VOTE: hardware 2FA for project sensitive access
by Marc Jeanmougin
Dear leadership committee,
Your attention is required to vote on the following matters:
Background:
Some contributors have, or need to have, access to social media accounts
to post on the behalf of the project, or to infrastructure accounts,
most importantly gitlab. For computer security, we would like to protect
those accesses with a safe 2FA method, and the safest method to avoid
impersonation and phishing attacks is a 2FA hardware token with FIDO2 or
U2F. Then we would be able to set a policy to enforce 2fa when
contributors need access to passwords that would be shared on nextcloud,
or to contributors with "owner" access to gitlab projects.
The most common such token is the Yubikey (45€/$ a piece+10
tax+5shipping) but there are equivalents with open hardware component
and open source software (e.g. solokeys at 35€/$ incl. tax +5€ shipping,
or nitrokey ). As for the amount of people, the vectors team has around
10-15 people with some level of access to passwords of the project, 4
people do not have 2FA and have "owner" access to the whole gitlab
project, + 2 "maintainer" access to inkscape/inkscape (and more in other
sub-projects). We also have the possibility to offer it to all regular
contributors for whom it would be useful.
It is yet to be seen whether we could have a discount by asking, or if
there is a way to pay for the whole order and get a single reimbursement
instead of reimbursing individual contributors
Ballot:
a. Reimburse up to 2000 USD for password and project protection, and
also offering it to contributors who have been in the project for more
than a year and ask for it (implies support for option b)
b. Reimburse up to 1000 USD to protect the project's passwords on
nextcloud and gitlab project access (only contributors who have access
to nextcloud, and gitlab maintainer or owner access)
c. Do not do it
d. Other (please specify)
Thanks!
--
Marc
1 year, 2 months
PLC Status Meeting - Notes
by doctormo@gmail.com
Dear all,
Thanks to everyone who could make this month's meeting.
Compressed notes below, full transcript is on the IRC/rocket chat log
for archiving.
Best Regards, Martin Owens
==== START MEETING 1:10pm EST ====
Welcome everyone!
Appologies from: ted, karen, scislac
Absent but mentioned: Tav, ryan gorley
* Financial status (ted) - https://inkscape.org/budget/inkscape/
- pono: We've been a bit behind with PayPal imports, so there are ~2
months of donations that haven't been accounted for
- pono: We're also continuing the work investigating other donation
platforms. Unfortunately we hit a roadblock and are needing to
reconsider our approach there. But hopefully we'll make some progress
over the summer.
- doctormo: We're expecting a bump from the release, previous months
might not be a true guide. But it's ok, we can be patient.
* Student programs (Outreachy, GSoC, etc) (@Tav)
- Mc: yup, all's good afaict
* Developer update / release feedback (Mc)
- Mc: well, things are progressing I think - feedback for 1.2 is
mostly positive, with some minor complaints of removed features
* Vectors update (@ryangorley)
- c.rogers: Nothing to report until after the meeting tomorrow.
* Updated Fiscal Sponsorship Agreement (ted/karen)
- Deffered, people not at the meeting
* Administrator job process status (@doctormo/@pono)
- pono: the list of questions has been finalized, but i need to get
caught up on the email thread
- prkos: The Job applications review are around about half done. We
have come up with what we believe to be objective way to grade the
applications
- pono: Okay, I'll get those sent out today and then forward them back
to the list as they come in
- doctormo: I'm particually impressed by the spreadsheets you guys
have drawn up to fairly rank according to what we want. Nice work!
* Current Votes Status
- No active votes
* Next Meeting: July 1st, 2022 - https://inkscape.org/cals/event/46/
==== END MEETING 1:37pm EST ===
1 year, 3 months
Spreadshirt hacked? Fwd: Your personal data has been changed
by doctormo@gmail.com
Hey all,
I got a few messages of the password being reset for the spreadshirt
account, and now this message about our details being changed.
We don't sell a lot or promote the spreadshit shop, but I want to make
sure this was an authorised change?
Best Regards, Martin Owens
1 year, 3 months
Re: Legal: Agreement to use Inkscape as a prop on a TV show (NZ)
by Martin Owens
On Fri, 2022-06-10 at 15:33 -0400, Karen M. Sandler wrote:
> Thanks, we also got an email directly to trademark@, and I responded
> to
> them yesterday asking what rights they needed beyond those which are
> granted with the free licensing and asking if they were able to
> provide
> any indication that it was Inkscape being used. I haven't heard back
> yet.
Interesting! and Thanks for the swift reply Karen,
They've indicated today that they followed up in our chat room¹ because
they didn't get a response.
I also asked a similar question, but they were no able to give an
answer (see chat log from today)
Best Regards, Martin Owens
¹ https://chat.inkscape.org/channel/leadership_committee
1 year, 3 months
Vote: Apple Developer Renewal 2022
by tavmjong@free.fr
It's that time of year:
Background:
-----------
René de Hesselle (RdH) has been preparing our OSX builds for a while, to do that he needs to be able to sign them with an Apple Developer Account. We have reimbursed him last year for this account so that he could continue to sign builds for Inkscape. This is to renew that account so he can continue to sign OSX builds.
Proposal:
---------
Reimburse RdH for the membership renewal expenses for Apple's developer program. This is estimated to cost 99€.
Votes:
------
a. Reimburse RdH for the program
b. No, cease participation in Apple's Developer Program
c. Other: ________
1 year, 3 months