To Software Software - To Software-Assessment - Software/Assessment
Minutes of the MiniTOP on the 2010-09-21
Setting
The MiniTOP was held by irc. 20:00 CEST
Attendees: Andreas, Dirk, Martin, Uli
Action items from last meeting
- Markus: recover cacert-devel, Testserver
Topics
- State Testserver Update
- Reset on Testserver / cacert-devel repositories
- Preparing first patches for testing
- Test run: current webdb mirror, add patches, document patches
- Which repositories are active ?
- How and where to document ?
- reset of cacert-devel before first start ?
- Test run: current webdb mirror, add patches, document patches
- Andreas: reported problem relating signer deployment: no checkin possible on testserver, Update ?
- Automated testing system
- Andreas / Hayati
- Building Testteam, Updates
- next meeting: Tuesday, Sept 28, 2010 ? Oct 5th ?
Minutes
- problem with telco system ... meeting moved to irc
- 20:30 meeting starts with 30 min delay
- Action items from last meeting
- Markus shreddered cacert-devel and testserver repo last week. recovered cacert-devel, Testserver last Wednesday
- State Testserver
- reset to cacert last revision + 3 patches
- These patches didn't had a bug#
- Who helps document these patches ?
- Why did Markus add the patches from Michael w/o mantis bug # ?
- Question can only be answered by Markus
- again, who helps identifying and document patches ?
- action item to next meeting: identify and document patches
- part 2 testserver: Andreas: reported problem relating signer deployment: no checkin possible on testserver, Update ?
- Andreas and Markus works today 3 hours on signer
- we have to do a root ceremony on cacert1 and generate private keys for class1/class3 to build crls
- there is a private key on the machine, probably Wytze generated it ? But there is password set. session finished.
private key => ask Wytze
- as long as nobody tries to test if its signed with the correct key, we need only one key
- as long there is only one crl
- currently we probably only need one testkey, so that the key related functions (e.g. add client cert, add server cert) could be tested
- Signer daemon on svn is a different version then on production system. Wytze has to update svn copy. But therefor he has to go to Ede and needs a 2nd critical system admin so source code can be backuped on another media
- Will someone attend to the root key ceremony? Probably only thru irc or skype
- Andreas: Is it a decision, that we will use only one key (simplification) or should I check, that we use a copy of the setup procedure including 2 keys and several clrs ?
- We need a key, to test the functions that use a key. Class3 testkey is a nice2have, e.g. cert login doesn't work w/o a key, but it helps if we have one key
- crl mechanism needs to be deployed also, that tooks a while. In the meanwhile I would like to set a link onto the cacert-production system, that clients doesn't runs into a timeout. somedays we also deploy an ocsp-testsystem, but this is low priority
Andreas: OK, I will decide this by time ... Its not only two keys, also TimeToLive of certs, dependency on count of points and much more. Probably I will bring it to success within the next 2 weeks
- Andreas and Markus works today 3 hours on signer
next top => Automated testing system Andreas / Hayati
- Andreas / Hayati did a phone call, Andreas gave info which tool he wanted to use, and Hayati whould check it and searches for probably other tools
- If the testers will find bugs, we're becoming probably active individualy. Maybe it goes to the same direction, maybe not. We need independent tests
- so ... work in progress
infos by Uli from last Webmontag Frankfurt: http://www.andreas-demmer.de/2010/08/17/folien-zu-continuous-integration-deployment/
- top: Building Testteam, Updates
- Olaf - from Fosdem - didn't respond so far
- next meeting: Sept 28th is ATE Essen, so we defer meeting to Oct 5th
- Question time:
- Martin: Why discussion about signer ? We have a deadline for Thawte points removal patches
- Uli: We are working on several parallel tasks, Signer is such one parallel task
- Uli: action items: Uli + Dirk: Tasks till next meeting: identify patches, generate bug#'s, document patches, push testing
- Dirk: I write patches. I test them by myself. I don't have time to check or create bug#'s for others. Therefor I have too much patch on my usb-stick w/o bug#'s, and they are over one year old
- Uli: about the 3 patches there are probably no bug#'s. Therefor we have to create bug#'s, or we have to wait for Michael till end of this month ... also do you now help on identify those 3 patches ?!?
- Uli: e.g. open question: what does 7-old.php in the system ?!?
