Le vendredi 22 février 2019, à 10:27 +1030, Simon Lees a écrit :
On 21/02/2019 23:53, Vincent Untz wrote:
Hey,
Le jeudi 21 février 2019, à 11:41 +0100, Richard Brown a écrit :
On Thu, 21 Feb 2019 at 11:01, Lars Vogdt
wrote: openSUSE membership can be managed via paper. Setting up Email aliases and IRC cloaks can be stopped until there is a new tool established. Lost trust and data because of security breaches is way harder to restore and will result in much more work for everyone.
We can't just have people randomly turning off services which provide key planks to the project. If OBS dissapeared tomorrow without replacement we wouldn't have any distributions. If connect.opensuse.org disappears tomorrow we don't have any Project members.
If the relevant info is exported, why would we not have any project members anymore?
We will still have members but will not have a way to add new members, keeping a couple of copies of the list somewhere secure probably isn't that hard but keeping it and its backups up to date and accessible by the right people isn't so simple.
As said, it's something I would deal in a reactive way, and it's a matter of priorities. It's bad to not be able to update our list of members, but it's even worse to have connect.o.o up and running.
Yes we could just keep a piece of paper on Richard's desk but given he's in a open office from memory I doubt that would meet GDPR requirements.
I can't comment on the GDPR bit. But on top of the nextcloud/owncloud proposal and the galette proposal, I can suggest: - have a private git repo somewhere; could be the closed gitlab instance we have for the infra, could be just a git repo in a VM that is reached with ssh access - even a text file in a VM with only access from membership officials - temporarily have a bottleneck who would maintain the list in a secure way (not a piece of paper on a desk). And yes, the bottleneck could be Richard for instance. The "replacement" doesn't necessarily require somebody to step up and set up a new service. But again, what is important here is to retire a service that is not maintained, has security issues, and contains personal data. This should be the priority. Cheers, Vincent -- Les gens heureux ne sont pas pressés. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org