IRC log for #koha, 2021-11-09

All times shown according to UTC.

Time S Nick Message
05:55 lmstrand joined #koha
06:07 chriss joined #koha
06:08 koha-jenkins Yippee, build fixed!
06:08 wahanui Congratulations!
06:08 koha-jenkins Project Koha_Master build #1814: FIXED in 1 hr 10 min: https://jenkins.koha-community[…]Koha_Master/1814/
07:31 reiveune joined #koha
07:31 reiveune hello
07:31 cait joined #koha
07:48 alex_a joined #koha
07:48 alex_a Bonjour
07:52 lds joined #koha
09:12 ashimema mornin' #koha
09:52 alex_a joined #koha
09:53 ashimema ooh..
09:54 ashimema does GetPreparedLetter not fall back through languages
09:56 ashimema looks like it should
10:11 * cait waves
10:11 cait i am back, have you rewritten all the things yet?
10:43 ashimema lol
10:43 ashimema I tracked down your lang for slips bug
10:51 ashimema cait : I just wrote a patch for bug 28712 for you.
10:51 huginn` Bug https://bugs.koha-community.or[…]_bug.cgi?id=28712 major, P5 - low, ---, martin.renvoize, Needs Signoff , Printed slips for fees come up empty if no notice is defined for the user's preferred language
10:52 cait ooh nice one
10:52 cait i probably won't get to do much testing this week :(
10:52 * ashimema now wants to split the Dashboard on version.. to make it clear when a Major is against an old branch.
11:00 Jeremyb joined #koha
11:33 tcohen good morning
11:34 oleonard Hi tcohen
11:34 tcohen hi oleonard
11:34 wahanui hi oleopard
12:03 * cait waves
12:05 vfernandes joined #koha
12:05 vfernandes hi #koha
12:13 alex_a joined #koha
12:14 awazez joined #koha
12:15 awazez Hi everyone. I need some help to configure the domain name of my koha instance. I'm trying to set it up.  The DNS, I think is correctly configure. When I ping and  it is responding correctly. The apache "It works" appears. So according to me everything is find for the DNS setup. BUT I just don't understand what to do after. I think I need to configure the INTRASUFFIX in the /etc/koha/koha-sites.conf.
12:15 awazez But what do I type ? ? Or ? It's not clear. And is it the only thing I need to do ? Is there some virtual host to configure ? THanks a lot.
12:16 oleonard awazez: If you see the "it works" page you might try disabling the default site
12:18 cait if the instance was created before, I think you m ight have to also update some config file after
12:18 cait but i'd also start with deactivating the default one
12:19 awazez Ok
12:19 vfernandes performance question: how to improve XML processing speed using records with hundreds of items?
12:24 awazez Yeah it seemed  that " site 000-default disabled" is deactivating the default one. Am I right ?
12:29 cait vfernandes: i think there is a bug open about that right now
12:30 cait awazez: not sure about the command but 000-dfault reads right
12:31 lds joined #koha
12:31 jzairo joined #koha
12:34 vfernandes cat: yes... opened by me (bug #26802)
12:34 huginn` Bug https://bugs.koha-community.or[…]_bug.cgi?id=26802 major, P5 - low, ---, koha-bugs, NEW , Improve speed with records with many items
12:35 vfernandes it's a bug that keeps being reported to us
12:37 vfernandes I would like to debug it a little more, but I don't know where I should start
12:54 cait i am not sure if that was the one I saw earlier, but no time to research :(
12:55 cait maybe check for performance/speed/slow and similar in bugzilla, vfernandes
13:10 jzairo hello!
13:16 magnuse_ joined #koha
13:20 Dyrcona joined #koha
13:20 oleonard I have re-implemented Bug 5697, take a look!
13:20 huginn` Bug https://bugs.koha-community.or[…]w_bug.cgi?id=5697 enhancement, P5 - low, ---, oleonard, Needs Signoff , Automatic linking in guided reports
14:17 domm I was asked by a customer why the recent security hole was not registered as a CVE (and so did not show up in some CVE notification service he is using).
14:19 domm I personally don't care, but if there is any Koha Community guideline or similar regarding CVEs (and/or how to handle security issues) I could point them to this guiedline..
14:19 oleonard-away I don't recall hearing anything about a guideline domm
14:20 domm ok, I was quite sure that no such guideline exists for Koha, but just wanted to make sure
14:21 oleonard My search of old emails shows that there is at least one example of someone "requesting" CVE numbers for security vulnerabilities.
14:21 oleonard I'm not sure what that process is, but perhaps it's something you could do for your customer?
14:21 oleonard domm: It would also be something you could bring to a developers meeting
14:24 domm AFAIK one has to report the problem the a CNA (CVE Numbering Authoritie
14:24 domm )
14:26 domm which then assigns a number etc. But I'm not sure which CNA would be interested in doing this for Koha (a lot seem to be run by companies for their own products)
