Hack call: 14:00 UTC
- Update on Matrix public registration (sunil)
- Stopped working, upstream change requires verifications.
- 3 verification methods available:
- reCaptcha online service, need to register to get keys
- use tokens, get token from administrator to register
- use admin API for matrix synapse, daemon is running
- use access token for admin user
- use CLI tool to create admin user and get token
- list registration tokens
- create single, long-term token and display it
- option to disable verification
https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/registration_tokens.html
- use 3rd party service to send email verification or phone call
- Debian Bookworm Freeze (sunil)
- Soft freeze is tomorrow.
- small, targeted fixes
- 10 days for migration
- Backup users app (sunil)
- Largest issues are handled, some issues to be addressed.
- Need Plinth users to be backed-up and restored from sqlite database.
- Current admin user could get kicked out after restore.
- Create new accounts when restoring, don't delete any.
- What if old and new accounts have the same name?
- Skip restoring current user?
- Don't restore accounts that already exist? or only restore group information.
- Create special admin user during restore?
- Show a warning message?
- Export/import format like JSON?
- Backup and restore Samba user database.
- Samba cannot use PAM.
- Have Plinth try PAM first.
- Ideally, get rid of Plinth database.
- Django LDAP plugins or implement our own
- Discussion on backup/restore of /home
- Include .ssh/authorized_keys file?
Future plan: WebAuthn to eliminate passwords
- Wireguard uninstall not working (jvalleroy)
- Uninstall is just removing userland tools
- Needs more investigation
- Cockpit file manager (benedek)
- Will need to be packaged.
- Uses PAM, no separate user database.
- Can have shortcuts to apps, like we do for Performance.
- SSO: Kerberos is suggested approach.