manual build/testing
Message-ID: <C3CDDD21-320A-45F1-9D71-FB6CE2E2DDC0@sinodun.com>

Hi developers,

I have taken the instructions from https://wiki.opendnssec.org/display/OpenDNSSEC/How+To+Develop+tests+locally and create a script to make it easier to build the test environment by hand for manual testing.

This is the current usage

Script to aid manual testing using the jenkins test framework and tests
Taken from https://wiki.opendnssec.org/display/OpenDNSSEC/How+To+Develop+tests+locally#HowToDeveloptestslocally-Runningexistingtestsoptional

Modifications include:
1. run bash in debug mode is mow an option
2. Options tp allow rebuilding of a single component even if the framework thinks it is not necessary
3. Option to allow sqlite 3 3.7.X to be built and installed in workspace/root/local-test/ and for softHSM and OpenDNSSEC to be built against it
4. Create log file for each step of the build

Usage: ./run_build.sh [options]

Supported options:
  -u the URL that you wish to checkout for softHSM (Default: http://svn.opendnssec.org/trunk/softHSM/)
  -U the URL that you wish to checkout for OpenDNSSEC (Default: http://svn.opendnssec.org/trunk/OpenDNSSEC/)
  -f force overwriting of the checked out code if the URL changes
  -p prevent any checkout
  -7 enable building of sqlite 3.7.X
  -m build against mysql
  -l force rebuild of ldns
  -s force rebuild of sqlite 3.7.X (requires -7)
  -S force rebuild of softHSM
  -o force rebuild of OpenDNSSEC
  -r delete install and reinstall
  -d run in bash debug mode
  -h this help

If people think this would be useful I will check it in to svn.

regards,
John

-------------- next part --------------
A non-text attachment was scrubbed...
Name: run_build.sh
Type: application/octet-stream
Size: 6832 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20130417/3427a7db/attachment.obj>

From matthijs at nlnetlabs.nl  Wed Apr 17 10:05:05 2013
From: matthijs at nlnetlabs.nl (Matthijs Mekking)
Date: Wed, 17 Apr 2013 12:05:05 +0200
Subject: [Opendnssec-develop] script to aid manual build/testing
In-Reply-To: <C3CDDD21-320A-45F1-9D71-FB6CE2E2DDC0@sinodun.com>
References: <C3CDDD21-320A-45F1-9D71-FB6CE2E2DDC0@sinodun.com>
Message-ID: <516E73D1.5010205@nlnetlabs.nl>

Hi John,

Script looks good, I would only like to see that the user can set the
workspace (either with an option or just manually). And instead of doing
for example the following in the script:

cd ~/workspace/OpenDNSSEC/testing	
export WORKSPACE=`pwd`

do

cd $WORKSPACE/OpenDNSSEC/testing	


Perhaps similar for SVN_REVISION. I will try it out next time I do some
local testing.

Best regards,
  Matthijs


On 04/17/2013 11:33 AM, John Dickinson wrote:
> Hi developers,
> 
> I have taken the instructions from https://wiki.opendnssec.org/display/OpenDNSSEC/How+To+Develop+tests+locally and create a script to make it easier to build the test environment by hand for manual testing.
> 
> This is the current usage
> 
> Script to aid manual testing using the jenkins test framework and tests
> Taken from https://wiki.opendnssec.org/display/OpenDNSSEC/How+To+Develop+tests+locally#HowToDeveloptestslocally-Runningexistingtestsoptional
> 
> Modifications include:
> 1. run bash in debug mode is mow an option
> 2. Options tp allow rebuilding of a single component even if the framework thinks it is not necessary
> 3. Option to allow sqlite 3 3.7.X to be built and installed in workspace/root/local-test/ and for softHSM and OpenDNSSEC to be built against it
> 4. Create log file for each step of the build
> 
> Usage: ./run_build.sh [options]
> 
> Supported options:
>   -u the URL that you wish to checkout for softHSM (Default: http://svn.opendnssec.org/trunk/softHSM/)
>   -U the URL that you wish to checkout for OpenDNSSEC (Default: http://svn.opendnssec.org/trunk/OpenDNSSEC/)
>   -f force overwriting of the checked out code if the URL changes
>   -p prevent any checkout
>   -7 enable building of sqlite 3.7.X
>   -m build against mysql
>   -l force rebuild of ldns
>   -s force rebuild of sqlite 3.7.X (requires -7)
>   -S force rebuild of softHSM
>   -o force rebuild of OpenDNSSEC
>   -r delete install and reinstall
>   -d run in bash debug mode
>   -h this help
> 
> If people think this would be useful I will check it in to svn.
> 
> regards,
> John
> 
> 
> 
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20130417/7abda50f/attachment.bin>