14:28 domm I guess MITRE would be the CNA-LR (CNA of Last Ressort) for Koha:[…]ers/partner/mitre
14:30 domm For now I will tell the customer that Koha does not create CVEs
14:58 ashimema well...
14:58 ashimema we don't go the full CVE route.. but we do 'promote' the bug from the security area in bugzilla into main bugzilla once the fix is out there.
14:59 ashimema I'm not sure how CVE's work really beyond being a bit more centralised/public?
15:01 domm AFAIK it's "just" a standard and centralized way to disclose problems. So people might subscribe to CVE, but not to Koha, and thus get notified of a potential problem (and how to fix it), without having to subscribe to ALL the communitys
15:02 tuxayo > and so did not show up in some CVE notification service he is using
15:02 tuxayo Interesting, that way customers can know about it and pressure their provider to update.
15:02 domm tuxayo: for example, yes.
15:03 domm Or some poor sysadmin can act on her own, without needing to be prodded by somebody three layers of orga away
15:04 tuxayo In the last 3 years, it seems 10 Koha vulnerabilities have been registered as CVEs
15:04 tuxayo[…]l?vendor_id=11706
15:05 tuxayo domm: indeed!
15:05 ashimema They tend to get reported if they've come from a paid for penetration test
15:05 ashimema we've had a few come in that way..
15:06 ashimema be nice if there were a bit of money up for grabs for fixing these things more often though..  ;)..
15:06 tuxayo I suppose the number of reported CVEs is good for the track record of security auditors
15:06 ashimema it's all very well paying a nice hefty some to a hacker to find the flaws but then never funding fixes is a right pain
15:06 tuxayo indeed ^^"
15:06 * ashimema has a pet security bugs he keeps chipping away at, but just can't commit enough time to
15:08 Oak joined #koha
15:08 tuxayo ashimema has painted a target on themselves.
15:08 ashimema ?
15:08 tuxayo Besides being notified, does anyone know other benefits of registering CVEs ?
15:09 tuxayo ashimema : you will get attacked to compromise the list and details about your pet security bugs :P
15:09 ashimema domm.. are you ?
15:10 domm ashimema: yes
15:11 tuxayo You got ssh login attempts coming from ? XD
15:11 ashimema they're well known and not major.. but annoying
15:11 ashimema lol
15:12 domm :-)
15:13 tuxayo good ^^"
15:14 tuxayo I just though there could be support contracts that mention CVE having to be patched in a certain delay.
15:15 oleonard KohaCon2021 keeps getting more and more confusing.
15:15 ashimema oh?
15:15 wahanui oh are there instructions?
15:16 oleonard "Changes on Kohacon2021 International Confrence dates" on koha-devel.
15:16 oleonard Now Dec. 13-15.
15:16 ashimema Joubu may have prompted that
15:17 tuxayo oh ok they did it
15:17 Joubu there were some private discussions, after last meeting talks
15:17 ashimema there was a small email trail trying to understand what was going on..
15:17 Joubu they were asking me to confirm the date shift, which I hadn't
15:17 ashimema their quick reply was.. "OK, we change it"..
15:18 Joubu that's a good thing I think
15:18 ashimema indeed.. I imagine they're doing a really good job of upsetting anyone who has already booked to go.. which I imagine is all local people.. can't imagine anyone booking to head out there at this point in time.
15:18 tuxayo Still messy but the result seems good ^^
15:18 ashimema yeah.. they're trying
15:19 Joubu they also confirmed the conference will be hybrid with online streaming
15:19 tuxayo :D
15:20 Joubu dates are still not accurage on the website then
15:20 Joubu accurate
16:01 rkrimme1 joined #koha
16:15 cait left #koha
16:26 ashimema cait around still?
16:27 oleonard Just left
16:30 ashimema oh well
17:48 oleonard I think OpacBrowseResults is broken in master but my attempts to git bisect it have failed twice.
17:49 oleonard Anyone around who can confirm or deny?
18:08 reiveune bye
18:08 reiveune left #koha
18:38 kidclamp working for me oleonard
18:38 oleonard :/
18:38 kidclamp i know, it is the worst answer
18:38 kidclamp is broken how for you?
18:39 oleonard The browse links don't show up at all
18:40 kidclamp
18:41 kidclamp with both ES and zebra, unless it broke since this mornign :-)
19:25 lukeg joined #koha
19:45 davidnind joined #koha
20:22 davidnind @later tell oleonard OPACBrowseResults is working for me on Firefox but not on Google Chrome or Chromium - the browse results block is missing and has block starting with 'Place hold' (with caches cleared, add block turned off, etc)
20:22 huginn` davidnind: The operation succeeded.

| Channels | #koha index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary