. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110816-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110830-S-A-MiniTOP|next meeting]]'''

----

= Minutes of the MiniTOP on the 2011-08-23 =

== Setting ==
The MiniTOP will be held via telco  22:00 CEST

Attendees: dirk, uli, ted, Michael, Marcus, Marc, Magu, Alex

== Topics ==

(skip to agenda)

Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''


== Agenda ==
 1. Workshop - The List of open / running / unhandled bugs - Part I
  1. Working Session - Action Items to start
   1. x^4^ [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login
    * needs 2nd review - Ted, done<<BR>>needs bundling, done
    * NEO: did restructuring (sql query to subroutine), (Update 2011-07-26), re-tested, reviewed
    * needs 2nd review, bundling
     * => Ted on Wed, not done
   || x^4^ NEO: [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login || needs 2nd review - Ted, done<<BR>>needs bundled<<BR>>NEO will check to get sql query extracted<<BR>>needs pushing<<BR>>pushed to testserver<<BR>>Needs Review & testing || {0} ||

 1. Froscon is over, whats with the 2 open action items?
  || dirk, Michael || 3. next: strategy for "New Roots & Escrow" - how does debian work?<<BR>>to contact, defered to Froscon (end of Aug), CCCcamp (around Aug 10th) || {-} ||
  || Michael || weak keys: problems with cryptostick to test at [[events/FrOSCon2011|Froscon]] with Juergen ? || {-} ||

 1. Workshop - The List of open / running / unhandled bugs - Part II
  1. VBscript for Vista/Win7 (select keysize >= 1024)
   || x^1^ Dirk, new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<<BR>>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/..  4.php, 17.php  to combine ? (/includes/keygen.php) '''DEV''' || current state: test /account/4.php added to testserver<<BR>>Marcus will do detailed tests on Wed<<BR>>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] || {-} ||
   * as part of
   * x^1^ Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] / [[https://bugs.cacert.org/view.php?id=954|bug #954]] / [[https://bugs.cacert.org/view.php?id=964|bug#964]]
   * Current state:
    || {g} || pre mailing sent ||
    || {g} || keys revocation script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]], finished ||
    || {-} || dirk: DEV: [[Arbitrations/a20110312.1|a20110312.1]] [[https://bugs.cacert.org/view.php?id=918|bug#918]] Weak keys: /pages/account/..  4.php, 17.php  to combine ? (/includes/keygen.php) '''DEV''' <<BR>>vbscript needs to be improved with select box key size and lower limit to 2048 (based on [[https://wiki.mozilla.org/CA:MD5and1024]])<<BR>>Api CertEnroll (MS crypto provider)<<BR>>new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<<BR>>current state: test /account/4.php added to testserver<<BR>>Marcus will do detailed tests on Wed<<BR>>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] ||
    || {g} || Weak keys blog post, published ||
    || {g} || Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30) ||
    || {b} || weak keys: problems with cryptostick (to test at [[events/FrOSCon2011|Froscon]] with Juergen ?) ||

   * cert enroll infos under [[https://bugs.cacert.org/view.php?id=964|bug#964]]
   * vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation
    * [[http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx]]
    * Marcus: added notes for Win7 [[https://bugs.cacert.org/view.php?id=964#c2249]]

  1. Advertising
   1.
    || [[https://bugs.cacert.org/view.php?id=958|bug #958]] || Advertising, ADS Challenge || {0} ||

    * [[CAcertInc/LogosForSale/Rules]] wiki link exist
    * "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logo
    * Logos and Links exist, needs deployment to testserver

   1. google ads, nobody knows about
    * [[http://google.de/adsense/]] - needs google account
     * ad client id: pab.*9860, email adress is needed
     * board member to write email request to Robert, Philipp, Philpp, Teus, ernie
     * contact google?
     * account recovery?

  1. Thawte Patch - PR strategy
   1. x^2^ [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
   || x^2^ [[https://bugs.cacert.org/view.php?id=827|bug #827]] "Thawte" patch (still running)<<BR>>related [[https://bugs.cacert.org/view.php?id=959|bug #959]] || needs 1 more test, needs 2nd review<<BR>>2nd review: also check -x<<BR>>tests done, 2nd review outstanding || {0} <<BR>> {g} ||
    * [[https://bugs.cacert.org/view.php?id=959|bug #959]] deployed
    * [[https://bugs.cacert.org/view.php?id=827|bug #827]] awaiting response from critical team
    * next steps:
     1. preparing PR, support
     1. report from Wytze, Hans: review, rebundle
    * if the patch goes active, this needs support
     * wiki faq (existing page? thawte topic?)
     * blog (-> alex)
      * mailing list
      * press release? probably not at this state
     * Support: could be better, but is ok
      * Triage: where to forward Thawte patch requests?
      * add to Support team meeting agenda 
     * patch review
      * 10.php / 15.php ranking differs
      * 15.php  experience points links to assurer account
      * patch applied to testserver, patch to transfer to critical system
     * alex to prepare blog post

