diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index 52cb947..dbd7b2b 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -1,5 +1,6 @@
 # service news
 
+* 2024-10-20 - Created forge group, mailinglist and git repo.
 * 2024-08-31 - DoS on git:// protocol took anonymous-git down for a few hours; https: & ssh: continued working.
 * 2024-06-03 - Level3 internet backbone DNS PTR screwup in Europe made some outgoing sourceware+subnet mail undeliverable in Europe.
 * 2023-12-04 - Fiber cut & ISP routing problems resulting in partial network unreachability.

diff --git a/Email.mdwn b/Email.mdwn
index d9779fc..becde03 100644
--- a/Email.mdwn
+++ b/Email.mdwn
@@ -26,6 +26,11 @@
     # chmod 640 FILE.html  # not 000, leads to /var/log/mailman/error
 </pre>
 
+* To remove an inbox.sourceware.org message from the html,nntp,imap archives as inbox admin do:
+<pre>
+    $ curl https://inbox.sourceware.org/..../raw | public-inbox-learn spam
+<pre>
+
 ### pre-2019 historical information
 
 

diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index 5b22f69..52cb947 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -1,5 +1,7 @@
 # service news
 
+* 2024-08-31 - DoS on git:// protocol took anonymous-git down for a few hours; https: & ssh: continued working.
+* 2024-06-03 - Level3 internet backbone DNS PTR screwup in Europe made some outgoing sourceware+subnet mail undeliverable in Europe.
 * 2023-12-04 - Fiber cut & ISP routing problems resulting in partial network unreachability.
 * 2023-11-20 - Fiber cut & ISP routing problems resulting in partial network unreachability.
 * 2023-10-15 - ARC milter configured.

diff --git a/DoS.mdwn b/DoS.mdwn
index 4fe1613..47d61c1 100644
--- a/DoS.mdwn
+++ b/DoS.mdwn
@@ -9,7 +9,7 @@ fail2ban-client status postfix
 fail2ban-client status moinmoin
 </code></pre>
 
-* httpd blocklist (no longer used)
+* httpd blocklist
 
 <pre><code>
 /etc/httpd/conf.d/block.include*

diff --git a/UseridPolicy.mdwn b/UseridPolicy.mdwn
index 9dd3fcc..ee5a521 100644
--- a/UseridPolicy.mdwn
+++ b/UseridPolicy.mdwn
@@ -29,8 +29,7 @@ These get normal userids (>= 1000), and one of the following gids to identify th
 
     `# usermod -g 1001 -G "" -s /sbin/nologin USERID`
 
-No password (`useradd -p x`), no `/etc/shadow` record either: ssh-only logons for now.
-
+Our accounts use no password (`useradd -p x`), no `/etc/shadow` record either: ssh-only logons.
     `# getent passwd USERID; id USERID`
 
 

diff --git a/UseridPolicy.mdwn b/UseridPolicy.mdwn
index 6505e25..9dd3fcc 100644
--- a/UseridPolicy.mdwn
+++ b/UseridPolicy.mdwn
@@ -18,10 +18,15 @@ These get normal userids (>= 1000), and one of the following gids to identify th
 
 * 1000 (developer, the usual)
 * 1001 (absent or retired developers, reserving the userid) 
+
     `# usermod -g 1001 USERID`
+
   This can be reversed with
+
     `# usermod -g 1000 USERID`
+
   For users who are likely gone forever, consider `/sbin/nologin` as the shell.
+
     `# usermod -g 1001 -G "" -s /sbin/nologin USERID`
 
 No password (`useradd -p x`), no `/etc/shadow` record either: ssh-only logons for now.

diff --git a/UseridPolicy.mdwn b/UseridPolicy.mdwn
index 007da27..6505e25 100644
--- a/UseridPolicy.mdwn
+++ b/UseridPolicy.mdwn
@@ -17,14 +17,16 @@ Since these are maintained by sourceware users and/or overseers, these get norma
 These get normal userids (>= 1000), and one of the following gids to identify their general role: 
 
 * 1000 (developer, the usual)
-* 1001 (emeritus developer whom we're not expecting to ever log on again, just reserving the name;)  
-  Such users should have `/sbin/nologin` as the shell.
-
-    # usermod -g 1001 -G '' -s /sbin/nologin USERID
+* 1001 (absent or retired developers, reserving the userid) 
+    `# usermod -g 1001 USERID`
+  This can be reversed with
+    `# usermod -g 1000 USERID`
+  For users who are likely gone forever, consider `/sbin/nologin` as the shell.
+    `# usermod -g 1001 -G "" -s /sbin/nologin USERID`
 
 No password (`useradd -p x`), no `/etc/shadow` record either: ssh-only logons for now.
 
-    # getent passwd USERID; id USERID
+    `# getent passwd USERID; id USERID`
 
 
 # group assignments

diff --git a/aging.mdwn b/aging.mdwn
new file mode 100644
index 0000000..8778063
--- /dev/null
+++ b/aging.mdwn
@@ -0,0 +1,9 @@
+Account aging!
+
+* /sourceware/infra/bin/list-ssh-login produces a report of every gid=1000 user who has or hasn't logged on, as per given /var/log/secure* log files (containing ssh authentication records)
+
+* /sourceware/infra/bin/list-ssh-login-email mass-emails those who are passive.
+
+* /sourceware/infra/bin/user-retire retires a single given user
+
+NB: the above scripts deal with access at the individual account level, not the shared-account per-key level.

diff --git a/index.mdwn b/index.mdwn
index 538a9bd..91b936b 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -29,6 +29,7 @@
     * server3.sourceware.org - warm backup
 * project hosting policies
 * account policies
+    * [[aging]]
     * [request queue](https://sourceware.org/cgi-bin/pdw/queue.cgi)
     * approval policies:
         * gcc: [maintainers](https://gcc.gnu.org/gitwrite.html), approvers: maintainers, not just write-after-approval

diff --git a/sourceware_security_posture.mdwn b/sourceware_security_posture.mdwn
index 993f62e..1c25bfe 100644
--- a/sourceware_security_posture.mdwn
+++ b/sourceware_security_posture.mdwn
@@ -1,6 +1,3 @@
-DRAFT DRAFT DRAFT
-
-
 The overseers sometimes hear questions similar to "how secure is sourceware"?
 While such a vague question may deserve a half-hearted "secure enough" response,
 let's address it deeper.

diff --git a/sourceware_security_posture.mdwn b/sourceware_security_posture.mdwn
index 2818ae0..993f62e 100644
--- a/sourceware_security_posture.mdwn
+++ b/sourceware_security_posture.mdwn
@@ -76,6 +76,8 @@ Only the handful of overseers can login to the root account via ssh.
 
 Password authentication for shell/git access is entirely disabled (ssh pubkeys only), partly to prevent dictionary type attacks.
 
+Long-unused userids are periodically retired to "emeritus" status.
+
 * Web services
 
 Sourceware operates several web services (bugzilla, wikis, patchwork, bunsen, gitweb, cygwin catalogs).  All but the trivial ones tend to run as reverse-proxied daemons running under distinct unprivileged userids.  There is some denial-of-service protection in place.

diff --git a/sourceware_security_posture.mdwn b/sourceware_security_posture.mdwn
index afa2cf5..2818ae0 100644
--- a/sourceware_security_posture.mdwn
+++ b/sourceware_security_posture.mdwn
@@ -29,7 +29,7 @@ Naturally, every snippet of software running is free/open-source software.
 
 * No secrets
 
-Sourceware aims to store no secrets in the form of credentials, crypto data, or even user content that would be a sensible target for an intruder.  There is approximately nothing worth breaking in for.  Even accidental exposure of much configuration or other such data is harmless, because confidentiality is not a factor.
+Sourceware aims to store no secrets in the form of credentials, crypto data, or even user content that would be a sensible target for an intruder.  There is approximately nothing confidential worth breaking in for.  Even accidental exposure of much configuration or other such data is harmless, because confidentiality is not a factor.
 
 * Choice
 

diff --git a/sourceware_security_posture.mdwn b/sourceware_security_posture.mdwn
index 807b194..afa2cf5 100644
--- a/sourceware_security_posture.mdwn
+++ b/sourceware_security_posture.mdwn
@@ -72,7 +72,7 @@ Some project maintainers receive normal shell access, which lets them hand-manag
 
 Instead of first-class userids for contributors, some projects use gitolite with its nested authentication system.  Contributors for these projects do not have distinct userids, and are instead managed by the projects' gitolite administrators.
 
-Overseers can login to the root account via ssh.  
+Only the handful of overseers can login to the root account via ssh.  
 
 Password authentication for shell/git access is entirely disabled (ssh pubkeys only), partly to prevent dictionary type attacks.
 

diff --git a/sourceware_security_posture.mdwn b/sourceware_security_posture.mdwn
index 812b849..807b194 100644
--- a/sourceware_security_posture.mdwn
+++ b/sourceware_security_posture.mdwn
@@ -5,46 +5,91 @@ The overseers sometimes hear questions similar to "how secure is sourceware"?
 While such a vague question may deserve a half-hearted "secure enough" response,
 let's address it deeper.
 
+<hr>
 # History
 
 Sourceware has been operating since 1998.  During those 25+ years of operation,
 we recall a total of two security incidents, with the last one occurring over a
 decade ago.  We know of no case of a software repo suffering unauthorized change.
 
+<hr>
 # Principles
 
-## Simplicity
+* Simplicity
 
 We run the simplest software configuration possible to get the job done.  Old school UNIX packages and mechanisms are lightweight and well-understood, so we prefer them when they are sufficient.  The infrastructure is minimal and fits well even a single server.
 
-## Intimacy
+* Intimacy
 
-Sourceware caters to a relatively small user base of a few thousand developers for a few dozen projects.  At that scale, we can keep open direct communications with the project maintainers and even users.  There is no business or informal urge to keep growing, so we can stay a personal scale community.
+Sourceware caters to a relatively small user base of a few thousand developers for a few dozen projects.  At that scale, we can keep open direct communications with the project maintainers and even users.  There is no business-driven or informal urge to keep growing, so we can stay a personal scale community.
 
-## Free/Open-Source
+* Free/Open-Source
 
 Naturally, every snippet of software running is free/open-source software.
 
