• Software
• Assessment
• ActionItems

Software/Assessment/ActionItems

• all	proposed Apache config SSLCipherSuite settings for CAcert SSL enabled infrastructure systems see also BEAST migration https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls Proposal from Sysadm list 2013-09-06	{0}
  SA	documentation server cert design concept to SystemAdministration/Systems/Development/Prepare	{0}
  all	review Software patches Update Cycle	{0}
  BenBE, Marcus	documentation: developer git repos under github bug #1131 history @ github CAcertOrg @ github started under Software/Assessment/Documentation/UpdateCycle/step1	{0}
  NEO	BenBe: request: htttps header on bugtracker bug #1116	{0}
  all	read x509 guide	{0}
  all	bug#1068 blog problem (also relates to community) debian lenny - edge - squeeze upgrades needed alternate: new server with squeeze, install wordpress, transfer domain workaround: configure your FF FAQ/BrowserClients	{g}
  uli	Experience points for ATE attendance check board motions and/or trigger if not yet passed	{0}
  uli	Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18 current state: see Funding Landing Page May 2013: tk-server sponsoring, tk-server rcvd, deployment: WIP, project not yet finished	{0}
  All	1. next: strategy for "New Roots & Escrow" - using indirect crl's ? indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment	{0}
  dirk, Michael	3. next: strategy for "New Roots & Escrow" - how does debian work? to contact, deferred to next events (?) next round: picked up by Benedikt new proposal 2013-06-02	{0}
  Uli, Michael	Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png	{0}

Development, Deployment, Discussion

• OAO, Ted	bug #943 change OA admin/assurer text	needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected	{-}
  uli, Ted	bug #824 Org User cert fix Case study	Organisation User Certificates: Need UI improvement for proper production usage	{0}
  uli, ted	bug #823 email address removal fix	No warning when removing e-mail address from account that certificates will be revoked checked by 4, needs 2nd review, deploy rejected	{-}
  inopiae	bug #920 Join - single name only (eg Indonesian)	details under bug number	{0}
  uli	bug #859 admin console interface	feature request: show activity on an account in the admin interface rejected, certs login doesn't modify "modified" field	{r}
  Michael	bug #540	p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing uli, marcus: needs full cert create tests duplicate report to bug#978 tested by 3, 2nd review done, transfered Ken reported: still has problems, bug kept open	{0}
  gagern, NEO	bug #440 Problem with subjectAltName (CSR, renew certs)	There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development	{r}
  neo	bug #1025 Domain Dispute issue	disputes rc and rc2 var prob needs work	{r}
  dirk	bug #1054 0001054: Review the code regarding the new point calculation	Thawte patch part II needs further work	{r}

Software Assessors: Review 1 / add to cacert-devel, add to testserver

• Software-Assessors task

Testing

• Testers task

  neo	bug #1004 Stats page improvement	tested by 2, needs 2nd review	{0}
  neo	Bugs #1159 it might be possible to execute commands on the signing server		{0}
  inopiae	bug #1065 Wrong wording when sending mails during the assurance process		{0}
  inopiae	bug #1162 calcutate (the passwords) hash in php instead of in mysql	create test scenarios for the software testers Full testing	{0}
  inopiae	bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails		{0}
  inopiae	bug #988 TTP cap form deployment		{0}

Software Assessors: 2nd Review, Bundle Package to Critical Team

• Software-Assessors task

  Ted	bug #500 Get contact mail adress after resolving test	tested by 3, requires review	{0}
  Ted	bug #1140 Show if a test is passed in learnprogress	tested by 3, requires review	{0}
  magu	bug #1131 Rename _all_ Policies from .php to .html and fix all links	global policy directory maintenance and update	{0}
  inopiae	bug #1010 Reorder the view on organisation certificates	tested by 3	{0}

Software Assessors: Bundle Package to Critical Team

• Software-Assessors task

  inopiae

  bug #1139 Add new fields to the database

  tests through #500 and #1140, 2nd review done, requires transfer

  {0}

Awaiting Response from Critical Team

• inopiae

  bug #411 Wrong text is made into link

  {g}

• CategorySoftwareAssessment