  1. Dirk '''reminder''' (from last meeting) assure someone patches (checkboxes)
   || Dirk || DEV: [[https://bugs.cacert.org/view.php?id=894|bug #894]] problems with check-boxes on website forms (Assure someone) -> [[Arbitrations/a20091118.3|a20091118.3]] || {0} ||

  1. Bugs to Review #1, transfer to testserver
   || Dirk || Advertising (from last board meeting), [[https://bugs.cacert.org/view.php?id=958|bug #958]] || add changes as discussed in last meeting to testserver || {0} ||
   || uli || [[https://bugs.cacert.org/view.php?id=968|bug #968]] error logging cleanup (splitted bug #909) || split 0000909: too many error messages logged - part II - general.php || {0} ||
   || uli || [[https://bugs.cacert.org/view.php?id=967|bug #967]] || Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer || {0} ||
   || uli || [[https://bugs.cacert.org/view.php?id=882|bug #882]] || display Assurance when field in list of assurances received, assurances given by a user in admin console interface || {0} ||
   || uli || [[https://bugs.cacert.org/view.php?id=846|bug #846]] Join Form restructure, help link || Better guidance of bonafide members in Join Form about Suffixes they doesn't have in their ID doxs (a20100207.2) || {0} ||
   || uli || [[https://bugs.cacert.org/view.php?id=794|bug #794]] || visibility over certificates for sysadm in account administration || {0} ||
   || Ted, uli || [[https://bugs.cacert.org/view.php?id=957|bug #957]] Resize the comment field on [[https://secure.cacert.org/account.php?id=27]] so more information is visible || new fix avail 2011-08-19 || {0} ||

  1. Bugs under testing:
   || Dirk, Michael, Ted || [[https://bugs.cacert.org/view.php?id=965|bug #965]] 0000965: Outsource / fix Webdb text pages id=12, 13 || one more testing || {0} ||

  1. Review bugs under testing (finished testing?) (Review 2?)

   || [[https://bugs.cacert.org/view.php?id=910|bug #910]] Outsource board member list || from Webdb to wiki (id=8) (Part II) || {0} ||
   || [[https://bugs.cacert.org/view.php?id=955|bug #955]] change sort order Orga list || Possibilty to change the sorting order for the organisation overview || {0} ||

   1. [[https://bugs.cacert.org/view.php?id=966|bug #966]]
    * tests ok, but the question is, is OrgAdmin allowed to remove other admins ? yes or no?
    * current scenario doesn't allow removal of other admin
    * NEO: reset testserver state to fix state before bugfix
    * NEO: re-add bug 966 to testserver
    * bug needs more work, selection currently clashes with language setting (Delete != Löschen)
    * general problem in /pages/account.php with process variable, transfer of "cancel" pushes any action
    * potential workaround to fix all "Cancel" requests available
     * read [[https://bugs.cacert.org/view.php?id=966#c2287]]

  1. Needs review, transfer to Critical team, to bundle, to deploy
   || [[https://bugs.cacert.org/view.php?id=940|bug #940]] help* to wiki || Outsource Webdb text pages help.php?id=0..9 to wiki<<BR>>needs review, deploy || {0} ||

  1. Needs development, deployment, discussion

   1. [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver)
   || [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver) || asssigned to Ted, set to needs work, CATS to install on ca-mgr1 || {0} ||

   1. [[https://bugs.cacert.org/view.php?id=943|bug #943]] change OA admin/assurer text
    || [[https://bugs.cacert.org/view.php?id=943|bug #943]] change OA admin/assurer text || -> Ted, rejected, needs comment from OAO || {-} ||
    * webdb names OrgAdmins as OrgAssurers and names OrgAssurers as OrgAdmins.
    * patch takes account about this issue
    * problem with menu link Org Admin .. is Org Assurers menu
     * but this menu includes one addtl. link "View" that is available for Org Admins
      * and Org Admins with master flag to add new admins
     * master flag is not described in OAP (!)
     * addtl master flag to revoke ?
     * rename to "Org Administration"
     * don't show menu to OrgAdmins

  1. Still awaiting response from Critical team

 1. strategy plans ... next: strategy for "New Roots & Escrow"
  1. idea: using indirect crl's ?
   * 2 crl's needed, one valid, one invalid crl server
   * more infos available ? who ?
    1. build testserver with special certs
    1. Magu, Michael to send instructions for test deployment
     * indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5)
   * meetings ago we've defined Testing requirements and a potential testszenario
   * to remind every meeting
  1. policy group: define requirements
   * multimember escrow method ?
    * needs risk analyze
    * potential candidates ?
     * Marcus to contacted Benedikt, will contact Thomas K
     * Next step(s)
  1. how does debian work ?
   * defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
  1. The Bjoern report
   * [[https://blog.cacert.org/2011/06/518.html#comments|New signatures for CAcert-Class 3-Subroot-certificate - Comments]]