From sara at sinodun.com  Thu Apr 18 12:47:03 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Thu, 18 Apr 2013 13:47:03 +0100
Subject: [Opendnssec-develop] RE: 1.4.0 production release
Message-ID: <C6C89E43-69EE-459F-9B1A-A87573778A8D@sinodun.com>

All, 

So it seems that we are finally in a position to go ahead with the 1.4 production release! Both issues raised in the previous team meeting have been resolved and I've talked with both Sion and Matthijs this week and they are happy that we should go ahead with the production release. If anyone has any reason to think we should not then please speak now! 

In terms of timing I would like to make the release as early as possible next week. That will give us at least a clear couple of weeks before RIPE to pick up any issues that come in during that time and require a patch release. Monday would be ideal as I am out of the office Wednesday and possibly Thursday. 

Jerry - would you be available to do the release on Monday?

Regards

Sara. 

From jakob at kirei.se  Thu Apr 18 15:11:17 2013
From: jakob at kirei.se (Jakob Schlyter)
Date: Thu, 18 Apr 2013 17:11:17 +0200
Subject: [Opendnssec-develop] 1.4.0 production release
In-Reply-To: <C6C89E43-69EE-459F-9B1A-A87573778A8D@sinodun.com>
References: <C6C89E43-69EE-459F-9B1A-A87573778A8D@sinodun.com>
Message-ID: <DF23F812-95BC-4A76-98CC-68021FFD11C1@kirei.se>

I have a training session in Denmark on May 2, should I do 1.4 or 1.3? :-)

	jakob



From jerry at opendnssec.org  Thu Apr 18 15:32:07 2013
From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=)
Date: Thu, 18 Apr 2013 17:32:07 +0200
Subject: [Opendnssec-develop] RE: 1.4.0 production release
In-Reply-To: <C6C89E43-69EE-459F-9B1A-A87573778A8D@sinodun.com>
References: <C6C89E43-69EE-459F-9B1A-A87573778A8D@sinodun.com>
Message-ID: <2056912354309823343@unknownmsgid>

Should work.

/Jerry

On 18 apr 2013, at 14:47, Sara Dickinson <sara at sinodun.com> wrote:

> All,
>
> So it seems that we are finally in a position to go ahead with the 1.4 production release! Both issues raised in the previous team meeting have been resolved and I've talked with both Sion and Matthijs this week and they are happy that we should go ahead with the production release. If anyone has any reason to think we should not then please speak now!
>
> In terms of timing I would like to make the release as early as possible next week. That will give us at least a clear couple of weeks before RIPE to pick up any issues that come in during that time and require a patch release. Monday would be ideal as I am out of the office Wednesday and possibly Thursday.
>
> Jerry - would you be available to do the release on Monday?
>
> Regards
>
> Sara. _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop


From sara at sinodun.com  Mon Apr 22 10:48:12 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Mon, 22 Apr 2013 11:48:12 +0100
Subject: Fwd: [Opendnssec-develop] RE: 1.4.0 production release
References: <C6C89E43-69EE-459F-9B1A-A87573778A8D@sinodun.com>
Message-ID: <B55E3C59-345E-4E79-8B03-5B75CF50BF56@sinodun.com>

Hi All, 

Congratulations everyone - we have a 1.4 production release! Well done on all the hard work it took to get here!

fyi - a 1.4 branch has been created today in svn. I will add an agenda point to the meeting tomorrow to discuss a plan for adding 1.4 tests to jenkins, merging the enforcer-ng code into trunk, etc. 