-## No secrets
+* No secrets
 
-Sourceware aims to store no secrets in the form of credentials, crypto data, or even user content that would be a sensible target for an intruder.  There is approximately nothing worth breaking in for.
+Sourceware aims to store no secrets in the form of credentials, crypto data, or even user content that would be a sensible target for an intruder.  There is approximately nothing worth breaking in for.  Even accidental exposure of much configuration or other such data is harmless, because confidentiality is not a factor.
 
-## Choice
+* Choice
 
 The needs of software projects hosted at sourceware are similar but also vary.  Because sourceware is small, we can generally offer special exceptions or extensions needed by individual projects.
 
-
+<hr>
 # Security measures
 
 How do we accomplish those goals?
 
-## Operating system
+* Overseers
+
+Sourceware is looked after by a small group of "overseers", with decades of experience in software development as well as systems administration.  They work partly on a volunteer and partly on a part-of-the-job basis, on different continents.  Red Hat staff look after the physical hardware at the RDU colocation facility.
+
+* Operating system
+
+Sourceware runs on a fully supported, centrally monitored copy of Red Hat Enterprise Linux.  It self-updates via the Red Hat Network frequently.  Most of the software is stock from Red Hat or Fedora EPEL.  A few exceptions are extra infrastructure that comes from unpackaged free software sources compiled locally.
+
+* Network security
+
+We operate the usual suite of firewalls at the TCP/IP and HTTP levels, plus fail2ban.  There is no DoS frontend server at the moment, so the system attempts to protect itself from overloads by rate-limiting certain operations via systemd and httpd configuration.  Common attack attempts against the infrastructure are detected by fail2ban filters monitoring log files and result in auto-firewalling of attacking IP addresses or subnets.
+
+* GIT
+
+Git is the primary software repository engine on sourceware.  It provides plenty of native protection against accidental data corruption, and is configured to run with some repo self-checking that is not otherwise default.  If somehow raw repository history were to be corrupted, the many clones that exist would immediately make this obvious, and recovery would be possible.
+
+Several projects use git hooks to perform fine-grained access control, bugzilla interface.  Some projects use gitsigur, a homegrown script for enforcing authenticated signed git commits, to protect repos from misattributed commits.
+
+* Groups
+
+Different sourceware hosted projects are assigned distinct groupids in /etc/group.  Their code repositories are writable exclusively by members of that groupid.  Some projects share repos ("src", containing both binutils and gdb.)  Most projects are fully isolated from one another.
+
+* Logins
+
+Commit-capable contributors to most of our hosted projects receive credentials to log onto sourceware, to individual /etc/passwd userids created for them.  These userids are accessed exclusively through ssh public keys (no secrets!)  The userids are associated with groupids for the projects they received authorization for, which gives them write access to only those git repository contents.  Users that have left projects have their group memberships cleaned.  Users that leave sourceware entirely are considered "emeritus", and cannot log on at all.  However, their stub userid is reserved and preserved for history.
+
+While contributors can log on, almost all of them are subject to a homebrew restricted shell (long predating "ssh-shell") that permits them to do a very limited number of operations, such as pushing git commits.  Most contributors (1100+) cannot access a general shell on sourceware at all.
+
+Some project maintainers receive normal shell access, which lets them hand-manage repositories, release directories, web documents etc., but these people are few (60+), and highly trusted senior members of their respective projects.  Some projects have additional administrative userids, usually shell-capable, which are shared and managed by multiple maintainers.  These accounts sometimes perform automated local work on the repositories.
+
+Instead of first-class userids for contributors, some projects use gitolite with its nested authentication system.  Contributors for these projects do not have distinct userids, and are instead managed by the projects' gitolite administrators.
+
+Overseers can login to the root account via ssh.  
+
+Password authentication for shell/git access is entirely disabled (ssh pubkeys only), partly to prevent dictionary type attacks.
+
+* Web services
+
+Sourceware operates several web services (bugzilla, wikis, patchwork, bunsen, gitweb, cygwin catalogs).  All but the trivial ones tend to run as reverse-proxied daemons running under distinct unprivileged userids.  There is some denial-of-service protection in place.
+
+Some web services such as bugzilla and the wikis have their own separate authentication system based on passwords, but those credentials cannot be used to log into system shells.
+
+* Non-local builds
 
-Sourceware runs on a fully supported, centrally monitored copy of Red Hat Enterprise Linux.
+Sourceware runs a buildbot server, which is tasked by several projects to build snapshots or test builds.  The slave workers run on donated hardware resources running elsewhere.  A few projects elect to package pre-release source snapshots on sourceware itself, but they do not build actual project binaries.  That makes sourceware a less juicy target for "reflections on trusting trust" type infrastructure attacks.
 
-## Network security
+* Monitoring
 
-We operate the usual suite of firewalls at the TCP/IP and HTTP levels, plus fail2ban.
+Sourceware's performance is remotely monitored via prometheus node_exporter, RHEL Insights and other technologies.  Remote access to the server console is available to a few key individuals.  System logs are kept for a long time, on and off site.
 
-## Logins
+* Disaster recovery
 
+Sourceware runs on an industrial Dell server, with RAID6 local storage.  Hard drives have died and have been replaced, generally via live hotswaps while online.  It has been amazingly reliable: your scribe does not remember a single outright system crash.   Sourceware has a warm backup twin nearby, which receives daily snapshots of the main sourceware project hosting data.  A far off-site server also receives intermittent snapshots of the sourceware content.  Many projects also duplicate their repositories on mirrors and other git forge type services.  Therefore, data should be fairly safe, even in the case of catastrophic damage at the physical colocation facility.

diff --git a/sourceware_security_posture.mdwn b/sourceware_security_posture.mdwn
new file mode 100644
index 0000000..812b849
--- /dev/null
+++ b/sourceware_security_posture.mdwn
@@ -0,0 +1,50 @@
+DRAFT DRAFT DRAFT
+
+
+The overseers sometimes hear questions similar to "how secure is sourceware"?
+While such a vague question may deserve a half-hearted "secure enough" response,
+let's address it deeper.
+
+# History
+
+Sourceware has been operating since 1998.  During those 25+ years of operation,
+we recall a total of two security incidents, with the last one occurring over a
+decade ago.  We know of no case of a software repo suffering unauthorized change.
+
+# Principles
+
+## Simplicity
+
+We run the simplest software configuration possible to get the job done.  Old school UNIX packages and mechanisms are lightweight and well-understood, so we prefer them when they are sufficient.  The infrastructure is minimal and fits well even a single server.
+
+## Intimacy
+
+Sourceware caters to a relatively small user base of a few thousand developers for a few dozen projects.  At that scale, we can keep open direct communications with the project maintainers and even users.  There is no business or informal urge to keep growing, so we can stay a personal scale community.
+
+## Free/Open-Source
+
+Naturally, every snippet of software running is free/open-source software.
+
+## No secrets
+
+Sourceware aims to store no secrets in the form of credentials, crypto data, or even user content that would be a sensible target for an intruder.  There is approximately nothing worth breaking in for.
+
+## Choice
+
+The needs of software projects hosted at sourceware are similar but also vary.  Because sourceware is small, we can generally offer special exceptions or extensions needed by individual projects.
+
+
+# Security measures
+
+How do we accomplish those goals?
+
+## Operating system
+
+Sourceware runs on a fully supported, centrally monitored copy of Red Hat Enterprise Linux.
+
+## Network security
+
+We operate the usual suite of firewalls at the TCP/IP and HTTP levels, plus fail2ban.
+
+## Logins
+

diff --git a/index.mdwn b/index.mdwn
index 2d75bbf..538a9bd 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -10,6 +10,7 @@
 
 #### information for maintainers of hosted projects
 
+* [[sourceware security posture]]
 * account policies
 * services
     * git/svn

diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index 05e79ab..5b22f69 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -2,6 +2,7 @@
 
 * 2023-12-04 - Fiber cut & ISP routing problems resulting in partial network unreachability.
 * 2023-11-20 - Fiber cut & ISP routing problems resulting in partial network unreachability.
+* 2023-10-15 - ARC milter configured.
 * 2023-06-05 - DNS PTR misconfiguration delayed outbound email.
 * 2022-09-23 - Welcome to the pacme project.
 * 2021-06-01 - Experimenting with [VERP](https://wiki.list.org/DOC/So%20what%20is%20this%20VERP%20stuff) for mailman, which changes the outgoing Sender: header, for better delivery tracking.

diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index c06deed..05e79ab 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -1,5 +1,7 @@
 # service news
 
+* 2023-12-04 - Fiber cut & ISP routing problems resulting in partial network unreachability.
+* 2023-11-20 - Fiber cut & ISP routing problems resulting in partial network unreachability.
 * 2023-06-05 - DNS PTR misconfiguration delayed outbound email.
 * 2022-09-23 - Welcome to the pacme project.
 * 2021-06-01 - Experimenting with [VERP](https://wiki.list.org/DOC/So%20what%20is%20this%20VERP%20stuff) for mailman, which changes the outgoing Sender: header, for better delivery tracking.

diff --git a/sidebar.mdwn b/sidebar.mdwn
index 61431bc..0bcbb6e 100644
--- a/sidebar.mdwn
+++ b/sidebar.mdwn
@@ -2,6 +2,4 @@ System status:
 
 <font color="green" size="+1">no known problems</font><br>
 
-<a href="https://www.serviceuptime.com/users/uptimemonitoring.php?S=ea03013d9482309d57a34d275bc71d03&Id=53791" target="_blank"><img src="https://www.serviceuptime.com/uptime/53791/b2.png" border="0" width="88" height="31" ALT="Website Uptime Monitoring By ServiceUptime.com"></a>
-
 [[Previously|SystemStatusHistory]] <a href="/sourceware-wiki/ikiwiki.cgi?do=edit&page=sidebar">Edit</a>

diff --git a/Email.mdwn b/Email.mdwn
index 151b639..d9779fc 100644
--- a/Email.mdwn
+++ b/Email.mdwn
@@ -23,7 +23,7 @@
 * nuke mailman archive spam - blunt
 <pre>
     # cd /var/lib/mailman/archives/private/LIST/PERIOD
-    # chmod 000 FILE.html
+    # chmod 640 FILE.html  # not 000, leads to /var/log/mailman/error
 </pre>
 
 ### pre-2019 historical information

diff --git a/Email.mdwn b/Email.mdwn
index 02db83a..151b639 100644
--- a/Email.mdwn
+++ b/Email.mdwn
@@ -14,7 +14,7 @@
 
