To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting

Minutes of the MiniTOP on the 2011-05-17

Setting

The MiniTOP will be held via telco 22:00 CEST

Attendees: dirk, uli, ted, marc, michael, marcus, (late: magu)

Topics

new items in last meeting:

Uli: send Michael reminder: strategy for: "Certificates Class3" problem and "New Roots & Escrow" - proposal to board, working session on Sunday -> documentation
Testers: Arbitration case a20110312.1 Weak keys, reviewed by Ted
- needs testing !!! Urgent {-}
Testers: Arbitration case a20110419.1 Bug #637: Weak Passwords
- one report: lost password: is fixed on testserver, needs testing !!! Urgent {-}
Action items from last meeting Meeting Action Items
triage test on CATS (Update)
State Testserver Update, Current Patches on Testserver, current running Arbitrations:
- Arbitration case a20110312.1 Weak keys
- Arbitration case a20110419.1 Bug #637: Weak Passwords
- "Thawte" patch Bug# 827 Points-Count-Order-Change project
strategy plans ...
- strategy for: "Certificates Class3" problem and "New Roots & Escrow" - proposal to board, done in last board meeting
  - upgrade plan: Press release, Announcements to be presented to board by Community
  - m20110515.2 "Class 3 Certificate Resign"
  - m20110515.3 "Prepare press statement about Class 3 Resign"
```
That we ask the community to prepare a press statement, to be sent to
various groups, and to be accepted by Board before sending out.
```
Testgroup: (to contact by phone ?), update
1. mailing: 15 + 6 contacted, responded: 7 + 6, unresponsive: 8
2. m20110515.4 "Rewarding testers"
CI app.test (Update)
Email probe sent to IANA with ip-address coming from the private ip-range #915
next meeting: Tuesday, May 24, 2011 22:00

Minutes

Class3 project: report from last board meeting, questions answered
- PR: magazine that publishes root + class3 fingerprints
Running tests: no progress
Testers to name in patch passed to critical team, emailing CC
- Barcamp Karlsruhe 18./19. Jumi, testers workshop
  - barcamp-karlsruhe.de (dirk, michael, uli, marc no, npapa ?)
- live-cd ? how-to, 2nd profile
- https://nic-nac-project.org/~kaosmos/index-en.html
testers mailing: 15 + 6 contacted, responded: 7 + 6, unresponsive: 8
Ted, Markus, Dirk: 2nd review: Bug#897 (Point System info page Wiki redirect)
- Ted will check on wednesday
dirk: DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php), no update
Dirk: DEV: bug#827 regular Thawte patches: still open 15.php - add assurers state at bottom of page Thursday ?, no update
Ted: bug#942 (cats test), triage test on CATS (Update), to review, to test
CATS system, add onto mgr server, add ted as console admin on mgr server -> Michael
add Michael to host console (firewall add)
Michael: DEV: TMS function (Batch Assurances), no progress
strategy for: "Certificates Class3" problem and "New Roots & Escrow" - proposal to board, done in last board meeting
- upgrade plan: Press release, Announcements to be presented to board by Community
- dirk to contact alex
Testgroup: (to contact by phone ?), update
1. m20110515.4 "Rewarding testers"
  - posting proposal: dirk ok, michael ok
  - Marcus: how to proceed if several testers have identical count ?
    1. to raffle off the winner
    2. first max count wins ?
      - dirk a, ted a, michael a, markus a, uli a, marc abstain
  - to contact secure-u supporting this program: problem is that such a project has no vouchers
  - Month 1: May 2011, Month 2: June 2011, limited to reports on listed patches (currently 6), new bug reports do not count
Email probe sent to IANA with ip-address coming from the private ip-range bug #792
- header infos rcvd, adding to bug #792
- whois domain, ok
- whois ip, complete range, not ok
- no ip check, blind whois, needs to be checked, banned
- see also FAQ/NoDomainName
```
There is no way to register an certificate for an IP address, only for domain names. This is because we cannot warranty that IP won't change. 
```
signer on testserver doesn't work currently, michael checks to fix
next meeting: Tuesday, May 24, 2011 22:00
after-show party:
- working session: dirk, michael
  - git clone ...

fix Root_Certs table on cacert1.it-sls.de

insert into Root_Certs (ID, Cert_Text) values (1,'CAcert Testserver Root');
insert into Root_Certs (ID, Cert_Text) values (2,'CAcert Testserver Class 3');

Fixed Action Items since last Meeting

Ted: bug #897 reviewed (within meeting)

Uli	send Michael reminder: strategy for: "Certificates Class3" problem and "New Roots & Escrow" - proposal to board, working session on Sunday -> documentation	{+}
Marcus, Uli	testers: to contact by phone, changed to by email	{g}
Michael	strategy for: "Certificates Class3" problem and "New Roots & Escrow" - proposal to board, working session on Sunday -> documentation	{g}
Dirk, Uli	Next Board Meeting: Software-Testing - problem to find -active- testers	{g}
Ted, Markus, Dirk	2nd review: Bug#897 (Point System info page Wiki redirect)	{g}

