Sunset mattermost.eclipse.org
I need a status update for mattermost. From a securirty standpoint, it is out of date and a liability. In the immediate terms, it needs an SSL protocol update and likely an OS refresh.
The EF does not have the resources to take on this service. If the current owner cannot assume its continuity, we must plan on shutting it down.
/cc @jreimann
Activity
assigned to @droy
added Security priorityhigh ~24524 team:infra team:security labels
I agree something has to be done! I will work on an OS upgrade today.
Two things crossed my mind in any case:
a) Mattermost didn't take off as hoped for. The EF now uses Slack, and Mattermost seems to emphasize their OpenSource model. At the same time Matrix seems to have a lot more adoption in "open source chat" anyway.
b) SSO/OpenIDConnect/OAuth2 was never really supported by the open source version. That additional user database was always a troublemaker.
c) I do know some projects use it. So just shutting it down seems the wrong approach. But I think we should make plans to migrate away from it. Keeping it up to date until then.
The EF will be investigating Matrix (#1558 (closed)) but it's not a firm commitment to provising the service in production.
I have no problems with your option c), but I think the intention should be communicated. Unfortunately, EF doesn't have cycles to participate here, and a stale OS/SSL config is a security liability for us
Are you willing to communicate the intent of c) on, say, the eclipse.org-committers mailing list, and refer back to this issue?
removed team:security label
removed Security label
From the cross-project-issues-dev mailing list: https://www.eclipse.org/lists/cross-project-issues-dev/msg19447.html
"A bit over 6 years ago, we started a test of Mattermost at the Eclipse Foundation [1]. The idea was to offer a modern, open source chat service to Eclipse Foundation projects. Just recall, at that time IRC was the cool stuff.
It is running up until today and I continue to lurk in some channels. Posting questions/answers myself from time to time. The instance has ~3000 users, ~200 channels, and ~50 active users a day. So it looks like people do use it.
Now the problem, from the beginning, was that Mattermost used an “open-core model”. Yes, Mattermost is open source, but things like OAuth2 were not. The reason why we could never pair this with the Eclipse Foundation SSO service. It also gets harder to maintain the instance itself. Mattermost upgrades had always been super trivial. But it feels like the focus is more an “as a service” experience now. And, updating to the most recent “open source version” got trickier over time.
That led to the situation that the instance isn’t up-to-date anymore. Sure, that is something that could be fixed. But the situation also is that a lot of Eclipse projects did adopt services like Slack or Gitter. Which provide a service that projects need and like. And while the “open core” part of Mattermost feels stagnating, other open source communication projects seem to thrive. Most notably Matrix, which supports a federated approach, just like IRC.
The question now is, what is the point in maintaining a communication platform that is practically a silo? If you want a web based service, I think it is fine to just adopt a service the Eclipse Foundation supports, like Slack or Gitter.
And if you are a fan of open source, decentralized services too, maybe check out GitLab issue #1558 (closed) [2], because the Eclipse Foundation is looking at Matrix too.
TL;DR – We are sunsetting Mattermost at Eclipse. The goal is to shut down the service mid 2023. As communication is essential, we will not just pull the plug! But we also need to find a way to migrate workload (channels) off the server.
If this causes trouble for you, I apologize. It also causes trouble for me
It was the right thing back then, things have changed, let’s adapt."
/cc @jmazanek4ep
mentioned in issue #497 (closed)
@droy @jreimann Hello
@benlloydpearson I think that is a great offer, and shouldn't be different compared to the other Slack instances that exist. But as I will neither maintain that, nor would be a heavy user, I will leave that up to others.
Just out of curiosity: would it be possible to import the data of the existing instance?
Over the last years Mattermost got more important for interacting with the community of the Eclipse 4diac project. I find it especially good that it is something somehow hosted at EF. I understand the troubles you have and I also understand that it should be replaced. But having something similar for Eclipse projects at EF premises would IMHO be needed. As pointed out above Matrix seems to me a good replacement. Especially if hosting it comes with little effort for the EF team.
Mattermost is an integral part of our team communication here at Eclipse SUMO especially for the persistent chats it offers. Of course we would love to keep it! There is also a mattermost instance at the Helmholtz foundation https://mattermost.hzdr.de/login which the DLR (my employer and Eclipse supporter) is a part of. I could ask if they are willing to host Eclipse stuff as well and whether they are willing to support Eclipse as OAuth source. Moving to a closed system like slack is no alternative to me but we might also have a look at matrix and would ask for migration support if the EF decides that way.