 * designate spam email that leaked into mailing lists:
 <pre>
-    # cd /var/lib/mailman/archives/public/LIST.mbox
+    # cd /var/lib/mailman/archives/private/LIST.mbox
     # mutt -f LIST.mbox
     (select message, then:) "| sa-learn --spam"
     (to check:) "| spamassassin -dtD 2>&1 | less"

diff --git a/Email.mdwn b/Email.mdwn
index 38a44b2..02db83a 100644
--- a/Email.mdwn
+++ b/Email.mdwn
@@ -21,9 +21,10 @@
 </pre>
 
 * nuke mailman archive spam - blunt
-
+<pre>
     # cd /var/lib/mailman/archives/private/LIST/PERIOD
     # chmod 000 FILE.html
+</pre>
 
 ### pre-2019 historical information
 

diff --git a/Email.mdwn b/Email.mdwn
index e128da7..38a44b2 100644
--- a/Email.mdwn
+++ b/Email.mdwn
@@ -20,6 +20,11 @@
     (to check:) "| spamassassin -dtD 2>&1 | less"
 </pre>
 
+* nuke mailman archive spam - blunt
+
+    # cd /var/lib/mailman/archives/private/LIST/PERIOD
+    # chmod 000 FILE.html
+
 ### pre-2019 historical information
 
 

diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index 2c18700..c06deed 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -1,5 +1,6 @@
 # service news
 
+* 2023-06-05 - DNS PTR misconfiguration delayed outbound email.
 * 2022-09-23 - Welcome to the pacme project.
 * 2021-06-01 - Experimenting with [VERP](https://wiki.list.org/DOC/So%20what%20is%20this%20VERP%20stuff) for mailman, which changes the outgoing Sender: header, for better delivery tracking.
 * 2020-06-30 - 24 hour bugzilla outage due to epel8.playground perl package regression

diff --git a/sidebar.mdwn b/sidebar.mdwn
index dac2b45..61431bc 100644
--- a/sidebar.mdwn
+++ b/sidebar.mdwn
@@ -1,6 +1,6 @@
 System status: 
 
-<!-- <font color="green" size="+1">no known problems</font><br> -->
+<font color="green" size="+1">no known problems</font><br>
 
 <a href="https://www.serviceuptime.com/users/uptimemonitoring.php?S=ea03013d9482309d57a34d275bc71d03&Id=53791" target="_blank"><img src="https://www.serviceuptime.com/uptime/53791/b2.png" border="0" width="88" height="31" ALT="Website Uptime Monitoring By ServiceUptime.com"></a>
 

diff --git a/sidebar.mdwn b/sidebar.mdwn
index 8958c05..dac2b45 100644
--- a/sidebar.mdwn
+++ b/sidebar.mdwn
@@ -1,6 +1,5 @@
 System status: 
 
-<font color="orange" size="+1">DNS PTR problems interfering with outgoing mail</font>
 <!-- <font color="green" size="+1">no known problems</font><br> -->
 
 <a href="https://www.serviceuptime.com/users/uptimemonitoring.php?S=ea03013d9482309d57a34d275bc71d03&Id=53791" target="_blank"><img src="https://www.serviceuptime.com/uptime/53791/b2.png" border="0" width="88" height="31" ALT="Website Uptime Monitoring By ServiceUptime.com"></a>

diff --git a/sidebar.mdwn b/sidebar.mdwn
index 61431bc..8958c05 100644
--- a/sidebar.mdwn
+++ b/sidebar.mdwn
@@ -1,6 +1,7 @@
 System status: 
 
-<font color="green" size="+1">no known problems</font><br>
+<font color="orange" size="+1">DNS PTR problems interfering with outgoing mail</font>
+<!-- <font color="green" size="+1">no known problems</font><br> -->
 
 <a href="https://www.serviceuptime.com/users/uptimemonitoring.php?S=ea03013d9482309d57a34d275bc71d03&Id=53791" target="_blank"><img src="https://www.serviceuptime.com/uptime/53791/b2.png" border="0" width="88" height="31" ALT="Website Uptime Monitoring By ServiceUptime.com"></a>
 

diff --git a/DoS.mdwn b/DoS.mdwn
index 2162891..4fe1613 100644
--- a/DoS.mdwn
+++ b/DoS.mdwn
@@ -20,6 +20,7 @@ fail2ban-client status moinmoin
 <pre><code>
 egrep 'QS|qos' /etc/httpd/conf.d/*
 links http://localhost/qos
+links http://localhost/server-info
 </code></pre>
 
 

diff --git a/DoS.mdwn b/DoS.mdwn
index 83e515a..2162891 100644
--- a/DoS.mdwn
+++ b/DoS.mdwn
@@ -6,6 +6,7 @@ We have a couple of defenses:
 
 <pre><code>
 fail2ban-client status postfix
+fail2ban-client status moinmoin
 </code></pre>
 
 * httpd blocklist (no longer used)

diff --git a/sidebar.mdwn b/sidebar.mdwn
index 952622f..61431bc 100644
--- a/sidebar.mdwn
+++ b/sidebar.mdwn
@@ -1,8 +1,6 @@
 System status: 
 
 <font color="green" size="+1">no known problems</font><br>
-except <font color="orange" size="+1"><a href="https://sourceware.org/pipermail/overseers/2023q1/019183.html">upcoming outage</a></font>
-<!-- <font color="red" size="+1">2-of-8 raid6 disk failure</font>, recovery in progress -->
 
 <a href="https://www.serviceuptime.com/users/uptimemonitoring.php?S=ea03013d9482309d57a34d275bc71d03&Id=53791" target="_blank"><img src="https://www.serviceuptime.com/uptime/53791/b2.png" border="0" width="88" height="31" ALT="Website Uptime Monitoring By ServiceUptime.com"></a>
 

diff --git a/DoS.mdwn b/DoS.mdwn
index 00b92dd..83e515a 100644
--- a/DoS.mdwn
+++ b/DoS.mdwn
@@ -4,20 +4,27 @@ We have a couple of defenses:
 
 * fail2ban (protecting several ports where we don't support logins but attacker try anyway)
 
-    fail2ban-client status postfix
+<pre><code>
+fail2ban-client status postfix
+</code></pre>
 
 * httpd blocklist (no longer used)
 
-    /etc/httpd/conf.d/block.include*
+<pre><code>
+/etc/httpd/conf.d/block.include*
+</code></pre>
 
 * httpd mod_qos (for targeted load shedding of temporarily overused services like gitweb)
 
-    /etc/httpd/conf.d QS / qos
-    links http://localhost/qos
+<pre><code>
+egrep 'QS|qos' /etc/httpd/conf.d/*
+links http://localhost/qos
+</code></pre>
+
 
 * firewalld tarpit (for overt abuse)
 
 <pre><code>
-    firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address='IP.ADDR/NETMASK' reject";
-    firewall-cmd --reload
+firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address='IP.ADDR/NETMASK' reject"
+firewall-cmd --reload
 </code></pre>

diff --git a/DoS.mdwn b/DoS.mdwn
index 1b035de..00b92dd 100644
--- a/DoS.mdwn
+++ b/DoS.mdwn
@@ -17,5 +17,7 @@ We have a couple of defenses:
 
 * firewalld tarpit (for overt abuse)
 
+<pre><code>
     firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address='IP.ADDR/NETMASK' reject";
     firewall-cmd --reload
+</code></pre>

diff --git a/DoS.mdwn b/DoS.mdwn
index 2c5d38e..1b035de 100644
--- a/DoS.mdwn
+++ b/DoS.mdwn
@@ -17,5 +17,5 @@ We have a couple of defenses:
 
 * firewalld tarpit (for overt abuse)
 
-    firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address='IP.ADDR/NETMASK' reject"
+    firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address='IP.ADDR/NETMASK' reject";
     firewall-cmd --reload

diff --git a/sidebar.mdwn b/sidebar.mdwn
index af006ed..952622f 100644
--- a/sidebar.mdwn
+++ b/sidebar.mdwn
@@ -1,7 +1,7 @@
 System status: 
 
 <font color="green" size="+1">no known problems</font><br>
-<!-- except <font color="orange" size="+1">patchwork</font> -->
+except <font color="orange" size="+1"><a href="https://sourceware.org/pipermail/overseers/2023q1/019183.html">upcoming outage</a></font>
 <!-- <font color="red" size="+1">2-of-8 raid6 disk failure</font>, recovery in progress -->
 
 <a href="https://www.serviceuptime.com/users/uptimemonitoring.php?S=ea03013d9482309d57a34d275bc71d03&Id=53791" target="_blank"><img src="https://www.serviceuptime.com/uptime/53791/b2.png" border="0" width="88" height="31" ALT="Website Uptime Monitoring By ServiceUptime.com"></a>

diff --git a/Email.mdwn b/Email.mdwn
index 1531eeb..e128da7 100644
--- a/Email.mdwn
+++ b/Email.mdwn
@@ -1,7 +1,7 @@
 ### current random information
 
 * smtp handler is postfix
-* email authentication includes milters for spf, dkim, dmarc
+* email authentication includes milters for spf, dkim, dmarc, postsrsd
 * content filtering includes spamassassin, clamav
 * mailing lists handled by [[mailman 2|mailman]] and public-inbox
 

diff --git a/Email.mdwn b/Email.mdwn
index 8decd14..1531eeb 100644
--- a/Email.mdwn
+++ b/Email.mdwn
@@ -13,12 +13,12 @@
 ### brief recipes
 
 * designate spam email that leaked into mailing lists:
-<code>
+<pre>
     # cd /var/lib/mailman/archives/public/LIST.mbox
     # mutt -f LIST.mbox
     (select message, then:) "| sa-learn --spam"
     (to check:) "| spamassassin -dtD 2>&1 | less"
-</code>
+</pre>
 
 ### pre-2019 historical information
 

diff --git a/Email.mdwn b/Email.mdwn
index 0229598..8decd14 100644
--- a/Email.mdwn
+++ b/Email.mdwn
@@ -13,12 +13,12 @@
 ### brief recipes
 
 * designate spam email that leaked into mailing lists:
-
+<code>
     # cd /var/lib/mailman/archives/public/LIST.mbox
     # mutt -f LIST.mbox
     (select message, then:) "| sa-learn --spam"
     (to check:) "| spamassassin -dtD 2>&1 | less"
-
+</code>
 