Action Items New

dirk: Barcamp Karlsruhe 18./19. Jumi, testers workshop, invite npapa
uli, markus: testers how-to regarding testserver roots: live-cd ? how-to, 2nd profile add to Welcome Pack
Dirk, Michael, Mawa: bug#942 (cats test) (ted), triage test on CATS (Update), to review, to test
Ted, Michael: CATS system, add onto mgr server, add ted as console admin on mgr server -> Michael
Uli: add Michael to host console (firewall add) (fixed within meeting)
Dirk: strategy for: "Certificates Class3" problem and "New Roots & Escrow" - Press release, Announcements to be presented to board by Community: contact alex
Uli: "Rewarding testers" post proposal, publish with updated infos
Michael: signer on testserver doesn't work currently (problem is triggered gpp key that crashes signer), needs fixing (fixed within meeting)
Michael: fix Root_Certs table on cacert1.it-sls.de (fixed within meeting)

Action items: Meeting Action Items

Software/Assessment/ActionItems

all	proposed Apache config SSLCipherSuite settings for CAcert SSL enabled infrastructure systems see also BEAST migration https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls Proposal from Sysadm list 2013-09-06	{0}
SA	documentation server cert design concept to SystemAdministration/Systems/Development/Prepare	{0}
all	review Software patches Update Cycle	{0}
BenBE, Marcus	documentation: developer git repos under github bug #1131 history @ github CAcertOrg @ github started under Software/Assessment/Documentation/UpdateCycle/step1	{0}
NEO	BenBe: request: htttps header on bugtracker bug #1116	{0}
all	read x509 guide	{0}
all	bug#1068 blog problem (also relates to community) debian lenny - edge - squeeze upgrades needed alternate: new server with squeeze, install wordpress, transfer domain workaround: configure your FF FAQ/BrowserClients	{g}
uli	Experience points for ATE attendance check board motions and/or trigger if not yet passed	{0}
uli	Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18 current state: see Funding Landing Page May 2013: tk-server sponsoring, tk-server rcvd, deployment: WIP, project not yet finished	{0}
All	1. next: strategy for "New Roots & Escrow" - using indirect crl's ? indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment	{0}
dirk, Michael	3. next: strategy for "New Roots & Escrow" - how does debian work? to contact, deferred to next events (?) next round: picked up by Benedikt new proposal 2013-06-02	{0}
Uli, Michael	Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png	{0}

Development, Deployment, Discussion

OAO, Ted	bug #943 change OA admin/assurer text	needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected	{-}
uli, Ted	bug #824 Org User cert fix Case study	Organisation User Certificates: Need UI improvement for proper production usage	{0}
uli, ted	bug #823 email address removal fix	No warning when removing e-mail address from account that certificates will be revoked checked by 4, needs 2nd review, deploy rejected	{-}
inopiae	bug #920 Join - single name only (eg Indonesian)	details under bug number	{0}
uli	bug #859 admin console interface	feature request: show activity on an account in the admin interface rejected, certs login doesn't modify "modified" field	{r}
Michael	bug #540	p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing uli, marcus: needs full cert create tests duplicate report to bug#978 tested by 3, 2nd review done, transfered Ken reported: still has problems, bug kept open	{0}
gagern, NEO	bug #440 Problem with subjectAltName (CSR, renew certs)	There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development	{r}
neo	bug #1025 Domain Dispute issue	disputes rc and rc2 var prob needs work	{r}
dirk	bug #1054 0001054: Review the code regarding the new point calculation	Thawte patch part II needs further work	{r}

Software Assessors: Review 1 / add to cacert-devel, add to testserver

Software-Assessors task

Testing

Testers task

neo	bug #1004 Stats page improvement	tested by 2, needs 2nd review	{0}
neo	Bugs #1159 it might be possible to execute commands on the signing server		{0}
inopiae	bug #1065 Wrong wording when sending mails during the assurance process		{0}
inopiae	bug #1162 calcutate (the passwords) hash in php instead of in mysql	create test scenarios for the software testers $/!\$ Full testing $/!\$	{0}
inopiae	bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails		{0}
inopiae	bug #988 TTP cap form deployment		{0}

Software Assessors: 2nd Review, Bundle Package to Critical Team

Software-Assessors task

Ted	bug #500 Get contact mail adress after resolving test	tested by 3, requires review	{0}
Ted	bug #1140 Show if a test is passed in learnprogress	tested by 3, requires review	{0}
magu	bug #1131 Rename _all_ Policies from .php to .html and fix all links	global policy directory maintenance and update	{0}
inopiae	bug #1010 Reorder the view on organisation certificates	tested by 3	{0}

Software Assessors: Bundle Package to Critical Team

Software-Assessors task

inopiae

bug #1139 Add new fields to the database

tests through #500 and #1140, 2nd review done, requires transfer

{0}

Awaiting Response from Critical Team

inopiae

bug #411 Wrong text is made into link

{g}

CategorySoftwareAssessment

CategorySoftwareAssessment

Software/Assessment/20110517-S-A-MiniTOP (last edited 2011-09-23 00:06:58 by UlrichSchroeter)