Minutes of the MiniTOP on the 2012-07-10

Setting

The MiniTOP will be held via telco 22:00 CEST

Attendees: Marcus, Benny, Uli, dirk (late), magu (late)

Topics

(skip to agenda)

Action items from last meeting Meeting Action Items

Software/Assessment/ActionItems

Development, Deployment, Discussion

  • OAO, Ted

    bug #943 change OA admin/assurer text

    needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected

    {-}

    uli, Ted

    bug #824 Org User cert fix Case study

    Organisation User Certificates: Need UI improvement for proper production usage

    {0}

    uli, ted

    bug #823 email address removal fix

    No warning when removing e-mail address from account that certificates will be revoked
    checked by 4, needs 2nd review, deploy
    rejected

    {-}

    inopiae

    bug #920 Join - single name only (eg Indonesian)

    details under bug number

    {0}

    uli

    bug #859 admin console interface

    feature request: show activity on an account in the admin interface
    rejected, certs login doesn't modify "modified" field

    {r}

    Michael

    bug #540

    p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
    uli, marcus: needs full cert create tests
    duplicate report to bug#978
    tested by 3, 2nd review done, transfered
    Ken reported: still has problems, bug kept open

    {0}

    gagern, NEO

    bug #440 Problem with subjectAltName (CSR, renew certs)

    There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development

    {r}

    neo

    bug #1025 Domain Dispute issue

    disputes rc and rc2 var prob
    needs work

    {r}

    dirk

    bug #1054 0001054: Review the code regarding the new point calculation

    Thawte patch part II
    needs further work

    {r}

Software Assessors: Review 1 / add to cacert-devel, add to testserver

  • Software-Assessors task

Testing

  • Testers task

    neo

    bug #1004 Stats page improvement

    tested by 2, needs 2nd review

    {0}

    neo

    Bugs #1159 it might be possible to execute commands on the signing server

    {0}

    inopiae

    bug #1065 Wrong wording when sending mails during the assurance process

    {0}

    inopiae

    bug #1162 calcutate (the passwords) hash in php instead of in mysql

    create test scenarios for the software testers /!\
    Full testing /!\

    {0}

    inopiae

    bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails

    {0}

    inopiae

    bug #988 TTP cap form deployment

    {0}

Software Assessors: 2nd Review, Bundle Package to Critical Team

  • Software-Assessors task

    Ted

    bug #500 Get contact mail adress after resolving test

    tested by 3, requires review

    {0}

    Ted

    bug #1140 Show if a test is passed in learnprogress

    tested by 3, requires review

    {0}

    magu

    bug #1131 Rename _all_ Policies from .php to .html and fix all links

    global policy directory maintenance and update

    {0}

    inopiae

    bug #1010 Reorder the view on organisation certificates

    tested by 3

    {0}

Software Assessors: Bundle Package to Critical Team

  • Software-Assessors task

    inopiae

    bug #1139 Add new fields to the database

    tests through #500 and #1140, 2nd review done, requires transfer

    {0}

Awaiting Response from Critical Team

  • inopiae

    bug #411 Wrong text is made into link

    {g}


Agenda

1. Preface

  1. Cebit brainstorming
    • dirk: request for events report
    • (2012-03-27) Marcus awaiting translation from Marc
    • (2012-06-19) Marcus: translation received, will send within the next upcoming days
    • (2012-06-26) Marcus: not yet finished

2. 2nd review of about 5 patches

3. bug #1023 Testing (6.php)

  1. Thawte points removal, final step
    • last patch transfered to production system 2012-05-30
  2. what are the next steps for thawte points revoke?
    • points settings codes eg 50 pts open gpg/pgp, which certs avail by how many pts
    • 15.php needs rename to 10.php
    • cannot move forward without dirk

4. Marcus Bugs list

5. Benny reviews

  1. bug #1025 "Domain Dispute strange behaviour / Domain Dispute issue", checked

    • wrong description, problem removing domains, bugfix solves this problem
    • async removal of certs by signer
    • needs review and testing
    • inopiae will try testing on upcoming weekend
    • to test: email- and domain dispute
  2. bug #922 "CAcert application code problem causing missing 'certificate about to expire' messages", checked