 ### pre-2019 historical information
 

diff --git a/Email.mdwn b/Email.mdwn
index 1677186..0229598 100644
--- a/Email.mdwn
+++ b/Email.mdwn
@@ -13,6 +13,7 @@
 ### brief recipes
 
 * designate spam email that leaked into mailing lists:
+
     # cd /var/lib/mailman/archives/public/LIST.mbox
     # mutt -f LIST.mbox
     (select message, then:) "| sa-learn --spam"

diff --git a/Email.mdwn b/Email.mdwn
index 9101990..1677186 100644
--- a/Email.mdwn
+++ b/Email.mdwn
@@ -1,3 +1,27 @@
+### current random information
+
+* smtp handler is postfix
+* email authentication includes milters for spf, dkim, dmarc
+* content filtering includes spamassassin, clamav
+* mailing lists handled by [[mailman 2|mailman]] and public-inbox
+
+### configuration hotspots
+
+* mailman2 per-list mboxes: /var/lib/mailman/archives/private/FOO.mbox/FOO.mbox
+
+
+### brief recipes
+
+* designate spam email that leaked into mailing lists:
+    # cd /var/lib/mailman/archives/public/LIST.mbox
+    # mutt -f LIST.mbox
+    (select message, then:) "| sa-learn --spam"
+    (to check:) "| spamassassin -dtD 2>&1 | less"
+
+
+### pre-2019 historical information
+
+
 ### Random information about sourceware's email setup
 
 * smtp handler is in /service/[[qpsmtpd|https://qpsmtpd.org/]]
@@ -13,7 +37,6 @@
 * sitewide blacklist `ezmlm-list /qmail/lists/global/deny`
 * sitewide whitelist `ezmlm-list /qmail/lists/global/allow`
 
-
 ### useful tools
 
 * /home/cgf/bin/qpdump --search='email address regex'
@@ -30,4 +53,3 @@
 * Procedure after updating /etc/mail/spamassassin/local.cf:
 <br>spamassassin --lint && service spamassassin restart
 
- 

diff --git a/index.mdwn b/index.mdwn
index deba28d..2d75bbf 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -30,6 +30,7 @@
 * account policies
     * [request queue](https://sourceware.org/cgi-bin/pdw/queue.cgi)
     * approval policies:
+        * gcc: [maintainers](https://gcc.gnu.org/gitwrite.html), approvers: maintainers, not just write-after-approval
         * glibc: [becoming a maintainer](https://sourceware.org/glibc/wiki/MAINTAINERS#Becoming_a_maintainer_.28developer.29) - approvers: stewards
 * problem solving
     * failures [[disk|OSPSDiskFailure]]

diff --git a/OSNewWebHosting.mdwn b/OSNewWebHosting.mdwn
index d8cea8e..5b754f0 100644
--- a/OSNewWebHosting.mdwn
+++ b/OSNewWebHosting.mdwn
@@ -8,12 +8,13 @@ makes <https://sourceware.org/project/> live.
 
 To convert an old-school CVS htdocs:
 
-1. rename the old htdocs directory under /sourceware/www/sourceware/htdocs/; create new (with proper group perms)
+1. rename the old htdocs directory under /sourceware/www/sourceware/htdocs/
 2. run the above script to create new git repo
 3. run (cd /cvs/PROJECT-htdocs/.../htdocs; find . -name '*,v' | cvs-fast-export > EXPORT.txt)
 4. into a temporary clone of the new git repo, run  git fast-import < EXPORT.txt
-5. git checkout (to fetch the master branch g-f-i created); git push
+5. # git checkout (to fetch the master branch g-f-i created); git push
 6. check that https://sourceware.org/$PROJECT is updated via the post-update hook
-7. clean up temporary clone and EXPORT.txt
-8. remove the /cvs/PROJECT... symlink
-9. remove the old htdocs backup directory after verification
+7. fix ownership/permissions of /sourceware/www/sourceware/htdocs/$PROJECT dirs especially
+8. clean up temporary clone and EXPORT.txt
+9. remove the /cvs/PROJECT... symlink
+10. remove the old htdocs backup directory after verification

diff --git a/DoS.mdwn b/DoS.mdwn
index 132ff01..2c5d38e 100644
--- a/DoS.mdwn
+++ b/DoS.mdwn
@@ -4,7 +4,7 @@ We have a couple of defenses:
 
 * fail2ban (protecting several ports where we don't support logins but attacker try anyway)
 
-    fail2ban status postfix
+    fail2ban-client status postfix
 
 * httpd blocklist (no longer used)
 

diff --git a/DoS.mdwn b/DoS.mdwn
index 2ce78c9..132ff01 100644
--- a/DoS.mdwn
+++ b/DoS.mdwn
@@ -3,15 +3,19 @@ A common type of abuse is a denial-of-service type attack, wherein one of the ne
 We have a couple of defenses:
 
 * fail2ban (protecting several ports where we don't support logins but attacker try anyway)
+
     fail2ban status postfix
 
 * httpd blocklist (no longer used)
+
     /etc/httpd/conf.d/block.include*
 
 * httpd mod_qos (for targeted load shedding of temporarily overused services like gitweb)
+
     /etc/httpd/conf.d QS / qos
     links http://localhost/qos
 
 * firewalld tarpit (for overt abuse)
+
     firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address='IP.ADDR/NETMASK' reject"
     firewall-cmd --reload

diff --git a/DoS.mdwn b/DoS.mdwn
new file mode 100644
index 0000000..2ce78c9
--- /dev/null
+++ b/DoS.mdwn
@@ -0,0 +1,17 @@
+A common type of abuse is a denial-of-service type attack, wherein one of the network services is used excessively or rudely.
+
+We have a couple of defenses:
+
+* fail2ban (protecting several ports where we don't support logins but attacker try anyway)
+    fail2ban status postfix
+
+* httpd blocklist (no longer used)
+    /etc/httpd/conf.d/block.include*
+
+* httpd mod_qos (for targeted load shedding of temporarily overused services like gitweb)
+    /etc/httpd/conf.d QS / qos
+    links http://localhost/qos
+
+* firewalld tarpit (for overt abuse)
+    firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address='IP.ADDR/NETMASK' reject"
+    firewall-cmd --reload

diff --git a/index.mdwn b/index.mdwn
index ebbf5cf..deba28d 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -34,6 +34,7 @@
 * problem solving
     * failures [[disk|OSPSDiskFailure]]
     * overload [[load average|OSPSLoadAverage]]
+    * DoS [[DoS]]
 * services
     * iptables
     * named

diff --git a/OSStaff.mdwn b/OSStaff.mdwn
index 9836bb9..2638fab 100644
--- a/OSStaff.mdwn
+++ b/OSStaff.mdwn
@@ -5,7 +5,7 @@ Overseers tend to be current or former associates of Cygnus & Red Hat or communi
 * Frank Ch. Eigler <fche@elastic.org>
 * Carlos O'Donell <codonell@redhat.com>
 * Lukas Berk  <lberk@redhat.com>
-* Mark Wielaard <mjw@redhat.com>
+* Mark Wielaard <mark@klomp.org>
 
 Listing the email addresses is for emergency purposes only, not an invitation to direct inquiries to them.
 

diff --git a/OSNewMoinWiki.mdwn b/OSNewMoinWiki.mdwn
index a21a136..52ae8b8 100644
--- a/OSNewMoinWiki.mdwn
+++ b/OSNewMoinWiki.mdwn
@@ -8,3 +8,4 @@ To create a new project wiki:
 * Update /wiki/farmconfig.py to enumerate new project.
 * Update /etc/httpd/conf.d/sourceware-vhost-sourceware.include for new wiki URL.  Reload httpd.
 * Log into new wiki, create all administrative userids plus the EditorGroup acl page.
+* Update root crontab with user purge

diff --git a/OSNewMoinWiki.mdwn b/OSNewMoinWiki.mdwn
new file mode 100644
index 0000000..a21a136
--- /dev/null
+++ b/OSNewMoinWiki.mdwn
@@ -0,0 +1,10 @@
+See also [[moinmoinwiki]].
+
+To create a new project wiki:
+
+* Create a /wiki/PROJECT.py file, copy & paste from existing simple one like gdb.  Denote administrative accounts.
+* Create empty /sourceware/PROJECT-home/wikidata directory, then data/ and data/pages/ dirs, apache:apache.
+* Verbatim copy /sourceware/PROJECT-home/wikidata/data/plugin from another instance.
+* Update /wiki/farmconfig.py to enumerate new project.
+* Update /etc/httpd/conf.d/sourceware-vhost-sourceware.include for new wiki URL.  Reload httpd.
+* Log into new wiki, create all administrative userids plus the EditorGroup acl page.

diff --git a/index.mdwn b/index.mdwn
index 8236604..ebbf5cf 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -50,7 +50,7 @@
     * mysql
     * gerrit
 * recipes:
-    * creating new [[user|OSNewUser]], [[project|OSNewProject]], [[git repo|OSNewGitRepo]], [[mailing list|OSNewMailingList]], [[web hosting site|OSNewWebHosting]], bugzilla
+    * creating new [[user|OSNewUser]], [[project|OSNewProject]], [[git repo|OSNewGitRepo]], [[mailing list|OSNewMailingList]], [[web hosting site|OSNewWebHosting]], [[moinmoin wiki|OSNewMoinWiki]], bugzilla
 * [[2019 migration status|MigrationStatus]] [[2019 migration details|MigrationWorkItems]]
 
 <font size="-1">Archive of old documentation, from [[y2000 era|OldInfo2000]], from [[y2010 era|OldInfo2010]].</font>

diff --git a/OSNewWebHosting.mdwn b/OSNewWebHosting.mdwn
index ee0d06b..d8cea8e 100644
--- a/OSNewWebHosting.mdwn
+++ b/OSNewWebHosting.mdwn
@@ -8,7 +8,7 @@ makes <https://sourceware.org/project/> live.
 
