. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110809-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110823-S-A-MiniTOP|next meeting]]'''
----
= Minutes of the MiniTOP on the 2011-08-16 =
== Setting ==
The MiniTOP will be held via telco 22:00 CEST
Attendees: dirk, magu, uli, alex, Michael
== Topics ==
(skip to agenda)
Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
<<Include(Software/Assessment/ActionItems)>>
== Agenda ==
1. Workshop - The List of open / running / unhandled bugs - Part I
1. Working Session - Action Items to start
1. x^4^ [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login
* needs 2nd review - Ted, done<<BR>>needs bundling, done
* NEO: did restructuring (sql query to subroutine), (Update 2011-07-26), re-tested, reviewed
* needs bundling
1. annoying gpg bug #911
|| [[https://bugs.cacert.org/view.php?id=911|bug #911]] gpg bug || gpg keys expires 1970<<BR>>tests started 2 weeks ago<<BR>>needs review, deploy || {0} ||
1. VBscript for Vista/Win7 (select keysize >= 1024)
|| x^1^ Dirk, new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<<BR>>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' || current state: test /account/4.php added to testserver<<BR>>Marcus will do detailed tests on Wed<<BR>>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] || {-} ||
* as part of
* x^1^ Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] / [[https://bugs.cacert.org/view.php?id=954|bug #954]] / [[https://bugs.cacert.org/view.php?id=964|bug#964]]
* Current state:
|| {g} || pre mailing sent ||
|| {g} || keys revocation script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]], finished ||
|| {-} || dirk: DEV: [[Arbitrations/a20110312.1|a20110312.1]] [[https://bugs.cacert.org/view.php?id=918|bug#918]] Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' <<BR>>vbscript needs to be improved with select box key size and lower limit to 2048 (based on [[https://wiki.mozilla.org/CA:MD5and1024]])<<BR>>Api CertEnroll (MS crypto provider)<<BR>>new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<<BR>>current state: test /account/4.php added to testserver<<BR>>Marcus will do detailed tests on Wed<<BR>>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] ||
|| {g} || Weak keys blog post, published ||
|| {g} || Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30) ||
|| {b} || weak keys: problems with cryptostick (to test at [[events/FrOSCon2011|Froscon]] with Juergen ?) ||
* cert enroll infos under [[https://bugs.cacert.org/view.php?id=964|bug#964]]
* vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation
* [[http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx]]
* Marcus: added notes for Win7 [[https://bugs.cacert.org/view.php?id=964#c2249]]
1. Needs development, deployment, discussion
1. Advertising
1.
|| [[https://bugs.cacert.org/view.php?id=958|bug #958]] || ADS Challenge, Advertising || {0} ||
* [[CAcertInc/LogosForSale/Rules]] wiki link exist
* "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logo
* Logos and Links exist, needs deployment to testserver
1. google ads, nobody knows about
* [[http://google.de/adsense/]] - needs google account
* ad client id: pab.*9860, email adress is needed
* board member to write email request to Robert, Philipp, Philpp, Teus, ernie
* contact google?
* account recovery?
1. Thawte Patch - PR strategy
1. x^2^ [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
* [[https://bugs.cacert.org/view.php?id=959|bug #959]] deployed
* [[https://bugs.cacert.org/view.php?id=827|bug #827]] awaiting response from critical team
* next steps:
1. preparing PR, support
1. report from Wytze, Hans: review, rebundle
* if the patch goes active, this needs support
* wiki faq (existing page? thawte topic?)
* blog (-> alex)
* mailing list
* press release? probably not at this state
* Support: could be better, but is ok
* Triage: where to forward Thawte patch requests?
* add to Support team meeting agenda
1. PRO
* question from board -> PR officer
* request to Alex
* support from all
* Board meeting was 2011-08-07, but no PR officer nominated/appointed
1. Workshop - The List of open / running / unhandled bugs - Part II
1. Dirk '''reminder''' (from last meeting) assure someone patches (checkboxes)
|| Dirk || DEV: [[https://bugs.cacert.org/view.php?id=894|bug #894]] problems with check-boxes on website forms (Assure someone) -> [[Arbitrations/a20091118.3|a20091118.3]] || {0} ||
1. Bugs under testing:
|| Dirk, Michael, Ted || [[https://bugs.cacert.org/view.php?id=957|bug #957]] Resize the comment field on [[https://secure.cacert.org/account.php?id=27]] so more information is visible || {0} ||
|| Dirk, Michael, Ted || [[https://bugs.cacert.org/view.php?id=965|bug #965]] 0000965: Outsource / fix Webdb text pages id=12, 13 || {0} ||
