To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting
Minutes of the MiniTOP on the 2011-11-29
Setting
The MiniTOP will be held via telco 22:00 CET
Attendees: dirk, marcus, magu, uli, werner, michael
Topics
(skip to agenda)
Action items from last meeting Meeting Action Items
Agenda
bug #976 - database restructure preperation
- current state summary:
- transfered to critical system, patch has been applied
- database upgrade, scheduled for Wed Nov 23rd, successfully finished
- current state summary:
bug #827 - New Points calculation / Thawte patch
- The patch
- state 2011-11-27
- The patch
- patch 10.php added
- PR work
- mailing script running/sent
- "Special case" - handling of 0:0 cases under arbitration
Arbitration case a20111001.1 still running
review of Support/Handbook/NewPointsCalculation instructions for SE's
- 3 potential scenarios possible:
- orig email is identical to email addr on CAP form
- orig email is secondary email in account, assuree can set email addr from assurance to primary email
- orig email from assurance is no longer valid, assurer has to contact support
- addtl. documentation required
- new email addr to write onto assurers cap form, with ticket id, old assurance id, new assurance id
- addtl. documentation old id + ticket id to add in locations field
- 3 potential scenarios possible:
- Questions from last 10 meetings:
- dirk: when will 827 goes to production?
- date fixed: 2011-11-27
- The patch
- The patch
- Testers workqueue
Translingo bug #985
https://translations.cacert.org (http://translations.cacert.org/) (replacement for translingo)
- the translingo.cacert.org had been in operation far longer, so I think it is possible that some users migrated to translingo.cacert.org, without telling us.
- I would suggest to mass-mail the email addresses of the translation-project leaders in the translingo database, to inform them, and to ask them to speak up if they still need it
- last foreign uploads 2008 on about 13 + cacert projects
- whohas translingo server console access?
- mario
- req for console access for michael to contact project leaders, Updates?
- Transfer In, Transfer Out problems
- Update from new deployment ?
- opened for: create an account can now be started
- Michael current state:
- import and export routine works
- script to incorporate updates needs fixed
- next: complete language handling needs to be updated
- accept lang handler needs fix
- FF de, de_de
- IE 6 de, 8,9 de_de
- working session within last meeting: michael, marcus
- infos from meeting 2011-10-18
- pdf code needs rewrite (uni code library, move to external server (outsourcing))
- message cert notification - uses perl code, text source not avail (get bind-text-domain)
- infos from meeting 2011-10-18
- current state?
- Marcus sent mailing to translators, no response so far, no tests so far (week 3)
- Morten NO
- Emanuel IT
- current state:
- create test system accounts dutch@test, espania@test and so on, let users do their tests
- Magu, Marcus will give it a try
- a couple of testers has started testing and reporting within the last 7 days
- results: de, fr, en, pl, es, pl
bug#894 "Haeckchen bug" - review done, changes needs reviewed again
3
Dirk
bug#894 assure someone patches (checkbox)
(incl wot.php changes)
tested by 2, needs 2nd review, deploy
new test round{0}
? / u1 / m1
- review by dirk in session, review ok
- current state:
- needs testing
- Magu, Marcus will pickup the task
- one and last test and report done 2011-11-19 (week 4)
bug#540 No key usage attribute in cacert org certs anymore?
also: bug#905
Policy group discussion - Extended key usage -> p20111113 started, extended for 1 week
- new related topics
- ios5 bug
- tested, works and fixes the ios5 bug
- quick review doesn't cover any clashes with our proposal
- ios5 bug
- Motion CARRIED with strong consensus
- next steps:
- prepare fixes
- testing?
- transfer to critical system
- OCSP server - timeout 10 min too short, 3 days to long, recommendation is 24-48 hours max, verisign: 7 days, startssl: 2d
- who has been informed, contacted?
- Michael will inform Wytze
- Build + Document Emergency Patches Path
Build + Document Emergency Patches Path
Andreas, Uli, Wytze
{0}
- Documentation written, reviewed by Wytze, Marcus
Michael: reminder for review Software/Assessment/Documentation/EmergencyPatches
- other reviews done ?
- Michaels workqueue
- New function to TMS - edit notary table record
- infos from last meeting
- testers needs editing individual notary records: fields "method", "awarded", "points"
- easier to create notary records with testserver (add F2F), and edit existing record, doesn't need to check for assurer-from, assuree-to and so on
- Update?
