To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting
Minutes of the MiniTOP on the 2011-02-22
Setting
The MiniTOP will be held via telco 22:00 CET
Attendees: Dirk, Magu, Uli, Michael, Markus
Pre-Meeting Question Time
(Dirk, Magu): CLT2011 (Off-Topic)
Action items from last meeting
- All: research for alternate hosting providers
- Michael: to contact Martin Ga regarding questions about VMs on vienna hosting
- Martin + Uli: to test and report several szenarios regarding Thawte patch until Sun Feb 20th
strategy for: "Certificates Class3" problem and "New Roots & Escrow"
- to contact people who knows about signer and/or familiar with a replacement process
- Dirk: to review MTA sendmail function for/within php
to SA's: review Bug# 910 (Board Link)
to SA's: review Bug# 896
Topics
- State Testserver Update
- ATE mailing script sending thru MTA ? (php send mail script)
- see action items
- strategy plans ...
strategy for: "Certificates Class3" problem and "New Roots & Escrow"
- see action items
- Emergency Exit procedure/code for SA's
- Based on ABC's over critical roles
- Signer deployment (Andreas/Markus) (Update)
- Automated testing system (Andreas, Magu, MSchiffer) (Update)
- Serversystem CACERT2 online (Markus/Wytze)
- dedicated to OS and applications upgrade tests
- next meeting: Tuesday, March 1, 2011 20:00 (!! 1st Tuesday in month)
Minutes
- Markus: Server move back to OF is possible, so fallback alternate exists
- Markus: CACERT2 state: no news, is under control of Wytze
- Pre-Meeting Question Time
- Dirk/Magu: CLT
- All: research for alternate hosting providers
- Michael: to contact Martin Ga regarding questions about VMs on vienna hosting
- no progress
- Martin + Uli: to test and report several szenarios regarding Thawte patch until Sun Feb 20th
- problems found
- 10.php red warning message
- 15.php points on hold ? (questionable) on discussion (regarding CATS)
- Dirk: to add CATS passed/not passed line
- TMS function "Administrative increase" problem
- Administrative Increase produces no "Assurance" records, needs to be fixed
- Michael: 10.php corrected
- problems found
- tzzzz 22:30
- Reviews
- Git repository content on current release ?
- yes, is current
strategy for: "Certificates Class3" problem and "New Roots & Escrow"
- to contact people who knows about signer and/or familiar with a replacement process
- no progress
- step 1: create new subroot
- step 2: deploy addtl. class3 onto signer
- contact root cert group
- who ? dirk ?
strategy for: "Certificates Class3" problem and "New Roots & Escrow"
- Selfsigned MD5 is probably no problem, maybe there exists software that also blocks md5 selfsigned roots, we don't care
- eg firefox plugin
- to contact people who knows about signer and/or familiar with a replacement process
- Dirk: to review MTA sendmail function for/within php
- problems: missing mails, ATE mailings
modification for re-checks (returns@cacert.org redirected to support@)
- return-path, check mailbox, check x-headers
- options
- php programmed smtp function
- php-mail function
- popen() direct sendmail thru pipe
- return paths, async ?
- check 5xx, 4xx ?
- all current mails going thru MTA
- logging
- current state on production system ?
- severity ? debug ?
- ask critical team
- Emergency Exit procedure/code for SA's
- Based on ABC's over critical roles
- should be invisible to others
- comment fields, spaces, bug number, tan list, etc ?
- critical admin receives: bug#, fix link to bug, checked by, diff is attached
- new commit id, replace last 2 numbers ?
- to add on agenda again
- Signer deployment (Andreas/Markus) (Update)
- Markus: is Andreas project
- main problem: to deploy backend
- Security check procedures
- check database content on a regular basis on weired settings
- eg admin flags, board member flags, and other settings, install it via cron ?
based on a20110118.1
- define list of groups, who can see list of flag-owners
- eg board should see list of SE's
codesigning: count -> public
admin (SE's) -> board, support
ttpadmin -> board, support, own group / current ttpadmin's to remove ?
orgadmin -> board, support, own group
board -> board, support, own group
tverify -> board, support, own group / current state to remove ?
locadmin -> board, support, (own group? -> later ?)
adadmin -> state 1 or state 1,2,3 ? 0=not set, 1=submit, 2=approve / board, support, own group / own group 2 ?
- 2 lists: adadmin = 1 and adadmin = 2
- Dirk: note: ttpadmin, tverify - for new ttp process 2 flags ?
- ttpadmin numerical
- ttpadmin + tverify binary 4 states
coding in 2 steps: board, support or only support? -> maintenance -> step 2 add own group
- check database content on a regular basis on weired settings
- 3rd Party verification API
request from vendor thru api with api key, eg assured ?, IsAssurer ?
Users addtl. flag -> allow "external" requests ?
- limit vendor requests
- location req
- Automated testing system (Andreas, Magu, MSchiffer) (Update)
- Michael will check
- Serversystem CACERT2 online (Markus/Wytze)
- dedicated to OS and applications upgrade tests
- Lenny or Sqeeze ? Current: Lenny
- next meeting: Tuesday, March 1, 2011 20:00 (!! 1st Tuesday in month)
- meeting closed 1:28
Action items:
- Michael: Hosting providers: to contact Martin Ga regarding questions about VMs on vienna hosting
- Dirk: regular Thawte patches
- Michael: TMS function
- Reviews
Dirk: strategy for: "Certificates Class3" problem and "New Roots & Escrow"
- contact root cert group
- Uli: logging * current state on production system ? severity ? debug ? ask critical team
- Uli: arbitration case ... Security check procedures
- Automated testing system (Andreas, Magu, MSchiffer) (Update)
- Michael will check
- Uli: keep dirk busy on Fri, Sat