#kimchi log

13:02:12 <alinefm> #startmeeting
13:02:13 <kimchi-bot> Meeting started Wed Dec  3 13:02:12 2014 UTC.  The chair is alinefm. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:02:13 <kimchi-bot> Useful Commands: #action #agreed #help #info #idea #link #topic.
13:02:13 <alinefm> #meetingname scrum
13:02:13 <kimchi-bot> The meeting name has been set to 'scrum'
13:02:23 <alinefm> #info Agenda 1) Status 2) Open discussion
13:02:24 <alinefm> anything else?
13:02:33 <royce> good for me
13:02:52 <YuXin> #info YuXin Test on iPad(afari+chrome)
13:03:05 <alinefm> #topic Status
13:03:05 <alinefm> #info Please provide your status using the #info command: #info <nickname> <status>
13:03:15 <wenwang> #info wenwang tested kimchi on IE
13:03:25 <alinefm> #info alinefm tagged 1.4.0-rc1 and updated ChangeLog, Version and po files
13:03:32 <vianac> #info vianac tested Kimchi 1.4.0-rc1 on Fedora 20 and opened bugs
13:03:32 <wenwang> #info wenwang reported related bugs
13:03:38 <alinefm> #info alinefm sent patch to update RHEL7 information on README
13:03:49 <royce> #info royce tested on Ubuntu 14.10, found some bugs related to build, testcases
13:04:28 <royce> #info royce sent patch for pep8, testcase, now working on fixing ldap authentication bugs
13:06:12 <alinefm> from the test matrix we still have a lot of tests to do: https://github.com/kimchi-project/kimchi/wiki/Testing-1.4
13:06:37 <alinefm> in one week we will start the hard code freeze which means only critical bug fixes will be merged upstream
13:06:49 <Guest393> #info Simon test kimchi 1.4 on opensuse13.2
13:07:06 <alinefm> so it is really important to complete the tests by the end of the day tomorrow and then we focus on providing patches to the bugs open
13:07:12 <alinefm> does that make sense?
13:08:07 <royce> Got it
13:08:25 <alinefm> if we complete the tests tomorrow we have only *one week* to focus on bug fixes
13:08:40 <alinefm> vianac, Guest393, YuXin, wenwang, agree?
13:08:45 <wenwang> agree
13:09:00 <YuXin> alinefm, need one column for mobile
13:09:17 <YuXin> I mean in test matrix
13:09:31 <alinefm> YuXin, I can add one if you want
13:09:36 <YuXin> ok
13:09:41 <wenwang> alinefm: Also, for browsers, I remember we had it before
13:10:32 <alinefm> #action each test focal point will complete the test matrix by the end of the day tomorrow (12/04)
13:10:47 <alinefm> #action alinefm add columns to mobile and browser on test matrix
13:11:03 <wenwang> thanks alinefm
13:11:06 <alinefm> #info 1.4 hard code freeze starts in one week (12/10)
13:11:46 <alinefm> once we complete the tests, please, take as many bugs as you can to provide patches so we can get a stable version before 12/10
13:11:48 <alinefm> ok?
13:12:06 <YuXin> ok
13:12:07 <royce> OK
13:12:24 <alinefm> vianac, Guest393, wenwang ^
13:12:30 <wenwang> ok
13:13:59 <alinefm> #topic Open Discussion
13:14:11 <alinefm> what are the topics for today?
13:14:38 <YuXin> alinefm, if I remember corrently, you have ever tired vnc console on mobile in last release?
13:15:03 <alinefm> YuXin, yeap - I tested on Android phones
13:15:24 <YuXin> the ssl certificate is manually imported, right?
13:15:24 <alinefm> on Android it works well as we don't have the cert issue there
13:15:36 <alinefm> nope
13:15:52 <YuXin> so all through brower?
13:15:52 <alinefm> you only need to manually import the cert for iOS phones/tablets
13:16:04 <alinefm> yeap
13:16:19 <YuXin> but the default cert of kimchi can not be imported into iPad as trusted
13:16:25 <alinefm> on Android you accept the cert in the same way you do on desktop browsers
13:16:38 <alinefm> YuXin, yeap - it is a known issue
13:17:01 <alinefm> for iOS devices the user must provide a trusted cert OR manually import the cert before access kimchi on browser
13:17:15 <YuXin> if leverage brower, the cert will not be imported on ipad, it is taken as ssl excpetion
13:17:57 <YuXin> if manually import(send the cert file as a mail attachment, then open cert from mail on ipad), the cert is still taken as untrusted on ipad
13:18:27 <YuXin> the cert file is created by kimchi, right?
