Minutes of the MiniTOP on the 2012-07-17

Setting

The MiniTOP will be held via telco 22:00 CEST

Attendees: Marcus, Uli, Benny, dirk, Michael, (David via irc)

Topics

(skip to agenda)

Action items from last meeting Meeting Action Items

Software/Assessment/ActionItems

Development, Deployment, Discussion

  • OAO, Ted

    bug #943 change OA admin/assurer text

    needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected

    {-}

    uli, Ted

    bug #824 Org User cert fix Case study

    Organisation User Certificates: Need UI improvement for proper production usage

    {0}

    uli, ted

    bug #823 email address removal fix

    No warning when removing e-mail address from account that certificates will be revoked
    checked by 4, needs 2nd review, deploy
    rejected

    {-}

    inopiae

    bug #920 Join - single name only (eg Indonesian)

    details under bug number

    {0}

    uli

    bug #859 admin console interface

    feature request: show activity on an account in the admin interface
    rejected, certs login doesn't modify "modified" field

    {r}

    Michael

    bug #540

    p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
    uli, marcus: needs full cert create tests
    duplicate report to bug#978
    tested by 3, 2nd review done, transfered
    Ken reported: still has problems, bug kept open

    {0}

    gagern, NEO

    bug #440 Problem with subjectAltName (CSR, renew certs)

    There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development

    {r}

    neo

    bug #1025 Domain Dispute issue

    disputes rc and rc2 var prob
    needs work

    {r}

    dirk

    bug #1054 0001054: Review the code regarding the new point calculation

    Thawte patch part II
    needs further work

    {r}

Software Assessors: Review 1 / add to cacert-devel, add to testserver

  • Software-Assessors task

Testing

  • Testers task

    neo

    bug #1004 Stats page improvement

    tested by 2, needs 2nd review

    {0}

    neo

    Bugs #1159 it might be possible to execute commands on the signing server

    {0}

    inopiae

    bug #1065 Wrong wording when sending mails during the assurance process

    {0}

    inopiae

    bug #1162 calcutate (the passwords) hash in php instead of in mysql

    create test scenarios for the software testers /!\
    Full testing /!\

    {0}

    inopiae

    bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails

    {0}

    inopiae

    bug #988 TTP cap form deployment

    {0}

Software Assessors: 2nd Review, Bundle Package to Critical Team

  • Software-Assessors task

    Ted

    bug #500 Get contact mail adress after resolving test

    tested by 3, requires review

    {0}

    Ted

    bug #1140 Show if a test is passed in learnprogress

    tested by 3, requires review

    {0}

    magu

    bug #1131 Rename _all_ Policies from .php to .html and fix all links

    global policy directory maintenance and update

    {0}

    inopiae

    bug #1010 Reorder the view on organisation certificates

    tested by 3

    {0}

Software Assessors: Bundle Package to Critical Team

  • Software-Assessors task

    inopiae

    bug #1139 Add new fields to the database

    tests through #500 and #1140, 2nd review done, requires transfer

    {0}

Awaiting Response from Critical Team

  • inopiae

    bug #411 Wrong text is made into link

    {g}


Agenda

1. Preface

  1. Cebit brainstorming
    • dirk: request for events report
    • (2012-03-27) Marcus awaiting translation from Marc
    • (2012-06-19) Marcus: translation received, will send within the next upcoming days
    • (2012-06-26) Marcus: not yet finished
    • 2nd draft finished
    • Sat report missing
  2. Bennys c.o address
    • wip

2. 2nd review of about 5 patches

3. bug #1023 Testing (6.php)

  1. Thawte points removal, final step
    • last patch transfered to production system 2012-05-30
  2. what are the next steps for thawte points revoke?
    • points settings codes eg 50 pts open gpg/pgp, which certs avail by how many pts
    • 15.php needs rename to 10.php
    • cannot move forward without dirk

4. Marcus Bugs list

5. Benny reviews

  1. bug #1025 "Domain Dispute strange behaviour / Domain Dispute issue", checked

    • wrong description, problem removing domains, bugfix solves this problem
    • async removal of certs by signer
    • needs review and testing
    • inopiae will try testing on upcoming weekend
    • to test: email- and domain dispute
  2. bug #922 "CAcert application code problem causing missing 'certificate about to expire' messages", checked

    • patch seems to be ok
    • white spaces cleanup
    • includes/account.php var $id shall be fixed within recursion, new bug #1078

    • 2 tests initiated by inopiae and u60
    • principle ok, but very confusing
    • test reports Marcus:
      • discussions, Marcus got 71 or 72 notifications
      • Neo: default 5 notifications: 45d, 30d, 15d, 3d, 1d
    • bug #922 test report / review

      • one test account, 1 client cert, 1 server cert, received 105 (1) reminders (!!!)
      • 15 reminders checked, 1 for client cert, 14 for server cert (!!!)
      • needs further inspection
  3. bug #1019 "Contact form does not work when logged in"

    • Michael: rework contact form
      • usability: 1 form, option box with public/support delivery, default support
      • current form 1: public, form 2: private
      • spam prevention via java, on disabled java the mail is marked [possible spam]
    • mass mailing possible if adding multiple emails separated by commas
    • account.php - email address from sender, no address validation, several other places it passes address validation
    • neo: why not use primary email address?
      • works only if logged-in
    • index?id=11 has also been changed
    • url was hardcoded
    • account.php?id=14
    • sendmail() routine in includes/mysql.php
  4. patches 2nd review, Benny to do pre-view
    • neo

      bug #1024 Assurer flag is not set correctly on updatesort.php run

      tested by 4, ok

      2 {0}

      Michael

      bug #540

      p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
      uli, marcus: needs full cert create tests
      duplicate report to bug#978