1. Review bugs under testing (finished testing?) (Review 2?)
|| [[https://bugs.cacert.org/view.php?id=910|bug #910]] Outsource board member list || from Webdb to wiki (id=8) (Part II) || {0} ||
|| [[https://bugs.cacert.org/view.php?id=955|bug #955]] change sort order Orga list || Possibilty to change the sorting order for the organisation overview || {0} ||
1. (review), to bundle, to deploy
|| [[https://bugs.cacert.org/view.php?id=940|bug #940]] help* to wiki || Outsource Webdb text pages help.php?id=0..9 to wiki<<BR>>needs review, deploy || {0} ||
1. Needs review, transfer to Critical team
1. x^4^ [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login
* needs 2nd review - Ted, done<<BR>>needs bundling, done
* NEO: did restructuring (sql query to subroutine), (Update 2011-07-26)
* needs re-tested
* needs 2nd review, bundling
* => Ted on Wed, not done
|| x^4^ NEO: [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login || needs 2nd review - Ted, done<<BR>>needs bundled<<BR>>NEO will check to get sql query extracted<<BR>>needs pushing<<BR>>pushed to testserver<<BR>>Needs Review & testing || {0} ||
1. Needs development, deployment, discussion
1. [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver)
|| [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver) || asssigned to Ted, set to needs work, CATS to install on ca-mgr1 || {0} ||
1. [[https://bugs.cacert.org/view.php?id=943|bug #943]] change OA admin/assurer text
|| [[https://bugs.cacert.org/view.php?id=943|bug #943]] change OA admin/assurer text || -> Ted, rejected, needs comment from OAO || {-} ||
* webdb names OrgAdmins as OrgAssurers and names OrgAssurers as OrgAdmins.
* patch takes account about this issue
* problem with menu link Org Admin .. is Org Assurers menu
* but this menu includes one addtl. link "View" that is available for Org Admins
* and Org Admins with master flag to add new admins
* master flag is not described in OAP (!)
* addtl master flag to revoke ?
* rename to "Org Administration"
* don't show menu to OrgAdmins
1. [[https://bugs.cacert.org/view.php?id=966|bug #966]]
* tests ok, but the question is, is OrgAdmin allowed to remove other admins ? yes or no?
* current scenario doesn't allow removal of other admin
* NEO: reset testserver state to fix state before bugfix
* NEO: re-add bug 966 to testserver
* bug needs more work, selection currently clashes with language setting (Delete != Löschen)
* general problem in /pages/account.php with process variable, transfer of "cancel" pushes any action
* potential workaround to fix all "Cancel" requests available
* read [[https://bugs.cacert.org/view.php?id=966#c2287]]
1. Still awaiting response from Critical team
|| x^2^ [[https://bugs.cacert.org/view.php?id=827|bug #827]] "Thawte" patch (still running)<<BR>>related [[https://bugs.cacert.org/view.php?id=959|bug #959]] || needs 1 more test, needs 2nd review<<BR>>2nd review: also check -x<<BR>>tests done, 2nd review outstanding || {0} <<BR>> {g} ||
* x^2^ [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
* todo:
1. NEO: 2nd review of [[https://bugs.cacert.org/view.php?id=827|Bug# 827]]
1. NEO: bundling [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] to critical team
* [[https://bugs.cacert.org/view.php?id=959|bug #959]] deployed
* 2nd review and bundling by Ted
* bundling instruction to critical team, deploy 15.php, and 7 days later 10.php
* awaiting response from critical team
1. strategy plans ... next: strategy for "New Roots & Escrow"
1. idea: using indirect crl's ?
* 2 crl's needed, one valid, one invalid crl server
* more infos available ? who ?
1. build testserver with special certs
1. Magu, Michael to send instructions for test deployment
* indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5)
* meetings ago we've defined Testing requirements and a potential testszenario
* to remind every meeting
1. policy group: define requirements
* multimember escrow method ?
* needs risk analyze
* potential candidates ?
* Marcus to contacted Benedikt, will contact Thomas K
* Next step(s)
1. how does debian work ?
* defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
1. The Bjoern report
* [[https://blog.cacert.org/2011/06/518.html#comments|New signatures for CAcert-Class 3-Subroot-certificate - Comments]]
1. CI (Update)
* [[http://live.eclipse.org/node/1031|description to eclipse testpage]], [[http://adobedev.adobe.acrobat.com/p4101brizwr/|Webinar]]
* deployment scenario:
1. create testusers
1. testing
1. delete testusers
* regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
* reminder
1. next meeting: Tuesday, August 23, 2011 22:00
== Minutes ==
1. Froscon planning
1. PRO
* question from board -> PR officer
* request to Alex
* support from all
* Board meeting was 2011-08-07, but no PR officer nominated/appointed
* Uli to write nomination to board mailing list cc alex
1. Thawte Patch - PR strategy
1. x^2^ [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
* [[https://bugs.cacert.org/view.php?id=959|bug #959]] deployed
* [[https://bugs.cacert.org/view.php?id=827|bug #827]] awaiting response from critical team
* next steps:
1. preparing PR, support
1. report from Wytze, Hans: review, rebundle
* if the patch goes active, this needs support
* wiki faq (existing page? thawte topic?)
* blog (-> alex)
* mailing list
* press release? probably not at this state
* Support: could be better, but is ok
* Triage: where to forward Thawte patch requests?
* add to Support team meeting agenda
* patch review
* 10.php / 15.php ranking differs
* 15.php experience points links to assurer account
* alex to prepare blog post
1. language translations - rethink to disable?
1. Working sesson
1. bug 827 - needs fix -> dirk (./)
1. bug 841 - needs 2nd review -> dirk +
1. bug 911 - needs 2nd review -> dirk +
1. bug 966 - new fix -> Michael (./)
1. use dev mailinglist for communication
==== Fixed Action Items since last or within meeting ====
|| All || [[AGM/TeamReports/2011#Software-Assessment-Project|AGM team report]] review || {g} ||
----
==== Action Items New ====
1. PRO
* Uli to write nomination to board mailing list cc alex
1. thawte patch 827
* alex to prepare blog post
1. use dev mailinglist for communication
Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
----
. CategorySoftwareAssessment