Time  Nick          Message
06:08 koha-jenkins  Yippee, build fixed!
06:08 wahanui       Congratulations!
06:08 koha-jenkins  Project Koha_Master build #1814: FIXED in 1 hr 10 min: https://jenkins.koha-community.org/job/Koha_Master/1814/
07:31 reiveune      hello
07:48 alex_a        Bonjour
09:12 ashimema      mornin' #koha
09:53 ashimema      ooh..
09:54 ashimema      does GetPreparedLetter not fall back through languages
09:56 ashimema      looks like it should
10:11 * cait        waves
10:11 cait          i am back, have you rewritten all the things yet?
10:43 ashimema      lol
10:43 ashimema      I tracked down your lang for slips bug
10:51 ashimema      cait : I just wrote a patch for bug 28712 for you.
10:51 huginn`       Bug https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28712 major, P5 - low, ---, martin.renvoize, Needs Signoff , Printed slips for fees come up empty if no notice is defined for the user's preferred language
10:52 cait          ooh nice one
10:52 cait          i probably won't get to do much testing this week :(
10:52 * ashimema    now wants to split the Dashboard on version.. to make it clear when a Major is against an old branch.
11:33 tcohen        good morning
11:34 oleonard      Hi tcohen
11:34 tcohen        hi oleonard
11:34 wahanui       hi oleopard
12:03 * cait        waves
12:05 vfernandes    hi #koha
12:15 awazez        Hi everyone. I need some help to configure the domain name of my koha instance. I'm trying to set it up.  The DNS, I think is correctly configure. When I ping catalog.bookwarden.com and intranet.bookwarden.com  it is responding correctly. The apache "It works" appears. So according to me everything is find for the DNS setup. BUT I just don't understand what to do after. I think I need to configure the INTRASUFFIX in the /etc/koha/koha-sites.conf.
12:15 awazez        But what do I type ? intranet.bookwarden.com ? Or intra-intra.bookwarden.com ? It's not clear. And is it the only thing I need to do ? Is there some virtual host to configure ? THanks a lot.
12:16 oleonard      awazez: If you see the "it works" page you might try disabling the default site
12:18 cait          if the instance was created before, I think you m ight have to also update some config file after
12:18 cait          but i'd also start with deactivating the default one
12:19 awazez        Ok
12:19 vfernandes    performance question: how to improve XML processing speed using records with hundreds of items?
12:24 awazez        Yeah it seemed  that " site 000-default disabled" is deactivating the default one. Am I right ?
12:29 cait          vfernandes: i think there is a bug open about that right now
12:30 cait          awazez: not sure about the command but 000-dfault reads right
12:34 vfernandes    cat: yes... opened by me (bug #26802)
12:34 huginn`       Bug https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26802 major, P5 - low, ---, koha-bugs, NEW , Improve speed with records with many items
12:35 vfernandes    it's a bug that keeps being reported to us
12:37 vfernandes    I would like to debug it a little more, but I don't know where I should start
12:54 cait          i am not sure if that was the one I saw earlier, but no time to research :(
12:55 cait          maybe check for performance/speed/slow and similar in bugzilla, vfernandes
13:10 jzairo        hello!
13:20 oleonard      I have re-implemented Bug 5697, take a look!
13:20 huginn`       Bug https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5697 enhancement, P5 - low, ---, oleonard, Needs Signoff , Automatic linking in guided reports
14:17 domm          I was asked by a customer why the recent security hole was not registered as a CVE (and so did not show up in some CVE notification service he is using).
14:19 domm          I personally don't care, but if there is any Koha Community guideline or similar regarding CVEs (and/or how to handle security issues) I could point them to this guiedline..
14:19 oleonard-away I don't recall hearing anything about a guideline domm
14:20 domm          ok, I was quite sure that no such guideline exists for Koha, but just wanted to make sure
14:21 oleonard      My search of old emails shows that there is at least one example of someone "requesting" CVE numbers for security vulnerabilities.
14:21 oleonard      I'm not sure what that process is, but perhaps it's something you could do for your customer?
14:21 oleonard      domm: It would also be something you could bring to a developers meeting
14:24 domm          AFAIK one has to report the problem the a CNA (CVE Numbering Authoritie
14:24 domm          )
14:26 domm          which then assigns a number etc. But I'm not sure which CNA would be interested in doing this for Koha (a lot seem to be run by companies for their own products)
14:28 domm          I guess MITRE would be the CNA-LR (CNA of Last Ressort) for Koha: https://www.cve.org/PartnerInformation/ListofPartners/partner/mitre
14:30 domm          For now I will tell the customer that Koha does not create CVEs
14:58 ashimema      well...