Sara.

Begin forwarded message:

> From: Sara Dickinson <sara at sinodun.com>
> Date: 18 April 2013 13:47:03 GMT+01:00
> To: "opendnssec-develop at lists.opendnssec.org Dev" <Opendnssec-develop at lists.opendnssec.org>
> Subject: [Opendnssec-develop] RE: 1.4.0 production release
> 
> All, 
> 
> So it seems that we are finally in a position to go ahead with the 1.4 production release! Both issues raised in the previous team meeting have been resolved and I've talked with both Sion and Matthijs this week and they are happy that we should go ahead with the production release. If anyone has any reason to think we should not then please speak now! 
> 
> In terms of timing I would like to make the release as early as possible next week. That will give us at least a clear couple of weeks before RIPE to pick up any issues that come in during that time and require a patch release. Monday would be ideal as I am out of the office Wednesday and possibly Thursday. 
> 
> Jerry - would you be available to do the release on Monday?
> 
> Regards
> 
> Sara. _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop



From jakob at kirei.se  Mon Apr 22 11:28:03 2013
From: jakob at kirei.se (Jakob Schlyter)
Date: Mon, 22 Apr 2013 13:28:03 +0200
Subject: [Opendnssec-develop] RE: 1.4.0 production release
In-Reply-To: <B55E3C59-345E-4E79-8B03-5B75CF50BF56@sinodun.com>
References: <C6C89E43-69EE-459F-9B1A-A87573778A8D@sinodun.com>
	<B55E3C59-345E-4E79-8B03-5B75CF50BF56@sinodun.com>
Message-ID: <892669B5-7D12-4AA6-97E3-BF51147DA1CA@kirei.se>

On 22 apr 2013, at 12:48, Sara Dickinson <sara at sinodun.com> wrote:

> Congratulations everyone - we have a 1.4 production release! Well done on all the hard work it took to get here!

And there was much rejoicing!

	jakob



From sara at sinodun.com  Mon Apr 22 14:01:47 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Mon, 22 Apr 2013 15:01:47 +0100
Subject: [Opendnssec-develop] RE: Team meeting - Tuesday 23 April @ 14:00 CET
References: <FB08B114-AAE8-4D95-8365-06F4409C07CB@sinodun.com>
Message-ID: <CC203574-C603-49C3-B824-28BD2917AEE1@sinodun.com>

Hi All, 

We have a team meeting tomorrow:

Date:      Tuesday 23 April 2013
Time:      14:00-15:00 CET, 13:00-14:00 GMT
Method:  Google+
Agenda:  https://wiki.opendnssec.org/display/OpenDNSSEC/2013-04-23+Agenda

Sara.



From Roland.vanRijswijk at surfnet.nl  Mon Apr 22 21:03:03 2013
From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk - Deij)
Date: Mon, 22 Apr 2013 17:03:03 -0400
Subject: [Opendnssec-develop] RE: 1.4.0 production release
In-Reply-To: <892669B5-7D12-4AA6-97E3-BF51147DA1CA@kirei.se>
References: <C6C89E43-69EE-459F-9B1A-A87573778A8D@sinodun.com>
	<B55E3C59-345E-4E79-8B03-5B75CF50BF56@sinodun.com>
	<892669B5-7D12-4AA6-97E3-BF51147DA1CA@kirei.se>
Message-ID: <5175A587.6080908@surfnet.nl>



Jakob Schlyter wrote:
> On 22 apr 2013, at 12:48, Sara Dickinson <sara at sinodun.com> wrote:
> 
>> Congratulations everyone - we have a 1.4 production release! Well done on all the hard work it took to get here!
> 
> And there was much rejoicing!