      3 {0}

      inopiae

      bug #981 OA overview (dupe of bug #943)

      New layout of view for Organisation Administrators in account/id35

      4 {0}

      neo

      bug #978 Invalid SPKAC requests are not properly validated

      recheck full certs signing procedures
      duplicate report to bug#540

      5 {0}

      uli, ted

      bug #789 OA edit domain fix

      Editing domain for organisations does not work
      new update 2011-09-26
      2 tests, needs 2nd review, deploy

      6 {0}

    • for #540 uli has sent a short summary to dirk

6. New SA candidates and Coders

  1. ABC Benny - possible Itzehoe (2012-09-14), mrmcd (2012-09-08) or other events before 2012-08-10 - 2012-08-11 BarCamp kiel

  2. Whats with ABC over archaios?
  3. How to find coders? Experiences from the Gentoo project

7. English Translation Problems

8. Long Term Projects

  1. NEO: "BlackJack"

  2. Marek's sql class project:
    • is working on charset replacement
  3. api project, Carsten continues with portal project not waiting for vendor-api to be delivered
    • potential candidates for development
      1. Marek's sql class proposal
        • needs probably db upgrades
        • needs addtl. indices
        • needs testing
      2. archaios
        • builds daemon as unpreviliged user
    • vendor-api delayed
      • no coders
      • other projects
      • related to sql class project
    • portal project continues with a workaround, needs an assurer
    • arbitration case on locations database orders outsourcing of find-an-assurer asap
    • with portal function, update of data is possible vs. update of data on critical system is difficult (keep data current for assurers)

9. next meeting

Minutes

  1. Preface
    1. Bug Testing / Reporting bug #922 difficult
      • Marcus writes a tool to collect Email infors from TMS
    2. Bennys reviews
      • 5 patches reviewed
      • 3 simple, bugs 540 (mostly check policy text), 789, 981
      • 2 with some difficultys, complexest one: 1024
    3. Bennys c.o address
      • is active, finished
    4. ABC Benny, no fixed date set yet
    5. NEO: default pem coded signed key output, chrome expects der
    6. How TMS email works: NEO: TMS connects via imap and collects and displays mails
  2. dirk review bug 540
    • gitdiff origin/release..origin/bug540
      • dirk 2nd review of patches, reviewed 2012-07-10
        • bug #540

        • diff line 23ff unclear, what does section ($root==2) mean?
          • class 3 server (in signer), comm module, each root client certs, there is a config #, root=0 class1, root=1 class3, root=2 newroots project class3s.crl (from 2008 new roots project)
          • root=2 not avail on current system
        • also unclear: else section $CRLUrl="http://crl.cacert.org/root${root}.crl";

          • 5 root vars defined (in client.pl)
          • crl for other keys, not class1, class3. all other keys not active on current system
        • server.pl: root.crl, class3, class3s, for further still unused keys
        • related policy decision: https://wiki.cacert.org/PolicyDecisions#p20111113

        • review ok
        • config files not reviewed, 2nd review not finished
  3. bug #1075 cap form link wrong under pages/wot/6.php

    • neo

      bug #1075 cap form link wrong under pages/wot/6.php

      cap link removed, moved to testserver

      {0}

    • data protection problem to pickup user data before assurance f2f meeting starts
    • what does assurance process means? assurance "process" starts from request of assuree to an assurer to do an assurance over assuree
    • problem in ttp process too, to have a view over data before f2f meeting and signed cap is in the hands of an assurer. ttp-admin can request confirmation from ttp-user to access online data
    • simple patch: remove links
    • edited by NEO: transfered to testserver
  4. dirk review bug 789, OA edit domain fix, Editing domain for organisations does not work
    • gitdiff origin/release..origin/bug789
    • bug #789 reviewed: 2012-07-10

      • what is /pages/account/29.php for? edit org domain
      • phone accu breaks
  5. NEO: has finished IE patch, http://cacert.nhng.de/IEkeygen/keygen.html

    • will prepare a working patch and will transfer to testserver within the next 7 days
  6. NEO: git diff origin/release...origin/bug-XXX -> search all differences since last release

  7. How to find coders? Experiences from the Gentoo project
  8. English Translation Problems
    • how to handle typing error in web phrase Software/TranslationMisspelling

    • "Can't continue with certificaterequest." in ../includes/account.php:341 ../includes/account.php:1482
    • create shared bug
    • probably make part a. and b. a. that is clear, b. that is questionable
  9. David's posts in irc
    1. there is no checks for \00, er, \0
      • the \0 check will be done in signer (-> CommModule client and/or server.pl)

      • server.pl lines 494+495
      • blacklist for domain names for new signer
    2. (char) 160 is problematic in various locales, as it appears as whitespace (160 is not a particularly good val either in ISO-8859-1) in certs
      • todo: doing whitelist of allowable chars
      • \xA0 is a problem too (at least in Win32/64)
    3. subjectAltName is occasionally not checked for problems
      • file a new bug
  10. FF prob with favicon verification
  11. next meeting
    • Tuesday, July 24, 2012 22:00 CEST

Fixed Action Items since last or within meeting

Action Items New

Action items: Meeting Action Items


Software/Assessment/20120717-S-A-MiniTOP (last edited 2012-07-24 16:04:07 by UlrichSchroeter)