[11:45:08] ema: is commit c1d52916ca good to merge? [11:45:10] in puppetmaster1001 [11:45:23] arturo: yes please [11:45:32] ok merging [11:45:34] ty [11:46:06] for the record, the diff was [11:46:08] https://www.irccloud.com/pastebin/xDCqz80m/ [12:18:48] jbond42, moritzm mayI get a review of https://gerrit.wikimedia.org/r/c/operations/puppet/+/551396? [12:19:27] looking [12:29:03] hmm nice catch the archiva one [12:30:33] commit message updated [12:30:38] thanks although i think it should still be fine. gerrit must be used by at least everyone who uses archiva i guess (although not really familure with archiva) [12:30:58] ack cheers [12:31:10] yeah, I think is fair enough requiring TLSv1.2 to gerrit users [12:31:19] agree [12:31:39] I'm wondering if we have any system using apt.wm.org that's not able to speak TLS1.2 [12:31:51] archiva fragments might be pulled by software with less great TLS, though [12:32:03] but it seems fine to just flip it and revisit if needed [12:32:45] especially if it's older Java JREs [12:35:12] vgutierrez: in relation to apt other then icinga, bots and apt clients i see apt-browser (https://tools.wmflabs.org/apt-browser; tools.apt-browser@tools.wmflabs.org) python-requests/2.22.0" [12:35:51] icinga checks? [12:36:01] cause icinga.wm.o is already enforcing TLSv1.2 IIRC [12:36:36] there most be an icinga check to make sure apt.w.o is avalible as i see useragent check_http/v2.2 [12:37:27] right, but that's able to talk TLSv1.2, as we have some services using the "high" ssl_ciphersuite() settings [12:37:43] s/high/strong/ [12:38:18] like netbox or icinga itself [12:38:23] yes that should be fine, the only one im not sure of/familure with is apt-browser [12:38:46] but it looks like its using requests so im gussing it will be fine as well [12:39:38] assuming a fairly decent version of python yeah [15:12:26] apt::package_from_component is a very nice improvement [15:19:20] I'll also send a mail ops@ next week, but want to confirm everything is working fine with a number of conversions first