I asked the Helmholtz foundation and while they would support us in moving the Eclipse SUMO channel they cannot support the whole Eclipse mattermost. We are still discussing what to do and will definitely try out the matrix. Do you know whether there will be support in moving the current mattermost contents into matrix? Is it possible to configure matrix in a way that some channels are publicly visible (I mean without a login like the public email archive)?
Edited by Michael BehrischI don't think it is feasible to migrate the content of mattermost to matrix.
You don't need to sign up for an account with the Eclipse matrix instance, or matrix.org. You can actually self-host an instance, and federate with the Eclipse matrix server. That is at the core of Matrix. So do have a personal matrix instance, and still participate in conversations. People can see that by looking at my account handle (which has a different domain). Just like e-mail
But I guess you are looking for a way to just read a channel without every logging in to matrix. I am not sure this is possible. I think Gitter.im does it, and that is (to my understanding) based on Matrix too. So it should be possible in general.
Our internal discussions at Eclipse SUMO are heading towards the usage of the Helmholtz mattermost instance. The question is how do we migrate the data? Can we give you a list of channels and you give us an export of them? There is also an export channel plugin https://github.com/mattermost/mattermost-plugin-channel-export but it seems to require an enterprise license. Any ideas are much appreciated!
While there is the technical aspect of migrating data. I also think there is a legal aspect.
People "contributed" data to the Mattermost instance of Eclipse under the impression this data goes into the Eclipse Foundation. Taking that data and migrating it to the Helmholtz Association might require the consent of everyone. But, I will leave that for others to sort out.
From a technical perspective, this is exactly what annoys me about Mattermost. This is part of the reason why I think it makes more sense to adopt Matrix.
But, after having solved the legal aspect, there is a PostgreSQL database in the background. So you might get away with a few SQL commands ;-)
Just focusing on the "trial license" for a minute, this is what I have in the admin UI:
It does not mention any "trial". So I don't think this is an option. Putting away the legal data aspect for a moment, I would recommend reaching out to Mattermost and explain this to them. Maybe you can get an Enterprise license for the Helmholtz instance which covers this.
I was referring to these docs: https://docs.mattermost.com/about/editions-and-offerings.html#mattermost-enterprise
I see, it seems you need to deploy the enterprise binary and deploying that with the current database is probably a bit risky. Maybe @benlloydpearson knows something about it? BTW: Having Enterprise features on the Helmholtz instance would not help here. We just need them to install the export channel plugin.
Edited by Michael Behrisch@jreimann @mbehrischv52 has there been any progress on your part in this discussion?
The Eclipse Foundation matrix service is now in production: https://chat.eclipse.org/docs/faq/
I propose we shut this service down on July 3rd, 2023 .
We would keep the image around for a few months if there are some decisions regarding the legal concerns around transferring the data, and if the team is able to proceed with the import we could temporarily restart the service to allow that to happen. Otherwise Webmaster will simply remove the image in December 2023.
Thoughts?
Sounds reasonable. I would only ask that we make a decision so that we can actually communicate that date and people know when then is going to happen. I can send out the information on Mattermost once we did this.
Regarding the import/export of data, that topic came up again on the Mattermost instance. I think it makes sense there to to come up with a decision/statement about the legal aspect of this. Is ok, or not. I think @droy already said that earlier, but maybe we need to be extra clear on this.
I've sent a note to our DPO asking for a specific opinion(yes or no), but I happen to agree with your earlier comment that this is legally(and ethically) tricky at best, so we should presume it's not possible, and we can always put things on hold for a short time if it turns out the data can be transferred.
Jens, since you're the one that's been managing this, if you are ok with the suggested timing I think that's good enough to notify the community of the shutdown schedule and we can proceed from there. Would you like Webmaster to send a note on any of the mailing list to broaden the reach?
Not being a legal expert, but I think the situation is a bit like this:
Your own data, the chat messages you posted, can be exported by yourself. This is your personal data. I would expect that you can do with this as you like.
The problem is other people's data, which they submitted under the idea that it will be used for a specific use case: collaborating through a community chat.
And this data, you cannot export or use in another way.
Which to my understanding is also covered by GDPR. The right of me (Jens) to be sure that the Eclipse Foundation does not hand out my data to 3rd parties (you in this case) without my permission. Except for the original use case, which is chat.
I am not sure about the implications of a "personal backup" and what responsibilities that brings to you. I am pretty sure it is not the "upload" which is problematic, but the "making it available to others" part. Which can be all from uploading, to just showing the data to others on your screen, or accidentally leaking it.
@droy @webmaster July 3rd has passed, but the instance is still running. I think it is time to shut it down as announced.
Sorry about that, my calendar popped a notice and it then got lost while I was doing something else.
I've shutdown the instance and tagged it for cleanup, and the DNS entry has been removed as well.
Thanks for the nudge @jreimann !