- Michael (2011-11-15): after some other bug reviews
- New function to TMS - edit notary table record
- Dirks workqueue - The List of open / running / unhandled bugs
VBscript for Vista/Win7 (select keysize >= 1024) - reminder to dirk
x1 Dirk, new bug#964
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEVcurrent state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964{-}
- as part of
x1 Arbitration case a20110312.1 Weak keys bug #918 / bug #954 / bug#964
- Current state:
{g}
pre mailing sent
{g}
keys revocation script to bulk revoke weak keys, new bug #954, finished
{-}
dirk: DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV
vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024)
Api CertEnroll (MS crypto provider)
new bug#964
current state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964{g}
Weak keys blog post, published
{g}
Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30)
{b}
weak keys: problems with cryptostick (to test at Froscon with Juergen ?)
cert enroll infos under bug#964
vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation
http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx
Marcus: added notes for Win7 https://bugs.cacert.org/view.php?id=964#c2249
- dirk: has not started the virtual machine
- Question from Marcus: did someone contacted illuminat?
- No, Marcus: to contact illuminat
- illuminat will give it a try, first needs download of testserver image
- Update?
- marcus: illuminat not yet seen last time
baseline requirement - keyssize >= 2048 to fix till end of 2011
- how to proceed?
- dirk: 1st step, to bring win test server localy online
- marcus: to contact illuminat
Bugs to Review #1, transfer to testserver - Currently 4
uli
bug #977 admin console text fix
admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue
{0}
uli
bug #967 OA isassurer check
Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer
{0}
uli
bug #859 admin console interface
feature request: show activity on an account in the admin interface, new update
{0}
inopiae
New layout of view for Organisation Administraors in account/id35
{0}
Bugs under testing: - Currently 5
neo
bug #985 move translingo to translations
check language settings under testserver
{0}
inopiae
bug #920 Join - single name only (eg Indonesian)
details under bug number
present to Policy Group ?{0}
uli
bug #855 admin console interface "unknown" + "empty" assurance method fields, needed for correct testing on testserver
admin console lists "empty" and "Unknown" assurance types on listing given Assurances
{0}
3
Dirk
bug#894 assure someone patches (checkbox)
(incl wot.php changes)
tested by 2, needs 2nd review, deploy
new test round{0}
? / u1 / m1
7
uli, ted
bug #789 OA edit domain fix
Editing domain for organisations does not work
new update 2011-09-26
more fixes, more testing
* testcase scenario
* open org, edit 1st domain in new window, edit 2nd domain in new window
* results in: change made in window 2, written to record in window 2
* needs cross checking{0}
? / u7 / m7
Needs 2nd review + transfer to Critical team, to bundle, to deploy - Currently 1
- define priority eg. 10,2, and so on, proposed order: from 1 to 10
8
Ted, uli
bug #957 Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible
last update 2011-08-19
tested 3 times
ready to deploy?{0}
? / u8 / m8
- define priority eg. 10,2, and so on, proposed order: from 1 to 10
- Needs development, deployment, discussion, reminder
strategy plans ... next: strategy for "New Roots & Escrow"
- idea: using indirect crl's ?
- 2 crl's needed, one valid, one invalid crl server
- more infos available ? who ?
- build testserver with special certs
- Magu, Michael to send instructions for test deployment
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5)
- meetings ago we've defined Testing requirements and a potential testszenario
- to remind every meeting
- Michael: testserver environment deployment
- Michael will review after Certs extension policy group vote
- policy group: define requirements
- multimember escrow method ?
- needs risk analyze
- potential candidates ?
- Marcus to contacted Benedikt, will contact Thomas K
- Next step(s)
- multimember escrow method ?
- idea: using indirect crl's ?
- CI (Update)
description to eclipse testpage, Webinar
- deployment scenario:
- create testusers
- testing
- delete testusers
- regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
- reminder
- deployment scenario:
- Jubula Test-Tool (by Michael) - update?
instructions see under Minutes meeting 2011-08-30
- test deployment needs to be continued by software testers
Jubula documentation started: Software/Jubula
- new proposal by Sven: Webdriver with Maven and Jenkins-CI
- Jubula vs. Webdriver
- testserver variants
- testserver for manual tests
- testserver of OS and application upgrades
- testserver for CI
- test methods
- unit test
- test single modules, exceptions
- integration tests
- test interaction of modules
- system tests
- complete system test, with database interactions, module interactions and much more
- unit test
- sven did some work regarding frontendtest (Webdriver with Maven and Jenkins-CI)
- Michael did some review: probably needs some seperation
- Infrastructure seperation
- contacting secure-u, oophaga started?