Hear hear, great work!

Cheers,

Roland

-- 
-- Roland M. van Rijswijk - Deij
-- SURFnet bv
-- w: http://www.surfnet.nl/en/
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl


From sara at sinodun.com  Tue Apr 23 08:53:33 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Tue, 23 Apr 2013 09:53:33 +0100
Subject: [Opendnssec-develop] RE: Team meeting - Tuesday 23 April @ 14:00 CET
Message-ID: <77EB317B-4161-417A-A636-0676E4413802@sinodun.com>


fyi - a couple of points for discussion have been added to the agenda (in blue)

Begin forwarded message:

> From: Sara Dickinson <sara at sinodun.com>
> Date: 22 April 2013 15:01:47 GMT+01:00
> To: "opendnssec-develop at lists.opendnssec.org Dev" <Opendnssec-develop at lists.opendnssec.org>
> Subject: [Opendnssec-develop] RE: Team meeting - Tuesday 23 April @ 14:00 CET
> 
> Hi All, 
> 
> We have a team meeting tomorrow:
> 
> Date:      Tuesday 23 April 2013
> Time:      14:00-15:00 CET, 13:00-14:00 GMT
> Method:  Google+
> Agenda:  https://wiki.opendnssec.org/display/OpenDNSSEC/2013-04-23+Agenda
> 
> Sara.
> 
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop



From sara at sinodun.com  Tue Apr 23 09:00:34 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Tue, 23 Apr 2013 10:00:34 +0100
Subject: [Opendnssec-develop] script to aid manual build/testing
In-Reply-To: <516E73D1.5010205@nlnetlabs.nl>
References: <C3CDDD21-320A-45F1-9D71-FB6CE2E2DDC0@sinodun.com>
	<516E73D1.5010205@nlnetlabs.nl>
Message-ID: <BABDD286-614B-4F96-9B7E-F947604671DD@sinodun.com>

On 17 Apr 2013, at 11:05, Matthijs Mekking wrote:

> Hi John,
> 
> Script looks good, I would only like to see that the user can set the
> workspace (either with an option or just manually). And instead of doing
> for example the following in the script:
> 
> cd ~/workspace/OpenDNSSEC/testing	
> export WORKSPACE=`pwd`
> 
> do
> 
> cd $WORKSPACE/OpenDNSSEC/testing	

+1

> 

In a similar vein I attach a file 'test-this.sh'  which I add to my local OpenDNSSEC/testing directory. I use it to run an individual test when developing/extending a test script since my workflow is to cd into the directory of a particular test and then use:

> ../../test-this.sh

to run the test and see a basic output or

> bash -x  ../../test-this.sh

to see the full debug output. Again, if others think this would be useful I can submit to svn. 

Sara.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: test-this.sh
Type: application/octet-stream
Size: 463 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20130423/6ee35834/attachment.obj>
-------------- next part --------------



From jad at sinodun.com  Tue Apr 23 10:32:01 2013
From: jad at sinodun.com (John Dickinson)
Date: Tue, 23 Apr 2013 10:32:01 +0000
Subject: [Opendnssec-develop] script to aid manual build/testing
In-Reply-To: <516E73D1.5010205@nlnetlabs.nl>
References: <C3CDDD21-320A-45F1-9D71-FB6CE2E2DDC0@sinodun.com>
	<516E73D1.5010205@nlnetlabs.nl>
Message-ID: <29BB142A-3DE9-47A7-9032-B7D55A9AFAD9@sinodun.com>

Thanks Matthijs,

I have implemented your suggestion and added the ability to patch the checked out ods or softHSM code before building.