 To convert an old-school CVS htdocs:
 
-1. remove/rename the old htdocs directory under /sourceware/www/sourceware/htdocs/
+1. rename the old htdocs directory under /sourceware/www/sourceware/htdocs/; create new (with proper group perms)
 2. run the above script to create new git repo
 3. run (cd /cvs/PROJECT-htdocs/.../htdocs; find . -name '*,v' | cvs-fast-export > EXPORT.txt)
 4. into a temporary clone of the new git repo, run  git fast-import < EXPORT.txt
@@ -16,3 +16,4 @@ To convert an old-school CVS htdocs:
 6. check that https://sourceware.org/$PROJECT is updated via the post-update hook
 7. clean up temporary clone and EXPORT.txt
 8. remove the /cvs/PROJECT... symlink
+9. remove the old htdocs backup directory after verification

diff --git a/OSNewWebHosting.mdwn b/OSNewWebHosting.mdwn
index 355c59a..ee0d06b 100644
--- a/OSNewWebHosting.mdwn
+++ b/OSNewWebHosting.mdwn
@@ -15,3 +15,4 @@ To convert an old-school CVS htdocs:
 5. git checkout (to fetch the master branch g-f-i created); git push
 6. check that https://sourceware.org/$PROJECT is updated via the post-update hook
 7. clean up temporary clone and EXPORT.txt
+8. remove the /cvs/PROJECT... symlink

diff --git a/OSNewWebHosting.mdwn b/OSNewWebHosting.mdwn
index 9c91a18..355c59a 100644
--- a/OSNewWebHosting.mdwn
+++ b/OSNewWebHosting.mdwn
@@ -5,3 +5,13 @@ Git repositories for web pages belonging to a sourceware.org-side project may be
 This creates bare git repos accessible as `git://sourceware.org/git/FOO-htdocs.git` and other related URLs.
 This also initializes the needed `gitweb` files, so the repo shows up at <https://sourceware.org/git/>, and
 makes <https://sourceware.org/project/> live.
+
+To convert an old-school CVS htdocs:
+
+1. remove/rename the old htdocs directory under /sourceware/www/sourceware/htdocs/
+2. run the above script to create new git repo
+3. run (cd /cvs/PROJECT-htdocs/.../htdocs; find . -name '*,v' | cvs-fast-export > EXPORT.txt)
+4. into a temporary clone of the new git repo, run  git fast-import < EXPORT.txt
+5. git checkout (to fetch the master branch g-f-i created); git push
+6. check that https://sourceware.org/$PROJECT is updated via the post-update hook
+7. clean up temporary clone and EXPORT.txt

diff --git a/OSNewGitRepo.mdwn b/OSNewGitRepo.mdwn
index 1cdaa81..96bb8c6 100644
--- a/OSNewGitRepo.mdwn
+++ b/OSNewGitRepo.mdwn
@@ -3,4 +3,4 @@ Git repositories belonging to a sourceware.org-side project may be created with
 1. Run as `root`: `/sourceware/infra/bin/mkgit FOO`.
 
 This creates bare git repos accessible as `git://sourceware.org/git/FOO.git` and other related URLs.
-This also initializes the needed `gitweb` files, so the repo shows up at <http://sourceware.org/git/>.
+This also initializes the needed `gitweb` files, so the repo shows up at <https://sourceware.org/git/>.

diff --git a/OSNewWebHosting.mdwn b/OSNewWebHosting.mdwn
new file mode 100644
index 0000000..9c91a18
--- /dev/null
+++ b/OSNewWebHosting.mdwn
@@ -0,0 +1,7 @@
+Git repositories for web pages belonging to a sourceware.org-side project may be created with a handy dandy shell script:
+
+1. Run as `root`: `/sourceware/infra/bin/mkgithtdocs FOO`.
+
+This creates bare git repos accessible as `git://sourceware.org/git/FOO-htdocs.git` and other related URLs.
+This also initializes the needed `gitweb` files, so the repo shows up at <https://sourceware.org/git/>, and
+makes <https://sourceware.org/project/> live.

diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index 5b8e92a..2c18700 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -1,5 +1,6 @@
 # service news
 
+* 2022-09-23 - Welcome to the pacme project.
 * 2021-06-01 - Experimenting with [VERP](https://wiki.list.org/DOC/So%20what%20is%20this%20VERP%20stuff) for mailman, which changes the outgoing Sender: header, for better delivery tracking.
 * 2020-06-30 - 24 hour bugzilla outage due to epel8.playground perl package regression
 * 2020-06-29 - 12 hour system load crazy due to mariadb hang & client spin-loop

diff --git a/mailman.mdwn b/mailman.mdwn
index 52f5310..a663232 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -5,6 +5,7 @@
 
 * For most lists:
 <pre>
+    advertise = 1
     bounce_processing = 1
     archive = 1
     archive_private = 0

diff --git a/index.mdwn b/index.mdwn
index 904fe98..8236604 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -51,7 +51,7 @@
     * gerrit
 * recipes:
     * creating new [[user|OSNewUser]], [[project|OSNewProject]], [[git repo|OSNewGitRepo]], [[mailing list|OSNewMailingList]], [[web hosting site|OSNewWebHosting]], bugzilla
-* [[migration status|MigrationStatus]] [[migration details|MigrationWorkItems]]
+* [[2019 migration status|MigrationStatus]] [[2019 migration details|MigrationWorkItems]]
 
 <font size="-1">Archive of old documentation, from [[y2000 era|OldInfo2000]], from [[y2010 era|OldInfo2010]].</font>
 

diff --git a/mailman.mdwn b/mailman.mdwn
index 3f661c8..52f5310 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -38,19 +38,22 @@
 
 * Tip: `/usr/lib/mailman/bin/config_list -o - LISTNAME` to look at mailman config flags for a list.
 
+* Tip: `echo '$attribute=$value' | /usr/lib/mailman/bin/config_list -i /dev/stdin LISTNAME` to set an attribute.
+
 * Todo: Might need to modify/recreate some mlcheckd functionality.  /usr/local/mailman/mailman is a front-end script which could be adapted to do that.
 
 * dkim is is currently underway in `opendkim`.
 
 * dmarc is active (we publish dmarc records in our DNS, and check/report on incoming mail with `opendmarc`)
 
-# spam removal
+# spam removal ... or not
 
 * run `/sourceware/infra/bin/medit LIST`, which does the following:
   1. run `mutt -f /var/lib/mailman/archives/private/LIST.mbox/LIST.mbox` to inspect mailing list
   2. run `/sourceware/infra/bin/mrefresh LIST` to regenerate web archives (slow)
 * in mutt, press `S` to report as spam, then `d` to delete, eventually `q` to quit
 
+Unfortunately, the above is a bad idea, because old archive URLs are invalidated, which breaks bugzilla & mailing list history.
 
 # 2020-03 one-time migration tools
 

diff --git a/mailman.mdwn b/mailman.mdwn
index 0210bc7..3f661c8 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -5,7 +5,7 @@
 
 * For most lists:
 <pre>
-    bounce_processing = 0
+    bounce_processing = 1
     archive = 1
     archive_private = 0
     archive_volume_frequency = 1

diff --git a/OSStaff.mdwn b/OSStaff.mdwn
index 33cbda8..9836bb9 100644
--- a/OSStaff.mdwn
+++ b/OSStaff.mdwn
@@ -2,7 +2,7 @@ Overseers tend to be current or former associates of Cygnus & Red Hat or communi
 
 * Ian Lance Taylor <ian@airs.com>
 * Chris Faylor <me.sourceware@cgf.cx>
-* Frank Ch. Eigler <fche@redhat.com>
+* Frank Ch. Eigler <fche@elastic.org>
 * Carlos O'Donell <codonell@redhat.com>
 * Lukas Berk  <lberk@redhat.com>
 * Mark Wielaard <mjw@redhat.com>

diff --git a/index.mdwn b/index.mdwn
index 6908558..904fe98 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -21,10 +21,11 @@
 
 #### information for sourceware overseers
 
+* reach them by IRC at [ircs://irc.libera.chat:6697](https://web.libera.chat/#overseers)
 * [[who are the overseers|OSStaff]]
 * system architecture
-    * server1.sourceware.org = gcc.gnu.org
-    * server5.sourceware.org - warm backup
+    * server2.sourceware.org = gcc.gnu.org
+    * server3.sourceware.org - warm backup
 * project hosting policies
 * account policies
     * [request queue](https://sourceware.org/cgi-bin/pdw/queue.cgi)

diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index 669d34b..5b8e92a 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -1,6 +1,6 @@
 # service news
 
-* 2021-06-01 - Experimenting with [https://wiki.list.org/DOC/So%20what%20is%20this%20VERP%20stuff VERP for mailman], which changes the outgoing Sender: header, for better delivery tracking.
+* 2021-06-01 - Experimenting with [VERP](https://wiki.list.org/DOC/So%20what%20is%20this%20VERP%20stuff) for mailman, which changes the outgoing Sender: header, for better delivery tracking.
 * 2020-06-30 - 24 hour bugzilla outage due to epel8.playground perl package regression
 * 2020-06-29 - 12 hour system load crazy due to mariadb hang & client spin-loop
 * 2020-03-20 - 90 minute data center network outage

diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index b16b04b..669d34b 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -1,5 +1,6 @@
 # service news
 
+* 2021-06-01 - Experimenting with [https://wiki.list.org/DOC/So%20what%20is%20this%20VERP%20stuff VERP for mailman], which changes the outgoing Sender: header, for better delivery tracking.
 * 2020-06-30 - 24 hour bugzilla outage due to epel8.playground perl package regression
 * 2020-06-29 - 12 hour system load crazy due to mariadb hang & client spin-loop
 * 2020-03-20 - 90 minute data center network outage

diff --git a/OSStaff.mdwn b/OSStaff.mdwn
index 29aaff6..33cbda8 100644
--- a/OSStaff.mdwn
+++ b/OSStaff.mdwn
@@ -5,6 +5,7 @@ Overseers tend to be current or former associates of Cygnus & Red Hat or communi
 * Frank Ch. Eigler <fche@redhat.com>
 * Carlos O'Donell <codonell@redhat.com>
 * Lukas Berk  <lberk@redhat.com>
+* Mark Wielaard <mjw@redhat.com>
 
 Listing the email addresses is for emergency purposes only, not an invitation to direct inquiries to them.
 

diff --git a/index.mdwn b/index.mdwn
index 9925445..6908558 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -48,7 +48,6 @@
     * patchworks
     * mysql
     * gerrit
-    * pcp <https://sourceware.org/grafana/index.html#/dashboard/file/default.json>
 * recipes:
     * creating new [[user|OSNewUser]], [[project|OSNewProject]], [[git repo|OSNewGitRepo]], [[mailing list|OSNewMailingList]], [[web hosting site|OSNewWebHosting]], bugzilla
 * [[migration status|MigrationStatus]] [[migration details|MigrationWorkItems]]

diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index 7a80010..b16b04b 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -18,6 +18,7 @@
 
