. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110215-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110301-S-A-MiniTOP|next meeting]]''' ---- = Minutes of the MiniTOP on the 2011-02-22 = == Setting == The MiniTOP will be held via telco 22:00 CET Attendees: Dirk, Magu, Uli, Michael, Markus == Pre-Meeting Question Time == * (Dirk, Magu): [[events/CLT2011|CLT2011]] (Off-Topic) == Action items from last meeting == * All: research for alternate hosting providers * Michael: to contact Martin Ga regarding questions about VMs on vienna hosting * Martin + Uli: to test and report several szenarios regarding Thawte patch until Sun Feb 20th * strategy for: "Certificates Class3" problem and "New Roots & Escrow" * to contact people who knows about signer and/or familiar with a replacement process * Dirk: to review MTA sendmail function for/within php * to SA's: review [[https://bugs.cacert.org/view.php?id=910|Bug# 910]] (Board Link) * to SA's: review [[https://bugs.cacert.org/view.php?id=896|Bug# 896]] == Topics == * State Testserver Update * Current Patches on Testserver: * "Thawte" patch [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] * Board Link patch [[https://bugs.cacert.org/view.php?id=910|Bug# 910]] * /locale/ cleanup [[https://bugs.cacert.org/view.php?id=896|Bug# 896]] * see action items * ATE mailing script sending thru MTA ? (php send mail script) * see action items * strategy plans ... * strategy for: "Certificates Class3" problem and "New Roots & Escrow" * see action items * [[https://lists.cacert.org/wws/arc/cacert-root/2011-02/msg00030.html|pragmatic solution proposed]] * Emergency Exit procedure/code for SA's * Based on ABC's over critical roles * Signer deployment (Andreas/Markus) (Update) * Automated testing system (Andreas, Magu, MSchiffer) (Update) * Serversystem CACERT2 online (Markus/Wytze) * dedicated to OS and applications upgrade tests * next meeting: Tuesday, March 1, 2011 20:00 (!! 1st Tuesday in month) == Minutes == * Markus: Server move back to OF is possible, so fallback alternate exists * Markus: CACERT2 state: no news, is under control of Wytze * Pre-Meeting Question Time * Dirk/Magu: CLT * All: research for alternate hosting providers * Michael: to contact Martin Ga regarding questions about VMs on vienna hosting * no progress * Martin + Uli: to test and report several szenarios regarding Thawte patch until Sun Feb 20th * problems found * 10.php red warning message * 15.php points on hold ? (questionable) on discussion (regarding CATS) * Dirk: to add CATS passed/not passed line * TMS function "Administrative increase" problem * Administrative Increase produces no "Assurance" records, needs to be fixed * Michael: 10.php corrected * tzzzz 22:30 * Reviews * to SA's: review [[https://bugs.cacert.org/view.php?id=910|Bug# 910]] (Board Link) * to SA's: review [[https://bugs.cacert.org/view.php?id=896|Bug# 896]] * still open * Git repository content on current release ? * yes, is current * strategy for: "Certificates Class3" problem and "New Roots & Escrow" * to contact people who knows about signer and/or familiar with a replacement process * no progress * step 1: create new subroot * step 2: deploy addtl. class3 onto signer * contact root cert group * who ? dirk ? * strategy for: "Certificates Class3" problem and "New Roots & Escrow" * [[https://lists.cacert.org/wws/arc/cacert-root/2011-02/msg00030.html|pragmatic solution proposed]] * Selfsigned MD5 is probably no problem, maybe there exists software that also blocks md5 selfsigned roots, we don't care * eg firefox plugin * Dirk: to review MTA sendmail function for/within php * problems: missing mails, ATE mailings * modification for re-checks (returns@cacert.org redirected to support@) * return-path, check mailbox, check x-headers * options a. php programmed smtp function a. php-mail function a. popen() direct sendmail thru pipe * return paths, async ? * check 5xx, 4xx ? * all current mails going thru MTA * logging * current state on production system ? * severity ? debug ? * ask critical team * Emergency Exit procedure/code for SA's * Based on ABC's over critical roles * should be invisible to others * comment fields, spaces, bug number, tan list, etc ? * critical admin receives: bug#, fix link to bug, checked by, diff is attached * new commit id, replace last 2 numbers ? * to add on agenda again * Signer deployment (Andreas/Markus) (Update) * Markus: is Andreas project * main problem: to deploy backend * Security check procedures * check database content on a regular basis on weired settings * eg admin flags, board member flags, and other settings, install it via cron ? * based on [[Arbitrations/a20110118.1|a20110118.1]] * define list of groups, who can see list of flag-owners * eg board should see list of SE's * codesigning: count -> public * admin (SE's) -> board, support * ttpadmin -> board, support, own group / current ttpadmin's to remove ? * orgadmin -> board, support, own group * board -> board, support, own group * tverify -> board, support, own group / current state to remove ? * locadmin -> board, support, (own group? -> later ?) * adadmin -> state 1 or state 1,2,3 ? 0=not set, 1=submit, 2=approve / board, support, own group / own group 2 ? * 2 lists: adadmin = 1 and adadmin = 2 * Dirk: note: ttpadmin, tverify - for new ttp process 2 flags ? * ttpadmin numerical * ttpadmin + tverify binary 4 states * coding in 2 steps: board, support or only support? -> maintenance -> step 2 add own group * 3rd Party verification API * request from vendor thru api with api key, eg assured ?, IsAssurer ? * Users addtl. flag -> allow "external" requests ? * limit vendor requests * location req * Automated testing system (Andreas, Magu, MSchiffer) (Update) * Michael will check * Serversystem CACERT2 online (Markus/Wytze) * dedicated to OS and applications upgrade tests * Lenny or Sqeeze ? Current: Lenny * next meeting: Tuesday, March 1, 2011 20:00 (!! 1st Tuesday in month) * meeting closed 1:28 ---- Action items: * Michael: Hosting providers: to contact Martin Ga regarding questions about VMs on vienna hosting * Dirk: regular Thawte patches * Michael: TMS function * Reviews * to SA's: review [[https://bugs.cacert.org/view.php?id=910|Bug# 910]] (Board Link) * to SA's: review [[https://bugs.cacert.org/view.php?id=896|Bug# 896]] * Dirk: strategy for: "Certificates Class3" problem and "New Roots & Escrow" * contact root cert group * Uli: logging * current state on production system ? severity ? debug ? ask critical team * Uli: arbitration case ... Security check procedures * Automated testing system (Andreas, Magu, MSchiffer) (Update) * Michael will check * Uli: keep dirk busy on Fri, Sat ---- . CategorySoftwareAssessment