It can be found in svn at: trunk/testing/run_build.sh

John


On 17 Apr 2013, at 10:05, Matthijs Mekking <matthijs at NLnetLabs.nl> wrote:

> Hi John,
> 
> Script looks good, I would only like to see that the user can set the
> workspace (either with an option or just manually). And instead of doing
> for example the following in the script:
> 
> cd ~/workspace/OpenDNSSEC/testing	
> export WORKSPACE=`pwd`
> 
> do
> 
> cd $WORKSPACE/OpenDNSSEC/testing	
> 
> 
> Perhaps similar for SVN_REVISION. I will try it out next time I do some
> local testing.
> 
> Best regards,
>  Matthijs
> 
> 
> On 04/17/2013 11:33 AM, John Dickinson wrote:
>> Hi developers,
>> 
>> I have taken the instructions from https://wiki.opendnssec.org/display/OpenDNSSEC/How+To+Develop+tests+locally and create a script to make it easier to build the test environment by hand for manual testing.
>> 
>> This is the current usage
>> 
>> Script to aid manual testing using the jenkins test framework and tests
>> Taken from https://wiki.opendnssec.org/display/OpenDNSSEC/How+To+Develop+tests+locally#HowToDeveloptestslocally-Runningexistingtestsoptional
>> 
>> Modifications include:
>> 1. run bash in debug mode is mow an option
>> 2. Options tp allow rebuilding of a single component even if the framework thinks it is not necessary
>> 3. Option to allow sqlite 3 3.7.X to be built and installed in workspace/root/local-test/ and for softHSM and OpenDNSSEC to be built against it
>> 4. Create log file for each step of the build
>> 
>> Usage: ./run_build.sh [options]
>> 
>> Supported options:
>>  -u the URL that you wish to checkout for softHSM (Default: http://svn.opendnssec.org/trunk/softHSM/)
>>  -U the URL that you wish to checkout for OpenDNSSEC (Default: http://svn.opendnssec.org/trunk/OpenDNSSEC/)
>>  -f force overwriting of the checked out code if the URL changes
>>  -p prevent any checkout
>>  -7 enable building of sqlite 3.7.X
>>  -m build against mysql
>>  -l force rebuild of ldns
>>  -s force rebuild of sqlite 3.7.X (requires -7)
>>  -S force rebuild of softHSM
>>  -o force rebuild of OpenDNSSEC
>>  -r delete install and reinstall
>>  -d run in bash debug mode
>>  -h this help
>> 
>> If people think this would be useful I will check it in to svn.
>> 
>> regards,
>> John
>> 
>> 
>> 
>> _______________________________________________
>> Opendnssec-develop mailing list
>> Opendnssec-develop at lists.opendnssec.org
>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
>> 
> 
> 



From sara at sinodun.com  Tue Apr 23 13:59:48 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Tue, 23 Apr 2013 14:59:48 +0100
Subject: Fwd: [Opendnssec-develop] RE: Team meeting - Tuesday 23 April @ 14:00
	CET
References: <CC203574-C603-49C3-B824-28BD2917AEE1@sinodun.com>
Message-ID: <B0512DBF-8111-488B-88FB-7E3342F58A9D@sinodun.com>

All, 

Minutes from todays (small!) meeting are available online for review:

https://wiki.opendnssec.org/display/OpenDNSSEC/2013-04-23+Minutes

Sara.

Begin forwarded message:

> From: Sara Dickinson <sara at sinodun.com>
> Date: 22 April 2013 15:01:47 GMT+01:00
> To: "opendnssec-develop at lists.opendnssec.org Dev" <Opendnssec-develop at lists.opendnssec.org>
> Subject: [Opendnssec-develop] RE: Team meeting - Tuesday 23 April @ 14:00 CET
> 
> Hi All, 
> 
> We have a team meeting tomorrow:
> 
> Date:      Tuesday 23 April 2013
> Time:      14:00-15:00 CET, 13:00-14:00 GMT
> Method:  Google+
> Agenda:  https://wiki.opendnssec.org/display/OpenDNSSEC/2013-04-23+Agenda
> 
> Sara.
> 
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop



From matthijs at nlnetlabs.nl  Thu Apr 25 06:58:58 2013
From: matthijs at nlnetlabs.nl (Matthijs Mekking)
Date: Thu, 25 Apr 2013 08:58:58 +0200
Subject: [Opendnssec-develop] Maintenance of releases
Message-ID: <5178D432.3050704@nlnetlabs.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi developers,

Now that we have 1.4.0 released, maintenance of old releases deserves
some more attention. The wiki says "foo will be supported until at
least one year after boink".

I want to propose to remove the "at least" parts. Moreover, on the
wiki we can maintain the EOL date of older versions. 1.2 and older are
already EOL. When 2.0 is released, we can put EOL dates on 1.3 and 1.4.

I believe this will provide more clarity to the users. "At least" adds
an uncertainty. If we have had more than a year of support on older
releases, how long will we still continue to support?

Also, if we do want to provide longer support, it's easier to make the
call to extend the support with for example 6 months (updating the EOL
to the future) than to say "and now it's done".

Thoughts?

Best regards,
  Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJReNQyAAoJEA8yVCPsQCW5By4H/1r7+PvjDtx4e3qThP2OL+B+
IlQuHNrMvBHYr7GKe4Z/vvi/e+BSYC7UZBaF1r3bESLcRBsRpihBCmET6parFCIz
leMB5XvtEzTWqIlQe52Rej4nJp8iaeGyuGrB07ae9eie4lKGuwi+/l3uVCd1V7qa
or3v2oHnyakmjUZDtHgTzv7UF0gzXgxTGZwUvvRk5Vh7GMFnStJipkm/qZDsaL1d
c4CvTP8tWL9MmgqU4bIyYAw5so3FgcfAZyMKrUv5+muSX01O3FvMllwcBin0q811
8p0uJ1Hsjm6SOVXTXtJsDjeM0WidRwQ/9dx6uznj1AzKbjP2QpaJrBU/6vSVg1o=
=fr2E
-----END PGP SIGNATURE-----


From sara at sinodun.com  Fri Apr 26 13:17:16 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Fri, 26 Apr 2013 14:17:16 +0100
Subject: [Opendnssec-develop] Maintenance of releases
In-Reply-To: <5178D432.3050704@nlnetlabs.nl>
References: <5178D432.3050704@nlnetlabs.nl>
Message-ID: <C4723067-6A3C-4ED6-BABE-13E8C7209A4E@sinodun.com>


On 25 Apr 2013, at 07:58, Matthijs Mekking wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi developers,
> 
> Now that we have 1.4.0 released, maintenance of old releases deserves
> some more attention. The wiki says "foo will be supported until at
> least one year after boink".
> 
> I want to propose to remove the "at least" parts. Moreover, on the
> wiki we can maintain the EOL date of older versions. 1.2 and older are
> already EOL. When 2.0 is released, we can put EOL dates on 1.3 and 1.4.
> 
> I believe this will provide more clarity to the users. "At least" adds
> an uncertainty. If we have had more than a year of support on older
> releases, how long will we still continue to support?
> 
> Also, if we do want to provide longer support, it's easier to make the
> call to extend the support with for example 6 months (updating the EOL
> to the future) than to say "and now it's done".
> 
> Thoughts?
> 

+1 to all of that. 




From sara at sinodun.com  Fri Apr 26 13:34:19 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Fri, 26 Apr 2013 14:34:19 +0100
Subject: [Opendnssec-develop] RE: 1.3.14 release
Message-ID: <7C9BBFA5-7D45-40A9-8315-C367215ADD17@sinodun.com>

Hi All,

In the team meeting this week we agreed that we should go ahead with a 1.3.14 release, but since there were only 3 of us there I would like to double check this with the list before going ahead! 