    • patch seems to be ok
    • white spaces cleanup
    • includes/account.php var $id shall be fixed within recursion, new bug #1078

    • 2 tests initiated by inopiae and u60
    • principle ok, but very confusing
    • test reports Marcus:
      • discussions, Marcus got 71 or 72 notifications
      • Neo: default 5 notifications: 45d, 30d, 15d, 3d, 1d
  3. bug #1019 "Contact form does not work when logged in"

    • Michael: rework contact form
      • usability: 1 form, option box with public/support delivery, default support
      • current form 1: public, form 2: private
      • spam prevention via java, on disabled java the mail is marked [possible spam]
    • mass mailing possible if adding multiple emails separated by commas
    • account.php - email address from sender, no address validation, several other places it passes address validation
    • neo: why not use primary email address?
      • works only if logged-in
    • index?id=11 has also been changed
    • url was hardcoded
    • account.php?id=14
    • sendmail() routine in includes/mysql.php

6. New SA candidates

  1. ABC Benny - possible Itzehoe (2012-09-14), mrmcd (2012-09-08) or other events before 2012-08-10 - 2012-08-11 BarCamp kiel

  2. Whats with ABC over archaios?

7. English Translation Problems

8. Long Term Projects

  1. NEO: "BlackJack"

  2. Marek's sql class project:
    • is working on charset replacement
  3. api project, Carsten continues with portal project if vendor-api will be delivered
    • potential candidates for development
      1. Marek's sql class proposal
        • needs probably db upgrades
        • needs addtl. indices
        • needs testing
      2. archaios
        • builds daemon as unpreviliged user
    • vendor-api delayed
      • no coders
      • other projects
      • related to sql class project

9. next meeting

Minutes

1. Preface

  1. bug #922 test report / review

    • one test account, 1 client cert, 1 server cert, received 105 (1) reminders (!!!)
      • 15 reminders checked, 1 for client cert, 14 for server cert
      • needs further inspection
  2. Cebit brainstorming
    • 2nd draft finished
    • Sat report missing
  3. Bennys c.o address
    • wip
  4. offer for timeserver hardware
    • company is current under OA wip
  5. Marcus: info from NEO: "BlackJack" moved forward

  6. api project, Carsten continues with portal project not waiting for vendor-api to be delivered
    • potential candidates for development
      1. Marek
      2. archaios
    • vendor-api delayed
      • no coders
      • other projects
      • related to sql class project
    • portal project continues with a workaround, needs an assurer
    • arbitration case on locations database orders outsourcing of find-an-assurer asap
    • with portal function, update of data is possible, update of data on critical system is difficult
  7. patches 2nd review, Benny to do pre-view
    • neo

      bug #1024 Assurer flag is not set correctly on updatesort.php run

      tested by 4, ok

      2 {0}

      Michael

      bug #540

      p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
      uli, marcus: needs full cert create tests
      duplicate report to bug#978

      3 {0}

      inopiae

      bug #981 OA overview (dupe of bug #943)

      New layout of view for Organisation Administrators in account/id35

      4 {0}

      neo

      bug #978 Invalid SPKAC requests are not properly validated

      recheck full certs signing procedures
      duplicate report to bug#540

      5 {0}

      uli, ted

      bug #789 OA edit domain fix

      Editing domain for organisations does not work
      new update 2011-09-26
      2 tests, needs 2nd review, deploy
      more fixes, more testing

      6 {0}

    • for #540 uli has sent a short summary to dirk
  8. dirk 2nd review of patches
  9. Discussion about Assurance, CAP, documents, retention of CAP forms and other events related stuff
  10. next meeting: Tuesday, July 17, 2012 22:00 CEST

Fixed Action Items since last or within meeting

Action Items New

Action items: Meeting Action Items


Software/Assessment/20120710-S-A-MiniTOP (last edited 2012-07-11 15:49:19 by MarcusMängel)