14:58 ashimema      we don't go the full CVE route.. but we do 'promote' the bug from the security area in bugzilla into main bugzilla once the fix is out there.
14:59 ashimema      I'm not sure how CVE's work really beyond being a bit more centralised/public?
15:01 domm          AFAIK it's "just" a standard and centralized way to disclose problems. So people might subscribe to CVE, but not to Koha, and thus get notified of a potential problem (and how to fix it), without having to subscribe to ALL the communitys
15:02 tuxayo        > and so did not show up in some CVE notification service he is using
15:02 tuxayo        Interesting, that way customers can know about it and pressure their provider to update.
15:02 domm          tuxayo: for example, yes.
15:03 domm          Or some poor sysadmin can act on her own, without needing to be prodded by somebody three layers of orga away
15:04 tuxayo        In the last 3 years, it seems 10 Koha vulnerabilities have been registered as CVEs
15:04 tuxayo        https://www.cvedetails.com/product/21648/Koha-Koha.html?vendor_id=11706
15:05 tuxayo        domm: indeed!
15:05 ashimema      They tend to get reported if they've come from a paid for penetration test
15:05 ashimema      we've had a few come in that way..
15:06 ashimema      be nice if there were a bit of money up for grabs for fixing these things more often though..  ;)..
15:06 tuxayo        I suppose the number of reported CVEs is good for the track record of security auditors
15:06 ashimema      it's all very well paying a nice hefty some to a hacker to find the flaws but then never funding fixes is a right pain
15:06 tuxayo        indeed ^^"
15:06 * ashimema    has a pet security bugs he keeps chipping away at, but just can't commit enough time to
15:08 tuxayo        ashimema has painted a target on themselves.
15:08 ashimema      ?
15:08 tuxayo        Besides being notified, does anyone know other benefits of registering CVEs ?
15:09 tuxayo        ashimema : you will get attacked to compromise the list and details about your pet security bugs :P
15:09 ashimema      domm.. are you plix.at ?
15:10 domm          ashimema: yes
15:11 tuxayo        You got ssh login attempts coming from plix.at ? XD
15:11 ashimema      they're well known and not major.. but annoying
15:11 ashimema      lol
15:12 domm          :-)
15:13 tuxayo        good ^^"
15:14 tuxayo        I just though there could be support contracts that mention CVE having to be patched in a certain delay.
15:15 oleonard      KohaCon2021 keeps getting more and more confusing.
15:15 ashimema      oh?
15:15 wahanui       oh are there instructions?
15:16 oleonard      "Changes on Kohacon2021 International Confrence dates" on koha-devel.
15:16 oleonard      Now Dec. 13-15.
15:16 ashimema      Joubu may have prompted that
15:17 tuxayo        oh ok they did it
15:17 Joubu         there were some private discussions, after last meeting talks
15:17 ashimema      there was a small email trail trying to understand what was going on..
15:17 Joubu         they were asking me to confirm the date shift, which I hadn't
15:17 ashimema      their quick reply was.. "OK, we change it"..
15:18 Joubu         that's a good thing I think
15:18 ashimema      indeed.. I imagine they're doing a really good job of upsetting anyone who has already booked to go.. which I imagine is all local people.. can't imagine anyone booking to head out there at this point in time.
15:18 tuxayo        Still messy but the result seems good ^^
15:18 ashimema      yeah.. they're trying
15:19 Joubu         they also confirmed the conference will be hybrid with online streaming
15:19 tuxayo        :D
15:20 Joubu         dates are still not accurage on the website then
15:20 Joubu         accurate
16:26 ashimema      cait around still?
16:27 oleonard      Just left
16:30 ashimema      oh well
17:48 oleonard      I think OpacBrowseResults is broken in master but my attempts to git bisect it have failed twice.
17:49 oleonard      Anyone around who can confirm or deny?
18:08 reiveune      bye
18:38 kidclamp      working for me oleonard
18:38 oleonard      :/
18:38 kidclamp      i know, it is the worst answer
18:38 kidclamp      is broken how for you?
18:39 oleonard      The browse links don't show up at all
18:40 kidclamp      https://snipboard.io/R670cT.jpg
18:41 kidclamp      with both ES and zebra, unless it broke since this mornign :-)
20:22 davidnind     @later tell oleonard OPACBrowseResults is working for me on Firefox but not on Google Chrome or Chromium - the browse results block is missing and has block starting with 'Place hold' (with caches cleared, add block turned off, etc)
20:22 huginn`       davidnind: The operation succeeded.