 # projects
 
+* 2021-03 Welcome to the debugedit project.
 * 2020-07 The gnu-gabi project now has a git repo <https://sourceware.org/git/?p=gnu-gabi.git>
 * 2018-08 Welcome (back) to the BZIP2 project.  <https://sourceware.org/bzip2/>
 * 2018-03 Welcome to the Springfield project (mailing list).

diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index 63e3d81..7a80010 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -18,6 +18,7 @@
 
 # projects
 
+* 2020-07 The gnu-gabi project now has a git repo <https://sourceware.org/git/?p=gnu-gabi.git>
 * 2018-08 Welcome (back) to the BZIP2 project.  <https://sourceware.org/bzip2/>
 * 2018-03 Welcome to the Springfield project (mailing list).
 * 2017-11 Welcome to the Annobin project.

diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index 8d62ae8..63e3d81 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -3,7 +3,7 @@
 * 2020-06-30 - 24 hour bugzilla outage due to epel8.playground perl package regression
 * 2020-06-29 - 12 hour system load crazy due to mariadb hang & client spin-loop
 * 2020-03-20 - 90 minute data center network outage
-* 2020-03-07..ongoing - Migration across systems & datacenters
+* 2020-03 - Migration across systems & datacenters
 * 2020-02-28 - Numerous moin wiki spam/DoS attackers blacklisted
 * 2018-12-13 - One outage due to physical move within data centre, one network outage due to router misconfiguration.
 * 2018-11-06 - Double drive replacement in main server, moving to 1TB SAS (cheaper than the original 500GB ones).

diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index 9b599b6..8d62ae8 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -1,5 +1,7 @@
 # service news
 
+* 2020-06-30 - 24 hour bugzilla outage due to epel8.playground perl package regression
+* 2020-06-29 - 12 hour system load crazy due to mariadb hang & client spin-loop
 * 2020-03-20 - 90 minute data center network outage
 * 2020-03-07..ongoing - Migration across systems & datacenters
 * 2020-02-28 - Numerous moin wiki spam/DoS attackers blacklisted

diff --git a/mailman.mdwn b/mailman.mdwn
index 39d1f5f..0210bc7 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -44,13 +44,12 @@
 
 * dmarc is active (we publish dmarc records in our DNS, and check/report on incoming mail with `opendmarc`)
 
-# Maintenance
+# spam removal
 
-* spam removal
-  * run `/sourceware/infra/bin/medit LIST`, which does the following:
-    1. run `mutt -f /var/lib/mailman/archives/private/LIST.mbox/LIST.mbox` to inspect mailing list
-    2. run `/sourceware/infra/bin/mrefresh LIST` to regenerate web archives (slow)
-  * in mutt, press `S` to report as spam, then `d` to delete, eventually `q` to quit
+* run `/sourceware/infra/bin/medit LIST`, which does the following:
+  1. run `mutt -f /var/lib/mailman/archives/private/LIST.mbox/LIST.mbox` to inspect mailing list
+  2. run `/sourceware/infra/bin/mrefresh LIST` to regenerate web archives (slow)
+* in mutt, press `S` to report as spam, then `d` to delete, eventually `q` to quit
 
 
 # 2020-03 one-time migration tools

diff --git a/mailman.mdwn b/mailman.mdwn
index 4222b62..39d1f5f 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -48,9 +48,9 @@
 
 * spam removal
   * run `/sourceware/infra/bin/medit LIST`, which does the following:
-    * run `mutt -f /var/lib/mailman/archives/private/LIST.mbox/LIST.mbox` to inspect mailing list
-    * in mutt, press `S` to report as spam, then `d` to delete, eventually `q` to quit
-    * run `/sourceware/infra/bin/mrefresh LIST` to regenerate web archives (slow)
+    1. run `mutt -f /var/lib/mailman/archives/private/LIST.mbox/LIST.mbox` to inspect mailing list
+    2. run `/sourceware/infra/bin/mrefresh LIST` to regenerate web archives (slow)
+  * in mutt, press `S` to report as spam, then `d` to delete, eventually `q` to quit
 
 
 # 2020-03 one-time migration tools

diff --git a/mailman.mdwn b/mailman.mdwn
index c0b6e71..4222b62 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -47,9 +47,10 @@
 # Maintenance
 
 * spam removal
-  * run `mutt -f /var/lib/mailman/archives/private/LIST.mbox/LIST.mbox` to inspect mailing list
-  * in mutt, press `S` to report as spam, then `d` to delete, eventually `q` to quit
-  * run `/sourceware/infra/bin/mrefresh LIST` to regenerate web archives (slow)
+  * run `/sourceware/infra/bin/medit LIST`, which does the following:
+    * run `mutt -f /var/lib/mailman/archives/private/LIST.mbox/LIST.mbox` to inspect mailing list
+    * in mutt, press `S` to report as spam, then `d` to delete, eventually `q` to quit
+    * run `/sourceware/infra/bin/mrefresh LIST` to regenerate web archives (slow)
 
 
 # 2020-03 one-time migration tools

diff --git a/mailman.mdwn b/mailman.mdwn
index ba81b2c..c0b6e71 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -4,36 +4,27 @@
 # Typical mailing list configuration
 
 * For most lists:
-
+<pre>
     bounce_processing = 0
-
     archive = 1
-
     archive_private = 0
-
     archive_volume_frequency = 1
-
     subscribe_policy = 0
-
     obscure_addresses = 0
-
     dmarc_moderation_action=1
-
     dmarc_quarantine_moderation_action=1
-
     dmarc_none_moderation_action=1
-
     max_num_recipients = 0
-
+</pre>
 * For announce lists:
-
+<pre>
     generic_nonmember_action=1
-
+</pre>
 * For patches list, maybe:
-
+<pre>
     dmarc_moderation_action=0
-
     max_message_size=0
+</pre>
 
 # Status 
 

diff --git a/mailman.mdwn b/mailman.mdwn
index 5f63d86..ba81b2c 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -58,7 +58,7 @@
 * spam removal
   * run `mutt -f /var/lib/mailman/archives/private/LIST.mbox/LIST.mbox` to inspect mailing list
   * in mutt, press `S` to report as spam, then `d` to delete, eventually `q` to quit
-  * run `/sourceware/infra/bin/mlrefresh LIST` to regenerate web archives (slow)
+  * run `/sourceware/infra/bin/mrefresh LIST` to regenerate web archives (slow)
 
 
 # 2020-03 one-time migration tools

diff --git a/mailman.mdwn b/mailman.mdwn
index e5523d0..5f63d86 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -56,7 +56,8 @@
 # Maintenance
 
 * spam removal
-  * run `mutt -f /var/lib/mailman/archives/private/LIST.mbox/LIST.mbox` to delete spam
+  * run `mutt -f /var/lib/mailman/archives/private/LIST.mbox/LIST.mbox` to inspect mailing list
+  * in mutt, press `S` to report as spam, then `d` to delete, eventually `q` to quit
   * run `/sourceware/infra/bin/mlrefresh LIST` to regenerate web archives (slow)
 
 

diff --git a/MigrationWorkItems.mdwn b/MigrationWorkItems.mdwn
index d09bb11..08eedf0 100644
--- a/MigrationWorkItems.mdwn
+++ b/MigrationWorkItems.mdwn
@@ -37,7 +37,7 @@ Install software to support all services: [[SoftwarePolicy]]
   * ☑ [[https://gcc.gnu.org/git]]
   * ☑ cygwin gitwebs (git-cygwin-packages and git2)
   * ☑ cvsweb/svn (redirecting /rABCDEF and /viewcvs?rev=ABCDEF queries into gitweb)
-  * ☐ patchwork (account alive, but old django / old python block function)
+  * ☑ patchwork (account alive, but old django / old python block function)
   * ☑ git over http:// and https:// -- now with smart transport
   * ☑ moinmoin wiki (required nuking all python2.6 caches & symlinks); still no searching
   * ☑ ikiwiki wiki (many dependent perl libs built as rpms)

diff --git a/sidebar.mdwn b/sidebar.mdwn
index 1a8c1b4..af006ed 100644
--- a/sidebar.mdwn
+++ b/sidebar.mdwn
@@ -1,7 +1,7 @@
 System status: 
 
-<font color="green" size="+1">no known problems</font><br> except
-<font color="orange" size="+1">patchwork</font>
+<font color="green" size="+1">no known problems</font><br>
+<!-- except <font color="orange" size="+1">patchwork</font> -->
 <!-- <font color="red" size="+1">2-of-8 raid6 disk failure</font>, recovery in progress -->
 
 <a href="https://www.serviceuptime.com/users/uptimemonitoring.php?S=ea03013d9482309d57a34d275bc71d03&Id=53791" target="_blank"><img src="https://www.serviceuptime.com/uptime/53791/b2.png" border="0" width="88" height="31" ALT="Website Uptime Monitoring By ServiceUptime.com"></a>

diff --git a/mailman.mdwn b/mailman.mdwn
index 485f3bf..e5523d0 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -60,7 +60,7 @@
   * run `/sourceware/infra/bin/mlrefresh LIST` to regenerate web archives (slow)
 
 
-# Migration tools -- no longer needed
+# 2020-03 one-time migration tools
 
 Scripts:
 

diff --git a/mailman.mdwn b/mailman.mdwn
index fa033fa..485f3bf 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -1,3 +1,6 @@
+[[!toc]]
+
+
 # Typical mailing list configuration
 
