LibreTime possesions listing and ownerships

[jooola]

I am unsure if a document listing the possessions and ownership has already been drafted, but it makes sens to make it open source and easily accessible.

I am thinking about things like the domain name 'libretime.org', who owns it, and how much does it cost, this will probably help us maintain the org on the long run. (I am thinking about this mostly because of the whole mess happening around the celery project and it's domain name). Same could go to the discourse / mattermost instance.

This might be a small part of the "spending" document that @paddatrapper is writing.

[paddatrapper]

It should probably be a separate doc, but having one would definitely be a good idea. I see there is a maintainers@libretime.org email address, which I have no idea the state of or if it even still works. So tracking things down and trying to bring them into team maintenance would be great

[paddatrapper]

@hairmare manages the libretime.org domain

[paddatrapper]

There is also @LibreTimeDocBot GitHub account that I would like to know who has access to.

@gusaus has access to the @LibreTimeOSS twitter account and @Robbt and I have access to the YouTube account.

[jooola]

What about having libretime team accounts and share the accounts passwords in this repository (using some encryption tool of course) ?

This should allow multiple users to edit the libretime.org domain name for example.

[paddatrapper]

Where possible we definitely should have team accounts that support multiple individuals using their own credentials. Of our existing possessions GitHub and YouTube support this. Twitter does not, nor would the @LibreTimeDocBot. I don't know about the domain and email, that depends on the provider being used

In terms of where to store the accounts, I'm not sure what the best solution is. Any way we do it will requiring cycling the credentials if anyone with access leaves (as there is no way to provide the passwords in a format that can be entered into a website without the user being able to see them).

[jooola]

@paddatrapper and @jooola are manager of the LibreTime Weblate project.

[jooola]

I think we also really need to list the @libetime.org emails and know where they forward if they are only aliases. I am already wondering what email address should be used for a libretime bot account.

[jooola]

I created the @libretime-bot account.

I will change the account email once we have a shared @libretime.org account. I will share the account credentials once we have a way to share password across the team. Done

[gusaus]

With regards to https://github.com/libretime/organization/issues/7#issuecomment-1092581098 I have access to https://twitter.com/LibreTimeOSS but @hairmare I believe set up the account and is the only one who can set up additional admins.

[paddatrapper]

I have created the libretime NPM team and Maintainers can send me their email or NPM username to be added

[jooola]

I propose to use a domain name provider that is capable of handling teams, like the gandi.net or any other. And we transfer the domain name to it. While we won't change those settings very often, not relying on a single person is preferable.

[paddatrapper]

I agree. And Gandi offers a nice open source discount (at lease for Debian Developers) that we may be able to apply for

[paddatrapper]

I've created a LibreTime Gandi organization. Anyone who wants access should send me their email or Gandi username.

[hairmare]

Bugging me in https://github.com/libretime/libretime/issues/1497#issuecomment-1147299205 worked.

I can't grant access to the current domain management dashboard since neither my DNS provider nor the actual DNS server offer any of that.

I did just recently pay the domain for another year another year tho. So i'd propose switching the NS records to gandi and then doing a domain transfer once we're closer to the current expiry date which is 2023-02-14.

I'm currently trying to get a complete zone transfer on the domain to aid in setting up the gandi DNS but am running into issues accessing the current DNS admin interface.

IIRC the only stuff i set up is these GitHub pages records:

www.libretime.org.  3600    IN  CNAME   libretime.org.
libretime.org.      3598    IN  CNAME   LibreTime.github.io.
LibreTime.github.io.    3598    IN  A   185.199.110.153
LibreTime.github.io.    3598    IN  A   185.199.111.153
LibreTime.github.io.    3598    IN  A   185.199.108.153
LibreTime.github.io.    3598    IN  A   185.199.109.153

There wasn't ever any mail infra, so maintainers@libretime.org never could have worked.

I'll update y'all here once i have a zone transfer ready. If you'd like me to change the NS records to gandi, please let me know which records will be needed (and when to do the switch).

[paddatrapper]

Gandi doesn't support zone management without them providing the domain, so we would need to transfer the domain to manage it via the Gandi team. @hairmare do you want access to the Gandi team? If som please send me the email address you would like the invite to go to. May make managing the transfer easier.

[hairmare]

Ok, it'll be a transfer then, i also think transferring will be easier with access, you can send the invite to my <username>@rabe.ch domain.

I just regained access to the DNS mgmt interface and apart from the domains i already mentioned there is also chat., discourse. as well as a bunch of secret(ish) looking keys. It's all CNAME records which is somewhat surprising, i'd have expected at least some Git Hub Pages A records for the apex domain.

[paddatrapper]

Invite sent

[paddatrapper]

I created a Hetzner account for LibreTime billing. However, it got flagged as suspicious and requires verification that cannot be done (paypal, which is not allowed by OpenCollective, or providing documents that do not exist for LibreTime). I have halted it for the moment. I'll take a look again tomorrow

[gusaus]

@paddatrapper Regarding https://github.com/libretime/organization/issues/7#issuecomment-1147789752 - what issue are you having with Open Collective? Make a payment drawing from https://opencollective.com/libretime? If yes, I think using a virtual card could be a solution https://docs.opencollective.com/help/expenses-and-getting-paid/virtual-cards

[paddatrapper]

We have a virtual card. In order to verify the account, Hetzner requires either a $20 payment from Paypal, which is explicitly banned by OpenCollective - https://docs.opencollective.com/help/expenses-and-getting-paid/virtual-cards#exclusions-and-limitations or submission of ID documents that do not exist for LibreTime. I may be able to submit documents about OpenCollective, but I'll have to see

[gusaus]

@paddatrapper So you couldn't pay with a debit card (which I believe the virtual card essentially does)? If you're still having issues, I'd followup in #community-support in Open Collective's Slack.