The issues fixed in 1.3.14 would be the following:

* OPENDNSSEC-367: ods-ksmutil: Require user confirmation if the alogrithm for a key is changed in a policy (as this rollover is not handled cleanly)
* OPENDNSSEC-91: Make the keytype flag required when rolling keys

Bugfixes:
* OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on SOA Minimum change.
* OPENDNSSEC-396: Use TTLs from kasp when generating DNSKEY and DS records for output.
* OPENDNSSEC-398: The ods-ksmutil key rollover command does not work correctly when rolling all keys using the --policy option
* SUPPORT-40: Signer Engine: Keep occluded data in signed zone files/transfers.

Unless I hear any objection then I will plan to do the release next week (Jerry - I can do any day except Wednesday - how about you?).

Regards

Sara.



From sara at sinodun.com  Fri Apr 26 13:36:07 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Fri, 26 Apr 2013 14:36:07 +0100
Subject: [Opendnssec-develop] RE: Trunk and 1.4 brances
Message-ID: <E3E785E2-A6F5-4F1B-85C2-6126BB68F5BF@sinodun.com>

Hi All, 

Another discussion from the team meeting related to trunk and the 1.4 branch. 

We agreed it would be sensible to hold off from submitting any substantial or untested code changes into the 1.4 branch for the immediate future so that we had the option of doing a fast patch release if this happened to be needed. 

Also we discussed the fact that the enforcer-ng branch is currently not really covered by any regression tests (looking at jenkins only 3 basic tests are actually running for that branch...) and we should postpone any merge into trunk until we have at least reviewed the coverage and aligned the testing as much as is possible at the moment. Yuri - perhaps we can talk offline about this? If anyone has any other thoughts on merging (e.g. when, pre-requisites) then please speak up! 

Regards

Sara.

From sara at sinodun.com  Fri Apr 26 13:51:10 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Fri, 26 Apr 2013 14:51:10 +0100
Subject: [Opendnssec-develop] RE: Review of JIRA issues
Message-ID: <4FBA11EE-C5D5-4DF8-BB45-DAF6AC8F6B08@sinodun.com>

Hi All, 

As part on the ongoing review of our JIRA issues I would like to ask for comments on the following issues which currently have a Fix version of 'Future release':


OPENDNSSEC-293	Reporting of important messages through email in addition to the current syslog method. Jakob Schlyter	  	
OPENDNSSEC-251	Support for offline KSK                                                                                               Jakob Schlyter	 	
OPENDNSSEC-94	Read-only Repsitories													Jakob Schlyter		 
OPENDNSSEC-95	Implement --disable-signer for the Enforcer									Jakob Schlyter
OPENDNSSEC-310	Revisit how the daemons are initialised and provide example init scripts 			Jerry Lundstr?m	 
OPENDNSSEC-89	ods-control should be able to take a conf.xml file as a command line arg 			Jerry Lundstr?m
OPENDNSSEC-316	Privileges on shared PIN memory										Rickard Bellgrim
OPENDNSSEC-125	Implement a KASP visualization tool 										Yuri Schaeffer	 
OPENDNSSEC-314	Bootstrap ODS from signed zone 										Yuri Schaeffer	 
OPENDNSSEC-100	Implement 5011 													Yuri Schaeffer
OPENDNSSEC-360	Fix new build environment for contrib/eppclient								Unassigned
OPENDNSSEC-352	$ make test														Unassigned
OPENDNSSEC-335	Implement hook to be called for backup after key generation						Unassigned


Plan:
- If no-one nominates an issue it will be left with a fix version of 'Future release'.
- If anyone feels any issue should be nominated for a particular release then please reply to this email indicating which release and why. 
- I was planning a brief review of all issues with a specific fix version during the developer meeting at RIPE.

BTW: There are about a dozen further (unassigned) issues for 'Future release' that I will present for review in an email next week. I have already been through those assigned to Matthijs and Sion offline with them and several issues have been nominated for specific releases. 

Regards

Sara.