 * For most lists:
@@ -32,8 +35,32 @@
 
     max_message_size=0
 
+# Status 
+
+* mailing list data is in /sourceware1/var/lib/mailman.
+
+* mbox files that archive incoming mail are the master content: `/var/lib/mailman/archives/private/LIST.mbox`.  `.../LIST.mbox/LIST.mbox` is the file actively written to as mail is received at the mailing list reflector.  Sibling `.mbox` files are rotated from earlier times / systems.
+
+* These mbox files are used by the `arch` binary to generate all html and txt files that the web server exports.  Use the `/sourceware/infra/bin/mmrefresh LIST` widget to regenerate it all.
+
+* You can inspect the sourceware archives by going to [[http://sourceware.org/mailman/listinfo]] [[http://gcc.gnu.org/mailman/listinfo]] [[https://cygwin.com/mailman/listinfo]]
+
+* Tip: `/usr/lib/mailman/bin/config_list -o - LISTNAME` to look at mailman config flags for a list.
+
+* Todo: Might need to modify/recreate some mlcheckd functionality.  /usr/local/mailman/mailman is a front-end script which could be adapted to do that.
+
+* dkim is is currently underway in `opendkim`.
+
+* dmarc is active (we publish dmarc records in our DNS, and check/report on incoming mail with `opendmarc`)
+
+# Maintenance
+
+* spam removal
+  * run `mutt -f /var/lib/mailman/archives/private/LIST.mbox/LIST.mbox` to delete spam
+  * run `/sourceware/infra/bin/mlrefresh LIST` to regenerate web archives (slow)
 
-# Migration tools
+
+# Migration tools -- no longer needed
 
 Scripts:
 
@@ -50,24 +77,3 @@ Copy list from /sourceware1old/qmail/lists/* to mailman
 
 * /home/cgf/bin/bigarch *listname* [*listname ...*]
 <br>Concatenate individual mbox files from /home/cgf/migration/mlists.d/*list*/*/*.mbox to /var/lib/mailman/archives/private/*list:ezmlm-YEAR.mbox*
-
-
-Content:
-
-* mailing list data is in /sourceware1/var/lib/mailman.
-
-* mbox files that archive incoming mail are the master content: `/var/lib/mailman/archives/private/LIST.mbox`.  `.../LIST.mbox/LIST.mbox` is the file actively written to as mail is received at the mailing list reflector.  Sibling `.mbox` files are rotated from earlier times / systems.
-
-* These mbox files are used by the `arch` binary to generate all html and txt files that the web server exports.  Use the `/sourceware/infra/bin/mmrefresh LIST` widget to regenerate it all.
-
-* You can inspect the sourceware archives by going to [[http://sourceware.org/mailman/listinfo]] [[http://gcc.gnu.org/mailman/listinfo]] [[https://cygwin.com/mailman/listinfo]]
-
-* Tip: `/usr/lib/mailman/bin/config_list -o - LISTNAME` to look at mailman config flags for a list.
-
-Todo:
-
-* Might need to modify/recreate some mlcheckd functionality.  /usr/local/mailman/mailman is a front-end script which could be adapted to do that.
-
-* dkim is is currently underway in `opendkim`.
-
-* dmarc is active (we publish dmarc records in our DNS, and check/report on incoming mail with `opendmarc`)

diff --git a/mailman.mdwn b/mailman.mdwn
index f708d39..fa033fa 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -60,7 +60,7 @@ Content:
 
 * These mbox files are used by the `arch` binary to generate all html and txt files that the web server exports.  Use the `/sourceware/infra/bin/mmrefresh LIST` widget to regenerate it all.
 
-* You can inspect the sourceware archives by going to [[http://sourceware.org/mailman/listinfo]] [[http://gcc.gnu.org/mailman/listinfo]]
+* You can inspect the sourceware archives by going to [[http://sourceware.org/mailman/listinfo]] [[http://gcc.gnu.org/mailman/listinfo]] [[https://cygwin.com/mailman/listinfo]]
 
 * Tip: `/usr/lib/mailman/bin/config_list -o - LISTNAME` to look at mailman config flags for a list.
 
@@ -69,3 +69,5 @@ Todo:
 * Might need to modify/recreate some mlcheckd functionality.  /usr/local/mailman/mailman is a front-end script which could be adapted to do that.
 
 * dkim is is currently underway in `opendkim`.
+
+* dmarc is active (we publish dmarc records in our DNS, and check/report on incoming mail with `opendmarc`)

diff --git a/mailman.mdwn b/mailman.mdwn
index 92c2ec6..f708d39 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -3,14 +3,23 @@
 * For most lists:
 
     bounce_processing = 0
+
     archive = 1
+
     archive_private = 0
+
     archive_volume_frequency = 1
+
     subscribe_policy = 0
+
     obscure_addresses = 0
+
     dmarc_moderation_action=1
+
     dmarc_quarantine_moderation_action=1
+
     dmarc_none_moderation_action=1
+
     max_num_recipients = 0
 
 * For announce lists:

diff --git a/mailman.mdwn b/mailman.mdwn
index 1453ce5..92c2ec6 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -2,22 +2,15 @@
 
 * For most lists:
 
+    bounce_processing = 0
     archive = 1
-
     archive_private = 0
-
     archive_volume_frequency = 1
-
     subscribe_policy = 0
-
     obscure_addresses = 0
-
     dmarc_moderation_action=1
-
     dmarc_quarantine_moderation_action=1
-
     dmarc_none_moderation_action=1
-
     max_num_recipients = 0
 
 * For announce lists:

diff --git a/sidebar.mdwn b/sidebar.mdwn
index c9b3cdd..1a8c1b4 100644
--- a/sidebar.mdwn
+++ b/sidebar.mdwn
@@ -1,7 +1,7 @@
 System status: 
 
-<!-- <font color="green" size="+1">no known problems</font> --><br>
-<font color="orange" size="+1">2020-03-07..ongoing [[migration in progress|MigrationStatus]]</font>
+<font color="green" size="+1">no known problems</font><br> except
+<font color="orange" size="+1">patchwork</font>
 <!-- <font color="red" size="+1">2-of-8 raid6 disk failure</font>, recovery in progress -->
 
 <a href="https://www.serviceuptime.com/users/uptimemonitoring.php?S=ea03013d9482309d57a34d275bc71d03&Id=53791" target="_blank"><img src="https://www.serviceuptime.com/uptime/53791/b2.png" border="0" width="88" height="31" ALT="Website Uptime Monitoring By ServiceUptime.com"></a>

diff --git a/MigrationStatus.mdwn b/MigrationStatus.mdwn
index cd54461..783a17f 100644
--- a/MigrationStatus.mdwn
+++ b/MigrationStatus.mdwn
@@ -1,5 +1,4 @@
-This page outlines user-visible aspects of the impending migration of the sourceware.org / gcc.gnu.org server to a new server at a new colocation facility.
-
+This page outlines user-visible aspects of the <strike>impending</strike> <b>completed</b> migration of the sourceware.org / gcc.gnu.org server to a new server at a new colocation facility.
 
 [[!toc]]
 
@@ -57,6 +56,7 @@ monitor the general goings-on is join the freenode IRC channel #overseers.
  * 2020-03-12 http/https: based git operations working
  * 2020-03-12 email to {gcc,sourceware}-bugzilla working
  * 2020-03-15 mnogosearch local web search engine working
+ * 2020-03-20 archaeology support subversion working for gcc.gnu.org
 
 We plan to assemble status/details of the various services here, as they come online.  (See also [[details|MigrationWorkItems]])
 

diff --git a/MigrationWorkItems.mdwn b/MigrationWorkItems.mdwn
index 244d2e8..d09bb11 100644
--- a/MigrationWorkItems.mdwn
+++ b/MigrationWorkItems.mdwn
@@ -25,7 +25,7 @@ Install software to support all services: [[SoftwarePolicy]]
 * ☑ /etc git tracking
 * ☐ cron jobs (as systemd timers!)
 * ☑ git
-* ☐ svn
+* ☑ svn (svn+ssh:, svn:)
 * ☑ cvs
 * ☑ ftpd (vsftpd)
 * ☑ httpd
@@ -36,7 +36,7 @@ Install software to support all services: [[SoftwarePolicy]]
   * ☑ [[https://gcc.gnu.org/]]
   * ☑ [[https://gcc.gnu.org/git]]
   * ☑ cygwin gitwebs (git-cygwin-packages and git2)
-  * ☐ cvsweb/svn [[https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=278983]]
+  * ☑ cvsweb/svn (redirecting /rABCDEF and /viewcvs?rev=ABCDEF queries into gitweb)
   * ☐ patchwork (account alive, but old django / old python block function)
   * ☑ git over http:// and https:// -- now with smart transport
   * ☑ moinmoin wiki (required nuking all python2.6 caches & symlinks); still no searching

diff --git a/SystemStatusHistory.mdwn b/SystemStatusHistory.mdwn
index cf2f10b..9b599b6 100644
--- a/SystemStatusHistory.mdwn
+++ b/SystemStatusHistory.mdwn
@@ -1,5 +1,7 @@
 # service news
 
+* 2020-03-20 - 90 minute data center network outage
+* 2020-03-07..ongoing - Migration across systems & datacenters
 * 2020-02-28 - Numerous moin wiki spam/DoS attackers blacklisted
 * 2018-12-13 - One outage due to physical move within data centre, one network outage due to router misconfiguration.
 * 2018-11-06 - Double drive replacement in main server, moving to 1TB SAS (cheaper than the original 500GB ones).

diff --git a/MigrationStatus.mdwn b/MigrationStatus.mdwn
index e2f33e9..cd54461 100644
--- a/MigrationStatus.mdwn
+++ b/MigrationStatus.mdwn
@@ -56,6 +56,7 @@ monitor the general goings-on is join the freenode IRC channel #overseers.
  * 2020-03-11 most bugzilla related features working, but not yet git->email->bugzilla
  * 2020-03-12 http/https: based git operations working
  * 2020-03-12 email to {gcc,sourceware}-bugzilla working
+ * 2020-03-15 mnogosearch local web search engine working
 