[paddatrapper]

I can pay the monthly fees, I just can't do the verification required. I haven't had a chance to try again. My thought was to try once we have an @libretime email, maybe it was flagging the email I was using as suspicious (because it was very similar to my usual Hetzner account)

[gusaus]

Still don't get why a virtual card wouldn't work - regardless, you can file a reimbursement against the collective https://docs.opencollective.com/help/expenses-and-getting-paid/submitting-expenses#reimbursements

[paddatrapper]

Yes I can, but the verification requires a PayPal payment. Which is expressly forbidden by open collective's virtual card terms of service. We have the virtual card and I had that set up in Hetzner, however their verification system for suspicious accounts does not accept a credit card payment through their payment portal. Rather they require an up front PayPal payment to verify

[jooola]

Yes I can, but the verification requires a PayPal payment. Which is expressly forbidden by open collective's virtual card terms of service. We have the virtual card and I had that set up in Hetzner, however their verification system for suspicious accounts does not accept a credit card payment through their payment portal. Rather they require an up front PayPal payment to verify

Didn't they find some other way to validate the process ? What did the support team say ?

[paddatrapper]

The Hetzner support never got back to me. The other verification method is via submitting Identity documentation, which I don't have for OpenCollective and doesn't exist for LibreTime

[jooola]

What is the status on the libretime.org domain transfer ?

[hairmare]

What is the status on the libretime.org domain transfer ?

I made a gandi account and took an initial look at their docs. I've been thinking about maybe using terraform-provider-gandi in a github action to manage the domains but will probably skip that because it's probably overkill (and i'm also not sure how "secret" some of the entries like the discourse validation are).

it's had a somewhat low priority the last few weeks given that it feels like i very recently paid for another year. i did clean up my github notifications settings so i actually notice if you @ me or post to the few remaining threads i still get notified on (like this one). I'm hoping to get back to the domain migration soonish but i've been somewhat swamped with everyone at $WORK wanting to get ready for their summer holidays and my radio schedule been pretty booked with live events that need a broadcast techie.

[jooola]

So I am unsure whether we are waiting for the domain to be near expiration to do the transfer or it is only a lack of time ?

What we can do is to create a team on gandi and share the domain there. No need to setup a terraform infrastructure.

Another option is to save a the gandi api key and sharing id in the Github Action secrets and I will setup a Terraform job to configure the domain from the CI.

GANDI_KEY="MY_API_KEY"
GANDI_SHARING_ID="MY_SHARING_ID"

Hope we can move forward on this.

[paddatrapper]

We already have a Gandi team ready for the domain. I'm happy to get terraform set up in the next few weeks

[paddatrapper]

Does anyone have control of the libretime docker hub organization? https://hub.docker.com/u/libretime

[jooola]

Maybe it's obvious, but I don't.

[Robbt]

I suspect that the docker organization was setup by @ned-kelly who was the person who did work on a docker fork back in 2018.

[jooola]

I wrote an email to @ned-kelly, I'll wait for his answer.

[jooola]

Maybe things we are missing:

• PyPI account ?
• Coverage service ?
• Hetzner account ? (I guess this can be marked as WIP as we need the libretime emails to properly set the account ?)

And some other questions:

• How to get access from unresponsive people ? Dumb question I know, but this is really annoying.
• What with the password vault you setup some time ago @paddatrapper ? I had some issue with the libretime org and I couldn't share the libretime-bot github account. Having a flatfile database seem more convenient to me. We might need to put a note about this here too.

[paddatrapper]

PyPI account ?

I don't believe there is one yet?

Coverage service ?

Which coverage service?

Hetzner account ?

Hasn't been created yet. Yeah, waiting for emails

How to get access from unresponsive people ? Dumb question I know, but this is really annoying.

I'm not sure. We've tried all the communication avenues I can think of

What with the password vault you setup some time ago

It is still up and running. I use it with no issues for work. What problem are you having and have you tried recently? I'm not sure about a flat-file DB as we then have to manage access to that somehow

[paddatrapper]

I can see libretime-bot in the password store

[jooola]

I can see libretime-bot in the password store

I don't, I added it once, but never had access to it afterwards. There was some weird things about me not being able to join the org.

[jooola]

Which coverage service?

I didn't set it up, so I am unsure if it is tied to Github or if they require a separate account: https://app.codecov.io/gh/libretime/libretime/

I'm not sure. We've tried all the communication avenues I can think of

Could someone annoy @ned-kelly on Twitter for the docker hub organization access ?

[paddatrapper]

I didn't set it up, so I am unsure if it is tied to Github or if they require a separate account: https://app.codecov.io/gh/libretime/libretime/

Ah, right. That just uses GitHub

Could someone annoy @ned-kelly on Twitter for the docker hub organization access ?

@gusaus, @hairmare? I don't have twitter

[gusaus]

As mentioned in https://github.com/libretime/organization/issues/7#issuecomment-1097146807, I have access but I believe @hairmare is the owner and the only one who can give folks admin/owner access.

[paddatrapper]

I mean DM @ned-kelly on twitter to try get hold of him about the docker hub org

[jooola]

We recently got access to the domain and the docker namespace, so I would say this issue is now resolved.

I don't have any other services/account in mind that needs attention.

Everything should be listed in https://github.com/libretime/organization/blob/main/possessions.md