 1. CI (Update)
  * [[http://live.eclipse.org/node/1031|description to eclipse testpage]], [[http://adobedev.adobe.acrobat.com/p4101brizwr/|Webinar]]
  * deployment scenario:
   1. create testusers
   1. testing
   1. delete testusers
  * regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
  * reminder

 1. next meeting: Tuesday, August 30, 2011 22:00

== Minutes ==
 1. x^2^ [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
  || x^2^ [[https://bugs.cacert.org/view.php?id=827|bug #827]] "Thawte" patch (still running)<<BR>>related [[https://bugs.cacert.org/view.php?id=959|bug #959]] || needs 1 more test, needs 2nd review<<BR>>2nd review: also check -x<<BR>>tests done, 2nd review outstanding || {0} <<BR>> {g} ||
   * [[https://bugs.cacert.org/view.php?id=959|bug #959]] deployed
   * [[https://bugs.cacert.org/view.php?id=827|bug #827]] awaiting response from critical team
   * next steps:
    1. preparing PR, support
    1. report from Wytze, Hans: review, rebundle
   * if the patch goes active, this needs support
    * wiki faq (existing page? thawte topic?)
    * blog (-> alex)
     * mailing list
     * press release? probably not at this state
    * Support: could be better, but is ok
     * Triage: where to forward Thawte patch requests?
     * add to Support team meeting agenda 
    * patch review
     * 10.php / 15.php ranking differs
     * 15.php  experience points links to assurer account
     * patch applied to testserver, patch to transfer to critical system
    * alex to prepare blog post
   * 15.php to push, 10.php ? to set active ? or not?
   * mailing to people: Ted, Florian F, PG, Wytze, Carsten L, Jeff F, Frank K (ask Marcus) 120 pts, Sebastian K

 1. [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver)
  || [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver) || asssigned to Ted, set to needs work, CATS to install on ca-mgr1 || {0} ||
  * Ted needs access informations, configuration of IP

 1. Dirk - development
  || Dirk, Michael || [[https://bugs.cacert.org/view.php?id=827|bug #827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] Thawte patch/Points-Count-Order-Change project || related bug 959: needs 1 more test, needs 2nd review / 2nd review: also check -x / tests done, needs 2nd review<<BR>>959 {g} reviewed, deployed <<BR>>827 {g} reviewed, deployment in 2 steps<<BR>>new fixes, reviewed, needs testing || {g} <<BR>> {0} <<BR>> {g} ||

 1. Dirk - 2nd review
  || x^4^ NEO: [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login || needs 2nd review - Ted, done<<BR>>needs bundled<<BR>>NEO will check to get sql query extracted<<BR>>needs pushing<<BR>>pushed to testserver<<BR>>Needs Review & testing || {0} ||
  * not started? not finished

 1. Michael - 2nd review
  * on [[https://bugs.cacert.org/view.php?id=827|bug #827]]

 1. Ted - reviewed
  || uli, ted || [[https://bugs.cacert.org/view.php?id=882|bug #882]] || display Assurance when field in list of assurances received, assurances given by a user in admin console interface || {0} ||
  || uli, ted || [[https://bugs.cacert.org/view.php?id=794|bug #794]] || visibility over certificates for sysadm in account administration || {0} ||
  || Ted, uli || [[https://bugs.cacert.org/view.php?id=957|bug #957]] Resize the comment field on [[https://secure.cacert.org/account.php?id=27]] so more information is visible || new fix avail 2011-08-19 || {0} ||

 1. [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver)
  || [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver) || asssigned to Ted, set to needs work, CATS to install on ca-mgr1 || {0} ||
  * Ted needs an IP address
  * Uli to request dns entry for cats1.it-sls.de by Andreas

 1. Froscon is over, whats with the 2 open action items?
  || dirk, Michael || 3. next: strategy for "New Roots & Escrow" - how does debian work?<<BR>>to contact, defered to Froscon (end of Aug), CCCcamp (around Aug 10th) || {o} ||
   * no success, people not avail at Froscon
  || Michael || weak keys: problems with cryptostick to test at [[events/FrOSCon2011|Froscon]] with Juergen ? || {g} ||
   * Magu has a stick, to meet with Michael

==== Fixed Action Items since last or within meeting ====
 || Dirk, Michael, Ted || annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]] (gpg expires 1970) || Tested<<BR>>needs 2nd review, deploy || {g} ||
 || Uli || PRO: Uli to write nomination to board mailing list cc alex || {g} ||
 || Michael || weak keys: problems with cryptostick to test at [[events/FrOSCon2011|Froscon]] with Juergen ? || {g} ||


----

==== Action Items New ====
 || Uli || to request dns entry for cats1.it-sls.de by Andreas (for bug #835) || {0} ||

Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
<<Include(Software/Assessment/ActionItems)>>  

----
 . CategorySoftwareAssessment