 We plan to assemble status/details of the various services here, as they come online.  (See also [[details|MigrationWorkItems]])
 

diff --git a/MigrationWorkItems.mdwn b/MigrationWorkItems.mdwn
index feb4d19..244d2e8 100644
--- a/MigrationWorkItems.mdwn
+++ b/MigrationWorkItems.mdwn
@@ -39,9 +39,9 @@ Install software to support all services: [[SoftwarePolicy]]
   * ☐ cvsweb/svn [[https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=278983]]
   * ☐ patchwork (account alive, but old django / old python block function)
   * ☑ git over http:// and https:// -- now with smart transport
-  * ☑ moinmoin wiki (required nuking all python2.6 caches & symlinks)
+  * ☑ moinmoin wiki (required nuking all python2.6 caches & symlinks); still no searching
   * ☑ ikiwiki wiki (many dependent perl libs built as rpms)
-  * ☐ mnogosearch (under htdigid)
+  * ☑ mnogosearch
 * ☑ metahtml (?!) (gcc-wwwdocs invoked tool to populate /www/gcc/htdocs) (binary copied from old-sourceware)
 * ☑ certbot
 * ☑ email into bugzilla [[BugzillaMailman]]

diff --git a/MigrationWorkItems.mdwn b/MigrationWorkItems.mdwn
index 9a81414..feb4d19 100644
--- a/MigrationWorkItems.mdwn
+++ b/MigrationWorkItems.mdwn
@@ -47,7 +47,7 @@ Install software to support all services: [[SoftwarePolicy]]
 * ☑ email into bugzilla [[BugzillaMailman]]
 * ☑ rsyncd
 * ☒ gerrit -> deprecate
-* ☐ xapian (perl2 + perl3? for ikiwiki, moin; built from hand-modified xapian-omega tarball/spec from upstream)
+* ☑ xapian (perl2 + perl3? for ikiwiki, moin; built from hand-modified xapian-omega tarball/spec from upstream)
 * ☑ qmail -> postfix (including .qmail -> .forward home directory files)
 * ☑ mysql (contains bugzilla, spamassassin) -> migrate to mariadb via mysqldump :-(
 * ☑ spamassassin

diff --git a/MigrationWorkItems.mdwn b/MigrationWorkItems.mdwn
index 39889ec..9a81414 100644
--- a/MigrationWorkItems.mdwn
+++ b/MigrationWorkItems.mdwn
@@ -47,7 +47,7 @@ Install software to support all services: [[SoftwarePolicy]]
 * ☑ email into bugzilla [[BugzillaMailman]]
 * ☑ rsyncd
 * ☒ gerrit -> deprecate
-* ☐ xapian (perl2 + perl3? for ikiwiki, moin)
+* ☐ xapian (perl2 + perl3? for ikiwiki, moin; built from hand-modified xapian-omega tarball/spec from upstream)
 * ☑ qmail -> postfix (including .qmail -> .forward home directory files)
 * ☑ mysql (contains bugzilla, spamassassin) -> migrate to mariadb via mysqldump :-(
 * ☑ spamassassin

diff --git a/MigrationWorkItems.mdwn b/MigrationWorkItems.mdwn
index 582830c..39889ec 100644
--- a/MigrationWorkItems.mdwn
+++ b/MigrationWorkItems.mdwn
@@ -44,7 +44,7 @@ Install software to support all services: [[SoftwarePolicy]]
   * ☐ mnogosearch (under htdigid)
 * ☑ metahtml (?!) (gcc-wwwdocs invoked tool to populate /www/gcc/htdocs) (binary copied from old-sourceware)
 * ☑ certbot
-* ☐ email into bugzilla [[BugzillaMailman]]
+* ☑ email into bugzilla [[BugzillaMailman]]
 * ☑ rsyncd
 * ☒ gerrit -> deprecate
 * ☐ xapian (perl2 + perl3? for ikiwiki, moin)

diff --git a/MigrationStatus.mdwn b/MigrationStatus.mdwn
index b2f5cf2..e2f33e9 100644
--- a/MigrationStatus.mdwn
+++ b/MigrationStatus.mdwn
@@ -55,7 +55,7 @@ monitor the general goings-on is join the freenode IRC channel #overseers.
  * 2020-03-09 mailman filtering/munging policies in flux
  * 2020-03-11 most bugzilla related features working, but not yet git->email->bugzilla
  * 2020-03-12 http/https: based git operations working
-
+ * 2020-03-12 email to {gcc,sourceware}-bugzilla working
 
 We plan to assemble status/details of the various services here, as they come online.  (See also [[details|MigrationWorkItems]])
 

diff --git a/BugzillaMailman.mdwn b/BugzillaMailman.mdwn
index b110e83..ef3be54 100644
--- a/BugzillaMailman.mdwn
+++ b/BugzillaMailman.mdwn
@@ -6,3 +6,5 @@ The bugzilla email forwarder is /sourceware/infra/bin/bugzilla-forwarder.  It is
 
 Due to raisins the bugzilla-forwarder needs to run email_in.pl via "sudo -u apache".
 
+Currently all bugzilla email is mirrored in /var/spool/mail/bugzilla  (maybe turn this off after things are confirmed to be working ok).  The operation of the forwarder is logged to /sourceware/bugzilla/email_in.log.
+

diff --git a/BugzillaMailman.mdwn b/BugzillaMailman.mdwn
index 5a72a99..b110e83 100644
--- a/BugzillaMailman.mdwn
+++ b/BugzillaMailman.mdwn
@@ -2,3 +2,7 @@ Some notes on bugzilla-email integration
 
 On old sourceware, email came into a bugzilla-FOO@ local account.  That turned out to dispatch to .qmail-FOO scripts in /sourceware1/pool/bugzilla.  These scripts in turn massage the data and talk to the bugzilla database in (TBA) mysterious ways.
 
+The bugzilla email forwarder is /sourceware/infra/bin/bugzilla-forwarder.  It is called from ~bugzilla/.forward.
+
+Due to raisins the bugzilla-forwarder needs to run email_in.pl via "sudo -u apache".
+

diff --git a/MigrationStatus.mdwn b/MigrationStatus.mdwn
index eeaee81..b2f5cf2 100644
--- a/MigrationStatus.mdwn
+++ b/MigrationStatus.mdwn
@@ -48,11 +48,13 @@ monitor the general goings-on is join the freenode IRC channel #overseers.
    * rsync, ftp, enabled
    * ssh: and git: based git operations working
    * mailing lists now served by postfix/mailman, more info coming later
-   * bugzilla services (mysql, the bugzilla perl code) <font color="red">not ready to file new bugs!</font>
+   * bugzilla services (mysql, the bugzilla perl code
    * moinmoin wikis (gcc, sourceware)
    * gitweb - some broken
  * 2020-03-08 gitweb and many other things fixed
  * 2020-03-09 mailman filtering/munging policies in flux
+ * 2020-03-11 most bugzilla related features working, but not yet git->email->bugzilla
+ * 2020-03-12 http/https: based git operations working
 
 
 We plan to assemble status/details of the various services here, as they come online.  (See also [[details|MigrationWorkItems]])

diff --git a/MigrationWorkItems.mdwn b/MigrationWorkItems.mdwn
index e05c87c..582830c 100644
--- a/MigrationWorkItems.mdwn
+++ b/MigrationWorkItems.mdwn
@@ -38,7 +38,7 @@ Install software to support all services: [[SoftwarePolicy]]
   * ☑ cygwin gitwebs (git-cygwin-packages and git2)
   * ☐ cvsweb/svn [[https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=278983]]
   * ☐ patchwork (account alive, but old django / old python block function)
-  * ☐ git over http://
+  * ☑ git over http:// and https:// -- now with smart transport
   * ☑ moinmoin wiki (required nuking all python2.6 caches & symlinks)
   * ☑ ikiwiki wiki (many dependent perl libs built as rpms)
   * ☐ mnogosearch (under htdigid)

diff --git a/MigrationWorkItems.mdwn b/MigrationWorkItems.mdwn
index 415384c..e05c87c 100644
--- a/MigrationWorkItems.mdwn
+++ b/MigrationWorkItems.mdwn
@@ -37,7 +37,7 @@ Install software to support all services: [[SoftwarePolicy]]
   * ☑ [[https://gcc.gnu.org/git]]
   * ☑ cygwin gitwebs (git-cygwin-packages and git2)
   * ☐ cvsweb/svn [[https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=278983]]
-  * ☐ patchwork
+  * ☐ patchwork (account alive, but old django / old python block function)
   * ☐ git over http://
   * ☑ moinmoin wiki (required nuking all python2.6 caches & symlinks)
   * ☑ ikiwiki wiki (many dependent perl libs built as rpms)

diff --git a/mailman.mdwn b/mailman.mdwn
index b744e05..1453ce5 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -1,4 +1,37 @@
-#Notes on mailing list migration
+# Typical mailing list configuration
+
+* For most lists:
+
+    archive = 1
+
+    archive_private = 0
+
+    archive_volume_frequency = 1
+
+    subscribe_policy = 0
+
+    obscure_addresses = 0
+
+    dmarc_moderation_action=1
+
+    dmarc_quarantine_moderation_action=1
+
+    dmarc_none_moderation_action=1
+
+    max_num_recipients = 0
+
+* For announce lists:
+
+    generic_nonmember_action=1
+
+* For patches list, maybe:
+
+    dmarc_moderation_action=0
+
+    max_message_size=0
+
+
+# Migration tools
 
 Scripts:
 
@@ -34,17 +67,3 @@ Todo:
 * Might need to modify/recreate some mlcheckd functionality.  /usr/local/mailman/mailman is a front-end script which could be adapted to do that.
 
 * dkim is is currently underway in `opendkim`.
-
-# Typical mailing list configuration
-
-* For most lists:
-
-    dmarc_moderation_action=1
-
-    dmarc_quarantine_moderation_action=1
-
-    dmarc_none_moderation_action=1
-
-* For announce lists:
-
-    generic_nonmember_action = 1

diff --git a/mailman.mdwn b/mailman.mdwn
index ef03218..b744e05 100644
--- a/mailman.mdwn
+++ b/mailman.mdwn
@@ -34,3 +34,17 @@ Todo:
 * Might need to modify/recreate some mlcheckd functionality.  /usr/local/mailman/mailman is a front-end script which could be adapted to do that.
 
 * dkim is is currently underway in `opendkim`.
+
+# Typical mailing list configuration
+
+* For most lists:
+
+    dmarc_moderation_action=1
+
+    dmarc_quarantine_moderation_action=1
+
+    dmarc_none_moderation_action=1
+
+* For announce lists:
+
+    generic_nonmember_action = 1

diff --git a/MigrationWorkItems.mdwn b/MigrationWorkItems.mdwn
index 64359b6..415384c 100644
--- a/MigrationWorkItems.mdwn
+++ b/MigrationWorkItems.mdwn
@@ -38,6 +38,7 @@ Install software to support all services: [[SoftwarePolicy]]
   * ☑ cygwin gitwebs (git-cygwin-packages and git2)
   * ☐ cvsweb/svn [[https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=278983]]
   * ☐ patchwork
+  * ☐ git over http://
   * ☑ moinmoin wiki (required nuking all python2.6 caches & symlinks)
   * ☑ ikiwiki wiki (many dependent perl libs built as rpms)
   * ☐ mnogosearch (under htdigid)