Thursday, October 23, 2025
dev@conference.yunohost.org
October
Mon Tue Wed Thu Fri Sat Sun
    1
 2
 3
 4
 5
6
 7
 8
 9
 10
 11
 12
13
 14 15
 16
 17
 18
 19
20
 21
 22
 23
 24
 25
 26
27 28 29 30 31    
             

[00:13:45] <Yunohost Git/Infra notifications> [yunohost] t​ituspijean [comment](https://github.com/YunoHost/yunohost/commit/b45b9d4f425337105b93face02c862825ff93cc9#commitcomment-168617715) on commit b45b9d4: Thank you, we are investigating the issue and are able to replicate it in some conditions. (Next time, hopefully never, it would be preferable to open an issue rather than commenting directly on the code.)
[00:17:24] <Yunohost Git/Infra notifications> [yunohost] k​evinwherron [comment](https://github.com/YunoHost/yunohost/commit/b45b9d4f425337105b93face02c862825ff93cc9#commitcomment-168617866) on commit b45b9d4: I was researching at Spamhaus to see if I could figure out what the issue was my intent was to ultimately contribute if I could figure it out. I understand your point and will open an issue in the future. Thanks for looking into it and sorry for the headache.
[00:34:58] <Yunohost Git/Infra notifications> [yunohost] t​ituspijean pushed to dev: Revert "diagnosis/mail/blocklists: use spamhaus own ns to avoid open resolver errors" This reverts commit b45b9d4f42... ([bf75e194](https://github.com/YunoHost/yunohost/commit/bf75e1940cf56e1c2fc3c14aa6f1eb6c4014de1d))
[00:44:57] <Yunohost Git/Infra notifications> [yunohost] t​ituspijean created new t𝚊g debian/12.1.31
[00:45:05] <Yunohost Git/Infra notifications> [yunohost] t​ituspijean pushed to dev: Update 12.1.31 ([b929af31](https://github.com/YunoHost/yunohost/commit/b929af314929827cc0cec352f5f277d36790c194))
[00:45:11] <Yunohost Git/Infra notifications> [repository] g​ithub-actions[bot] published [new release #debian/12.1.31](https://github.com/YunoHost/yunohost/releases/tag/debian/12.1.31) YunoHost 12.1.31
[00:45:24] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.1.31+202510230245 for bookworm/unstable/all...
[00:46:09] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.1.31 for bookworm/stable/all...
[00:48:38] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.1.31+202510230245 for bookworm/unstable/all.
[00:48:39] <Yunohost Git/Infra notifications> ✔️ Completed distribution for yunohost/12.1.31+202510230245 for bookworm/unstable.
[00:48:45] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.1.31 for bookworm/stable/all.
[00:48:52] <Yunohost Git/Infra notifications> ✔️ Completed distribution for yunohost/12.1.31 for bookworm/stable.
[00:48:56] <Yunohost Git/Infra notifications> [yunohost] t​ituspijean pushed to dev: fix: clicky clicky copy pasty spacy ([c5bd5bed](https://github.com/YunoHost/yunohost/commit/c5bd5bed951f60900bcca310ffc2b48d2b2f86c0))
[00:55:02] <Yunohost Git/Infra notifications> [yunohost] t​ituspijean [comment](https://github.com/YunoHost/yunohost/commit/b45b9d4f425337105b93face02c862825ff93cc9#commitcomment-168619329) on commit b45b9d4: Thank you for investigating, IMHO the issue is most likely that dnsmasq is the sole resolver on the system, and with that line 16 we are relying on it to resolve a domain while it is booting up. We will check what is actually the matter here. Since its the middle of the night in CEST, we have opted to release 12.1.31 as a revert hotfix, and we will investigate alternative solutions for spamhaus later. :)
[01:00:15] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.1.31+202510230300 for bookworm/unstable/all...
[01:02:59] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.1.31+202510230300 for bookworm/unstable/all.
[01:03:03] <Yunohost Git/Infra notifications> ✔️ Completed distribution for yunohost/12.1.31+202510230300 for bookworm/unstable.
[03:34:28] <artlog> rm /etc/yunohost/certs/yunohost.org/ca.pem; /usr/share/yunohost/hooks/conf_regen/02-ssl init
[03:36:11] <artlog> right now yunhost-api does not start in ynh-dev so i have to start it and i do that ca reset at that time.
[12:46:48] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin pushed to dev: dnsmasq: stabilize the resolver pool list shuffling by using a seed computed from the machine id and current month ([0858ea37](https://github.com/YunoHost/yunohost/commit/0858ea37f28e2606a46a385ec5d0f8759f005eca))
[12:46:48] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin pushed to dev: spamhaushell: try another way to address the issue by generating a dnsmasq snippet during regenconf ([61d2f9fe](https://github.com/YunoHost/yunohost/commit/61d2f9fe8b885b94cd17e8bce521e3276fa35a00))
[12:46:52] <Yunohost Git/Infra notifications> [repository] g​ithub-actions[bot] published [new release #debian/12.1.32](https://github.com/YunoHost/yunohost/releases/tag/debian/12.1.32) YunoHost 12.1.32
[12:46:52] <Yunohost Git/Infra notifications> ✔️ Completed distribution for yunohost/12.1.31+202510231430 for bookworm/unstable.
[12:46:52] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.1.31+202510231430 for bookworm/unstable/all.
[12:46:52] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin pushed to dev: Update changelog for 12.1.32 ([dfa57c5c](https://github.com/YunoHost/yunohost/commit/dfa57c5cc9cd95437fc6bad62cb78a0caafcf49a))
[12:46:53] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.1.31+202510231430 for bookworm/unstable/all...
[12:46:53] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin created new t𝚊g debian/12.1.32
[12:46:59] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.1.32 for bookworm/stable/all...
[12:47:30] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.1.32 for bookworm/stable/all.
[12:47:30] <Yunohost Git/Infra notifications> ✔️ Completed distribution for yunohost/12.1.32 for bookworm/stable.
[12:47:31] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.1.32+202510231445 for bookworm/unstable/all...
[12:48:33] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.1.32+202510231445 for bookworm/unstable/all.
[12:48:38] <Yunohost Git/Infra notifications> ✔️ Completed distribution for yunohost/12.1.32+202510231445 for bookworm/unstable.
[19:03:56] <Aleks (he/him/il/lui)> @_@
[19:03:57] <Aleks (he/him/il/lui)> personally i try to stick to "avoid bikeshading these goddamn cipher stuff and use some recommendation from a well-known, trustable entity", and in particular https://infosec.mozilla.org/guidelines/openssh and https://ssl-config.mozilla.org/
[19:03:57] <Aleks (he/him/il/lui)> and personally i'm quite skeptical about all this fuzz about quantum computing, i don't relieve in quantum computing in general sense, or at least i don't believe that if it happens it's gonna scale enough for my communications from 10-20 years ago to be at risk because, what are you gonna steal, my ADHD memes I scped from my RPi ?
[19:03:57] <Aleks (he/him/il/lui)> yeah apparently it's from 2017 here too https://wiki.mozilla.org/Security/Guidelines/OpenSSH (in the View History) but i would naively trust this more than SSH's default setting, because the SSH upstream probably has a lot of inertia and can't change the default values because of backward compatibility consideration etc