- Frank, Mario, Ted, Uli, Sebastian ?
- contacting secure-u, oophaga started?
- next meeting: Tuesday, December 6, 2011 22:00
Minutes
- Several discussions regarding mailing
- increased support tickets, disputes
- mailing state: 146.000 Tue 15:00
- about 2800 mails/hour
- returns: approx 4%
bug#894 "Haeckchen bug" - review done, changes needs reviewed again
3
Dirk
bug#894 assure someone patches (checkbox)
(incl wot.php changes)
tested by 2, needs 2nd review, deploy
new test round{0}
? / u1 / m1
- review by dirk in session, review ok
- current state:
- needs testing
- Magu, Marcus will pickup the task
- one and last test and report done 2011-11-19 (week 4)
running arbitration a20111001.1 prob
- checkbox on AP, "Haeckchen bug" helps to pass the "old" assurance
- alternates: adding comment field if checkbox is not set
- current patch: check on AP to disable
- patch transfered to cacert-devel
- first test: first two checkboxes set, ok
- pojam case potential problem
< 18 years -> 10 pts, < 14 years -> 0 pts
2011-11-01 -> 10.php: 0 pts, 15.php -> 10 pts
- 14 years limit started with pojam, limit given by pojam reached, issue upto 10 pts
0 checkbox
error missing checks
only 1st checkbox
error missing checks
only 2nd checkbox
error missing checks
1+2 set
ok
1+2+3 set
ok
Marcus: working session bug#794 Display certs in admin console
- assigned to michael
Marcus: working session bug#789 OA field extension
- magu to test
Marcus: working session bug#985 translingo transfer
- Michael: needs 2nd review
Marcus: working session bug#859 Activity on Account
- Michael: needs 1st review + transfer to testserver
bug #976 - database restructure preperation
- current state summary:
- transfered to critical system, patch has been applied
- database upgrade, scheduled for Wed Nov 23rd, successfully finished
- downtime was about 5 min
- cacert user has all permissions
- Michael: proposal to limit permissions, eg remove, drop, index, references
- magu: problem, can we expect that all works as before?
- uli: if there are permission problems, this will be logged and logs the source
- current state summary:
bug #827 - New Points calculation / Thawte patch
- The patch
- mailing is running
- arbitration picked up
- Questions from last 10 meetings:
- dirk: when will 827 goes to production?
- date fixed: 2011-11-27
- The patch
- bug#827 + bug#882 to merge
- close bug#882
- wot.inc.php + notary.inc.php to merge
- continue with bug#827
- pojam bug to fix
bug#540 No key usage attribute in cacert org certs anymore?
also: bug#905
Policy group discussion - Extended key usage -> p20111113 started, extended for 1 week
- new related topics
- ios5 bug
- tested, works and fixes the ios5 bug
- quick review doesn't cover any clashes with our proposal
- ios5 bug
- Motion CARRIED with strong consensus
- next steps:
prepare fixes -> Michael to prepare diffs, against svn
- sending to testserver
- transfer to critical system
- OCSP server - timeout 10 min too short, 3 days to long, recommendation is 24-48 hours max, verisign: 7 days, startssl: 2d
- who has been informed, contacted?
- Michael will inform Wytze
- not yet written
thread relates to https://lists.cacert.org/wws/arc/cacert-board/2011-11/msg00021.html
- Build + Document Emergency Patches Path
Build + Document Emergency Patches Path
Andreas, Uli, Wytze
{0}
- Documentation written, reviewed by Wytze, Marcus
Michael: reminder for review Software/Assessment/Documentation/EmergencyPatches
- not yet done
- Infrastructure seperation
- contacting secure-u, oophaga started?
- Frank, Mario, Ted, Uli, Sebastian ?
- not yet contacted
- contacting secure-u, oophaga started?
