[00:22:50]
<Aleks (he/him/il/lui)> https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key
[09:57:14]
<Salamandar> > <@Alekswag:matrix.org> https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key
we ought to check our config…
[09:57:20]
<Salamandar> also : why the hell are we still using rsa ?
[10:12:52]
<lapineige> Hey 🙂
I figured out that during a new install, the documentation link in https://yunohost.local/yunohost/admin/#/postinstall drives you to https://yunohost.org/postinstall which is a 404
(it's this one `Deux étapes de configuration supplémentaires sont nécessaires pour activer les services de votre serveur. Vous pouvez obtenir plus d'informations en vous rendant sur la page de documentation appropriée` <-)
[10:27:31]
<Yunohost Git/Infra notifications> [issues] Ddataa labeled :space_invader: bug on [issue #2515](https://github.com/YunoHost/issues/issues/2515): Cannot disable email for domain without generating constant warnings
[10:27:32]
<Yunohost Git/Infra notifications> [issues] Ddataa opened [issue #2515](https://github.com/YunoHost/issues/issues/2515): Cannot disable email for domain without generating constant warnings
[14:11:14]
<Aleks (he/him/il/lui)> > <@Salamandar:matrix.org> also : why the hell are we still using rsa ?
You mean for ssh ?
[14:11:55]
<rodinux> hello, does the hooks must been different on debian 12 ?
[14:12:10]
<Aleks (he/him/il/lui)> What's your actual problem
[14:12:15]
<Salamandar> > <@Alekswag:matrix.org> You mean for ssh ?
no, email
[14:13:10]
<Aleks (he/him/il/lui)> Ah the DKIM key is also RSA ? Yeah idk, is it that bad ? Dunno if there are non-rsa dkim keys
[14:13:30]
<Salamandar> it looks like DKIM is only RSA yeah
[14:14:09]
<Salamandar> ah no
[14:14:14]
<Salamandar> > In 2017, another working group was launched, DKIM Crypto Update (dcrup), with the specific restriction to review signing techniques.[49] RFC 8301 was issued in January 2018. It bans SHA-1 and updates key sizes (from 512-2048 to 1024-4096).[50] RFC 8463 was issued in September 2018. It adds an elliptic curve algorithm to the existing RSA. The added key type, k=ed25519 is adequately strong while featuring short public keys, more easily publishable in DNS.[51]
[14:14:48]
<Salamandar> buuuuut is it supported everywhere ? interop hell ™
[14:15:52]
<Salamandar> > As with any new standard in email, it is expected that it will take some time before Ed25519 validation is a common feature in email validators (the receiving services). As such, it is not recommended to exclusively rely on Ed25519 for DKIM.
[14:16:03]
<Salamandar> > This means that 2 DKIM DNS records must be created. One containing the Ed25519 key, and one with a fall-back RSA type key. The two DKIM DNS records must use a different selector, as DKIM does not allow multiple DKIM records to exist with the same selector.
[14:16:12]
<Salamandar> > The signer (the sending email service) must now add two DKIM-signature headers to the email
[14:16:17]
<Salamandar> interop hell ™
[14:31:34]
<Aleks (he/him/il/lui)> Jesus christ
[14:38:46]
<Salamandar> https://ci-apps.yunohost.org/ci/job/13861
[14:38:47]
<Salamandar> uuuuuh
[14:38:59]
<Salamandar> > The authenticity of host 'github.com (140.82.121.3)' can't be established.
> ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
> This key is not known by any other names.
[14:39:02]
<Salamandar> wtf ?
[16:13:18]
<Salamandar> https://github.com/YunoHost/yunohost/blob/e8c175231e78683c98e84f7fd637d234fb31c2cc/helpers/helpers.v2.1.d/logrotate#L13
[16:13:28]
<Salamandar> We can't have logfiles named other than *.log, *.txt ?
[16:13:39]
<Salamandar> guacamole logs to "catalina.out"…
[16:30:56]
<Yunohost Git/Infra notifications> [yunohost] Salamandar created new branch fail2banhelper
[16:30:57]
<Yunohost Git/Infra notifications> [yunohost/fail2banhelper] fail2ban: logpath isnt always /var/log/app... Also only apply permissions when it doesnt already exist - Félix Piédallu
[16:30:57]
<Yunohost Git/Infra notifications> [yunohost/fail2banhelper] fail2ban helper doesnt have --use_template anymore - Félix Piédallu
[16:30:57]
<Yunohost Git/Infra notifications> [yunohost] Salamandar pushed 2 commits to fail2banhelper ([346a349ca48a^...47675187e97d](https://github.com/YunoHost/yunohost/compare/346a349ca48a^...47675187e97d))
[16:32:23]
<Yunohost Git/Infra notifications> [yunohost] Salamandar opened [pull request #2024](https://github.com/YunoHost/yunohost/pull/2024): Fix fail2ban helper for non-/var/log/app paths
[20:23:11]
<orhtej2> > <@Salamandar:matrix.org> guacamole logs to "catalina.out"…
guacamole can be told to log elsewhere IIRC
[20:23:27]
<orhtej2> and OFBiz just forwards journald to a file
[20:23:56]
<Salamandar> > guacamole can be told to log elsewhere IIRC
ah !
[20:24:13]
<orhtej2> (and by guacamole I mean Tomcat)
[20:24:37]
<Salamandar> > (and by guacamole I mean Tomcat)
yes i get that
[20:24:49]
<Salamandar> (why "catalina" ?????????)
[20:25:15]
<orhtej2> that's the name of their servlet container component
[20:25:27]
<Salamandar> hmokay
[20:25:32]
<Salamandar> ah yes it's an envvar actually…
[20:26:38]
<Salamandar> ok done
[20:26:44]
<Salamandar> thanks for the tip
[20:35:34]
<Yunohost Git/Infra notifications> [yunohost] alexAubin merged [pull request #2024](https://github.com/YunoHost/yunohost/pull/2024): Fix fail2ban helper for non-/var/log/app paths
[20:35:36]
<Yunohost Git/Infra notifications> [yunohost] alexAubin deleted branch fail2banhelper
[20:45:06]
<Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.0.9.2+202501092145 for bookworm/unstable/all ...
[20:46:12]
<Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.0.9.2+202501092145 for bookworm/unstable/all.