But anyway honestly it's easy to get omnubilé by the ciphers but I have absolutely never heard of any hack happening because somebody used "only" `hmac-sha2-512-etm@openssh.com` or whatever ... definitely the main focus if we really want to improve SSH security in YunoHost is

1. encouraging people to use SSH keys by making them configurable in the webadmin - this is by far one of the biggest thing right now about our SSH stack or security in general,
2. having 2FA for the webadmin, because ... you can setup SSH keys if you want, but the weakest auth link is gonna be the webadmin where authentication is password-based
[19:03:59] <Aleks (he/him/il/lui)> that's just way more concrete in terms of improvements rather than niche stuff of "my cipher is weak against stuff that may exist in 20 years in the future if society didn't collapse then and somehow people made 10 breakthrough in stabilizing qbits"
[19:13:03] <Aleks (he/him/il/lui)> ssh client telling that the ciphers are not quantum safe ? Uggh I'm not even sure clients do complain about `dsa` server identities which should be deprecated since like 10 years
[19:13:03] <Aleks (he/him/il/lui)> (ah bah en fait non apparament ils refusent)
[19:13:04] <Aleks (he/him/il/lui)> si vous avez une recommendation straightforward, solide, documentée (pas juste 3 pelés au fin fond de reddit qui vivent dans un appart en papier d'allu) sur c'est quoi les ciphers à appliquer, et que ça pète pas la compatibilité avec + de 25% de la planète, alors go faire une pull request, mais sinon de mon point de vue c'est un non-problème
[19:13:04] <Aleks (he/him/il/lui)> bref 'fin moi en fait j'ai pas envie de passer milles ans sur ce genre de sujets, j'ai déjà passé trop d'heure dessus où ça fini en truc spéculatifs nébuleux genre "askip cipher trucbidule a des liens avec la NSA alors peut-être que c'est pas safe mais en même temps on a rien pour le prouver" genre pfff
[19:13:04] <Aleks (he/him/il/lui)> ça c'est pour les clefs du client, c'est pas les ciphers ou identité du serveur ...
[19:55:51] <Yunohost Git/Infra notifications> [issues] A​-Sverdrup [commented](https://github.com/YunoHost/issues/issues/2683#issuecomment-3438881469) on [issue #2683](https://github.com/YunoHost/issues/issues/2683) Portal : adding a custom tile pointing to external links: Totally support.

Yes, Redirect already does that, and Custom webapp can also do that, but these feel like a kludgy work...
[19:57:00] <Yunohost Git/Infra notifications> [issues] A​-Sverdrup [commented](https://github.com/YunoHost/issues/issues/2680#issuecomment-3438885573) on [issue #2680](https://github.com/YunoHost/issues/issues/2680) At least some offline capability: Caching installed apps: > Also you cant even rollaback the app you just borked (force-upgrade to the same version).

Nah, thats totally on the...
[20:02:18] <Yunohost Git/Infra notifications> [ynh-dev] f​florent opened [pull request #91](https://github.com/YunoHost/ynh-dev/pull/91): Document how to run the tests inside the container
[20:08:31] <Yunohost Git/Infra notifications> [issues] A​-Sverdrup [commented](https://github.com/YunoHost/issues/issues/2680#issuecomment-3438936169) on [issue #2680](https://github.com/YunoHost/issues/issues/2680) At least some offline capability: Caching installed apps: > is not connected to the internet.

Yunohost may be online-first, but its usefulness does not decrease that much on a L...
[20:20:29] <Yunohost Git/Infra notifications> [ynh-dev] f​florent opened [pull request #92](https://github.com/YunoHost/ynh-dev/pull/92): Fix shellcheck
[20:27:07] <Yunohost Git/Infra notifications> [test_apps] J​osue-T closed [pull request #9](https://github.com/YunoHost/test_apps/pull/9): Create app for test ldap app user