- next meeting: Tuesday, December 6, 2011 22:00
- dirk at 13th away
Fixed Action Items since last or within meeting
Done: Dirk, Michael, Michael
ToDo: Tedbug #827 and bug #959 Thawte patch/Points-Count-Order-Change project
15.php, users viewrelated bug 959 {g} reviewed, deployed
827 {g} reviewed, deployment in 2 steps: 15.php, 10.php
deployed, new problem, needs fixing
one fix 2011-10-18 doesnt solve the problem
needs more fixing
2011-10-25: fixed, tested
10.php updated, mailing sent1 {g}
{g}dirk
bug #882 Thawte patch/Points-Count-Order-Change project
43.php, admin console viewdisplay Assurance when field in list of assurances received, assurances given by a user in admin console interface
last update 2011-10-25
fixed, tested2 {g}
michael
List of update request for webdb database structure upgrade with tables / fields
next: script deployment, instructions for critical team
testing notary and org tables
awaits transfer to critical team
reviewed 2 times
at least one more test{g}
{g}uli, Ted
bug #965 0000965: Outsource / fix Webdb text pages id=12, 13
addtl. id=37, id=38, new update 2011-09-25
3 tests, needs 2nd review, deploy8 {g}
Action Items New
Action items: Meeting Action Items
Software/Assessment/ActionItems
all
proposed Apache config SSLCipherSuite settings for CAcert SSL enabled infrastructure systems
see also BEAST migration https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
Proposal from Sysadm list 2013-09-06{0}
SA
documentation server cert design concept to SystemAdministration/Systems/Development/Prepare
{0}
all
{0}
BenBE, Marcus
documentation: developer git repos under github
bug #1131 history @ github
CAcertOrg @ github
started under Software/Assessment/Documentation/UpdateCycle/step1{0}
NEO
{0}
all
read x509 guide
{0}
all
bug#1068 blog problem (also relates to community)
debian lenny - edge - squeeze upgrades needed
alternate: new server with squeeze, install wordpress, transfer domain
workaround: configure your FF FAQ/BrowserClients{g}
uli
Experience points for ATE attendance
check board motions and/or trigger if not yet passed{0}
uli
Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18
current state: see Funding Landing Page
May 2013: tk-server sponsoring, tk-server rcvd, deployment: WIP, project not yet finished{0}
All
1. next: strategy for "New Roots & Escrow" - using indirect crl's ?
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment{0}
dirk, Michael
3. next: strategy for "New Roots & Escrow" - how does debian work?
to contact, deferred to next events (?)
next round: picked up by Benedikt new proposal 2013-06-02{0}
Uli, Michael
Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png
{0}
Development, Deployment, Discussion
OAO, Ted
bug #943 change OA admin/assurer text
needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected
{-}
uli, Ted
bug #824 Org User cert fix Case study
Organisation User Certificates: Need UI improvement for proper production usage
{0}
uli, ted
bug #823 email address removal fix
No warning when removing e-mail address from account that certificates will be revoked
checked by 4, needs 2nd review, deploy
rejected{-}
inopiae
bug #920 Join - single name only (eg Indonesian)
details under bug number
{0}
uli
bug #859 admin console interface
feature request: show activity on an account in the admin interface
rejected, certs login doesn't modify "modified" field{r}
Michael
p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
uli, marcus: needs full cert create tests
duplicate report to bug#978
tested by 3, 2nd review done, transfered
Ken reported: still has problems, bug kept open{0}
gagern, NEO
bug #440 Problem with subjectAltName (CSR, renew certs)
There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development
{r}
neo
bug #1025 Domain Dispute issue
disputes rc and rc2 var prob
needs work{r}
dirk
bug #1054 0001054: Review the code regarding the new point calculation
Thawte patch part II
needs further work{r}
Software Assessors: Review 1 / add to cacert-devel, add to testserver
Software-Assessors task
Testing
Testers task
neo
bug #1004 Stats page improvement
tested by 2, needs 2nd review
{0}
neo
Bugs #1159 it might be possible to execute commands on the signing server
{0}
inopiae
bug #1065 Wrong wording when sending mails during the assurance process
{0}
inopiae
bug #1162 calcutate (the passwords) hash in php instead of in mysql
create test scenarios for the software testers
Full testing{0}
inopiae
bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails
{0}
inopiae
bug #988 TTP cap form deployment
{0}
Software Assessors: 2nd Review, Bundle Package to Critical Team
Software-Assessors task
Ted
bug #500 Get contact mail adress after resolving test
tested by 3, requires review
{0}
Ted
bug #1140 Show if a test is passed in learnprogress
tested by 3, requires review
{0}
magu
bug #1131 Rename _all_ Policies from .php to .html and fix all links
global policy directory maintenance and update
{0}
inopiae
bug #1010 Reorder the view on organisation certificates
tested by 3
{0}
Software Assessors: Bundle Package to Critical Team
Software-Assessors task
inopiae
bug #1139 Add new fields to the database
tests through #500 and #1140, 2nd review done, requires transfer
{0}
Awaiting Response from Critical Team
inopiae
bug #411 Wrong text is made into link
{g}