- Uli: Dirk, you are one of the 3 Software-Assessors who has to check this. If not, remove this patch
- Andreas: didn't we received consens to remove this file ? because this file isn't used by the system? Probably this was a backup from old days, where changes made on production system. A backup if a hotfix doesn't did as expected and has then been checked in.
- Uli: then the patch is: removal of this file from system and to check if all works fine
- Uli: action items: create bug#, removal of 7-old.php. Dirk, Markus has to remove this file from cacert-devel and testserver, is this correct ?
- Uli: Dirk, where does /scripts/addpoints.php belongs to ? Will this file be used by the webdb system ? or is all under scripts only executable from system console ?
- Dirk: if we try starting to review all files, who should be removed from the production system, we start a bigger construction site
- Uli: currently we have to take care about 7-old.php only. Wether to document it or remove it ... no global garbage collection, thats for later, after we've completed the patches backlog
- Dirk: each needless script can be a security vulnerability
- Uli: 7-old.php can be seen as a test, if it reaches the production system
- Uli: ok, 1/3 files identified for removal ... whats with the other 2 files ? ... /scripts/addpoints.php
- Andreas: currently I don't see a way, how we can test creating certs and if it works. Someday I would like to see certs created not only with the Testserver-Mgmt-System. On the other side, we don't have the time with the "Thawte" patches
- Uli: Dirk, 1 week ago, I've signaled to start with the first patches ... Testsystem is in a state where signer is currently not working, but this doesn't prevent us from start with tests that doesn't need a signer. So we can start testing with patches, which don't need a signer for testing
- Dirk: so why not as action item: 'deploy the thawte-patch' ?
- Uli: testserver has been reset by Markus to state cacert + 3 patches. Now we have to deal with these 3 patches to pass one complete update cycle. The problem: these patches doesn't have currently a bug#. Action item about 'Thawte-patch' I gave you 2 weeks ago
- Dirk: if the state of the patches is unclear, why not remove them ? Michael can comment on them, if he returns or are these patches also time critical ?
- Uli: 'cause Dirk and Markus are the Software-Assessors who has the authority to do this ?!?
- Uli:
- until now, we didn't pass one complete update cycle.
- currently we have 3 simple, uncritical patches in cacert-devel and testserver ... if planned or unplanned .. for playing around, for testing, who knows? ... These patches are good for testing a complete update cycle. 7-old also to test the removal of files
- Andreas: and this we would test with "trivial-patches", this includes removal of 7-old.php
- Uli (continued)
- This patch series should be passed as quick as possible (is there something to test with these patches ?!?)
- "thawte-patch" from Dirk
- Dirk: point 4 is the uncritical part of the thawte-removal-patches ... who shows only the points in descending order but doesn't change the points count on Assurances. The 2nd patch (re-calculation of points) makes only sense if the first patch passes once the update cycle. Should I now correct the first patch or should I delay the correction?
- Uli: Order given 2 weeks ago: please correct the first patch
Uli: 7-old.php => Bug# 865 added
- Dirk: then I have to check who to remove files with git
- Dirk: is thinking ... if he reviews the sources and creates a bundle of bug reports to remove all needless sources, also thinks about capnew.php ...;-)
Uli: /scripts/addpoints.php => Bug# 866 added
Uli: www/wot.php => Bug# 867 added
Uli: Documentation written: Current Tests
Uli: Dirk + Markus: this patch you need to test at testservers console => Bug# 866
- Dirk: I have to check this
- Andreas: who manages mantis bugs system?
- Uli: I only know that PG has set permissions and added a new category, so he has admin access
Andreas: therefor you need shell-access onto the system: see http://manual.mantisbt.org/manual.customizing.mantis.customizing.status.values.php
- Mario: probably bugs hasn't currently an admin
Andreas: We would define a state for the testteam, so they'll can find the current testing bug#'s quickly, alternately to the wiki site: Current Tests
- Mario: If somebody has some Config wishes for bugs, please describe it completely and send it by email to me
- Martin: Why discussion about signer ? We have a deadline for Thawte points removal patches
- 22:43 meeting closed
Action items:
- Uli - document 3 patches currently on cacert-devel, testserver
- Uli: writes docu for patches, pushes tests
- Dirk, Markus: removal of /pages/wot/7-old.php from cacert-devel and testserver
- Dirk: continue correction of "Thawte" patch
- Andreas: contact Wytze about private key on cacert1
- Andreas, Markus: continous signer deployment
- Andreas: contact Wytze about updated signer revision