13:18:31 <alinefm> really? I have read on some blogs that the manually import worked
13:18:52 <alinefm> YuXin, if the user does not provide one, kimchi generates one
13:18:54 <YuXin> seems like the 'issued to' attribute of the cert file has some problem
13:19:01 <wenwang> I encourtered this when using ipad too
13:19:32 <YuXin> alinefm, for current kimchi cert file, whether it is generated by kimchi?
13:20:12 <alinefm> YuXin, on kimchi.conf file you can specify you own cert file
13:20:24 <alinefm> if you don't specify it, Kimchi will generate one cert for you
13:20:40 <alinefm> and there is no way to change the way kimchi generate it to be trusted to iOS
13:20:59 <alinefm> to be a trusted cert we need to pay a cert assigner and it will no happen
13:21:01 <alinefm> *not
13:21:16 <YuXin> can you copy the command to generate cert file? I want to try if I can modify some params when generate cert file to make it work on iPad
13:23:07 <alinefm> YuXin, you can check sslcert.py
13:23:14 <YuXin> ok
13:23:19 <alinefm> but again, there is nothing we can do to solve it
13:24:07 <alinefm> if user want to use VNC on iOS devices he/she must provide a different SSL cert or import the non-trusted cert manually
13:24:54 <YuXin> the problem is that even manually import, not all cert file will be taken as trusted
13:25:16 <YuXin> so I want to get what a cert file can be manually imported as trusted on ipad
13:26:06 <YuXin> I will investigate all options when generating a cert file to see whether I can get a self-sighed cert file to be trusted on iPAD
13:26:19 <alinefm> YuXin, did you follow those references: http://lists.ovirt.org/pipermail/kimchi-devel/2014-August/006935.html ?
13:29:03 <YuXin> I guest it is not for iOS7 or iOS8
13:29:48 <alinefm> YuXin, what I remember is: once you accept the cert on browser you need to do a reset in the device to then import the cert manually
13:29:56 <alinefm> otherwise the manually import will not work
13:30:18 <YuXin> I got kimchi cert file on desktop, send the cert file to my mail box
13:30:22 <YuXin> as an attachement
13:30:43 <alinefm> and have you never accept the kimchi cert in your iOS device before it?
13:30:45 <YuXin> open my mailbox on iPad, open the cert file attachement with safari
13:31:17 <YuXin> then iOS ask me to import the cert file, there is no option about whether import it as trusted or not
13:31:53 <YuXin> then I continue to import, then check the cert file, it is marked as untrusted
13:33:08 <alinefm> YuXin, you need to install the cert instead of open it on Safari
13:33:14 <alinefm> https://blog.httpwatch.com/2013/12/12/five-tips-for-using-self-signed-ssl-certificates-with-ios/
13:34:07 <YuXin> I checked this link today, and there is "It most cases the computer name will not match the intended host name  and you end up with a self-signed certificate that is never trusted –  even when it is added to iOS:"
13:34:45 <alinefm> YuXin, anyway, I think we should add those links to the troubleshooting section on README
13:35:01 <alinefm> and let user provide a different cert if he/she wants to use kimchi on iOS devices
13:35:45 <YuXin> if user can provide a trusted cert file signed offically, then it will must work
13:35:55 <alinefm> yeap
13:37:14 <YuXin> ok, I willl investigate more about whether there is a way to make a self-sighed cert file to be trusted in iPad
13:37:55 <alinefm> ok
13:38:50 <alinefm> any other topic?
13:39:14 <YuXin> alinefm, the distributions and versions on test matrix page are all  kimchi supported?
13:39:25 <alinefm> YuXin, yes
13:39:29 <YuXin> ok
13:39:41 <YuXin> I have nothing more today
13:39:42 <alinefm> YuXin, kimchi supports the latest version of RHEL, Ubuntu, Fedora and OpenSUSE
13:39:54 <YuXin> ok
13:40:10 <wenwang> nothing from me
13:40:25 <alinefm> royce, vianac, Guest393, anything else?
13:40:50 <vianac> alinefm: no
13:41:56 <royce> nope
13:43:06 <alinefm> thanks everyone for joining!
13:43:13 <alinefm> #endmeeting