To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting

Minutes of the MiniTOP on the 2011-05-24

Setting

The MiniTOP will be held via telco 22:00 CEST

Attendees: Martin, Alexander, Uli, Marcus, dirk, Michael

Topics

new items in last meeting:

dirk: Barcamp Karlsruhe 18./19. Jumi, testers workshop, invite npapa
uli, markus: testers how-to regarding testserver roots: live-cd ? how-to, 2nd profile add to Welcome Pack
Dirk, Michael, Mawa: bug#942 (cats test) (ted), triage test on CATS (Update), to review, to test
Ted, Michael: CATS system, add onto mgr server, add ted as console admin on mgr server -> Michael
Uli: add Michael to host console (firewall add) (fixed within meeting)
Dirk: strategy for: "Certificates Class3" problem and "New Roots & Escrow" - Press release, Announcements to be presented to board by Community: contact alex
Uli: "Rewarding testers" post proposal, publish with updated infos
Michael: signer on testserver doesn't work currently (problem is triggered gpp key that crashes signer), needs fixing (fixed within meeting)
Michael: fix Root_Certs table on cacert1.it-sls.de (fixed within meeting)
Action items from last meeting Meeting Action Items
triage test on CATS (Update)
State Testserver Update, Current Patches on Testserver, current running Arbitrations:
- Arbitration case a20110312.1 Weak keys
- Arbitration case a20110419.1 Bug #637: Weak Passwords
- "Thawte" patch Bug# 827 Points-Count-Order-Change project
strategy plans ...
- strategy for: "Certificates Class3" problem and "New Roots & Escrow" - proposal to board, done in last board meeting
  - upgrade plan: Press release, Announcements to be presented to board by Community
  - m20110515.2 "Class 3 Certificate Resign"
  - m20110515.3 "Prepare press statement about Class 3 Resign"
```
That we ask the community to prepare a press statement, to be sent to
various groups, and to be accepted by Board before sending out.
```
Testgroup: (to contact by phone ?), update
1. m20110515.4 "Rewarding testers"
CI app.test (Update)
next meeting: Tuesday, May 31, 2011 22:00

Minutes

Barcamp Karlsruhe 18./19. June, testers workshop - is running
testers how-to regarding testserver roots, no update
bug#942 (cats test) (ted), triage test on CATS (Update), to review, to test, no update
strategy for: "Certificates Class3" problem and "New Roots & Escrow" - Press release, Announcements to be presented to board by Community: contact alex
- Press release to send out with date of replacement
- Alex will pickup the task to write a press release
- dirk: short summary about class3 replacement project
- Michael will send the fingerprint to Alex
- date when release ?
  - change cap form (only capnew.php), in old cap.php only class1
  - website root certs to update
    - /pages/index/3.php, 16.php
    - coapnew.php, capnew.php to remove or to replace
    - dirk: printout with new fingerprint EN, DE, NL, FR, save to svn
    - capnew.php to execute on eg community.cacert.org
    - http://wiki.cacert.org/CoapHTML
  - flyers: create labels with new fingerprint for old flyers
  - cca printouts (svn)
  - 1., 15., 30.6. ?
    - 1. don't fit to prepare
    - 30.6. is too late
    - rollout date: 15.6. +/- 5 days - between 15.6. and 20.6.
    - Mon 6.6. or Mon 20.6. ct release date
    - blog post 1-2 days earlier
    - blog post and patch at the same time
    - todo list: prepare patches, blog post (Alex, Ian, Pieter)
    - NL magazines ?
    - mailing list: cacert, cacert-de
    - scripted mailing: out of discussion
    - wiki page: root certs (incl. subroot)
    - notifications to: debian, gentoo, fedora, suse?, see supported roots wiki inclusion state page
    - client certs class3 needs replacement of class3 subroot too
m20110515.4 "Rewarding testers" post proposal, publish with updated infos, rolled out
mantis bugs: notifications missing, bug #854
- Michael tries to fix it in the session
New bug fixes:
- bug #940 (Michael on review queue)
- bug #943 (Michael on review queue)
- bug #841 (Michael on review queue)
  - functions outsourcing to /includes/lib_general.php
dirk: DEV: bug#827 regular Thawte patches: still open, 15.php - add assurers state at bottom of page Thursday ? next to upload
Org Arb case a20100404.1
- workaround: on adding domain, send email to: arb, board, org group
next meeting: Tuesday, May 31, 2011 22:00

Fixed Action Items since last Meeting

dirk	Barcamp Karlsruhe 18./19. June, testers workshop, invite npapa	{g}
Ted, Michael	CATS system, add onto mgr server, add ted as console admin on mgr server -> Michael	{g}
Uli	add Michael to host console (firewall add)	{g}
Michael	signer on testserver doesn't work currently (problem is triggered gpp key that crashes signer), needs fixing	{g}
Michael	fix Root_Certs table on cacert1.it-sls.de	{g}

Action Items New

Alex, Ian, Pieter - prepare pressrelease about class3 project
Uli - documentation: sources of class3 fingerprint
Michael, Dirk, Uli - prepare patches, update wiki and other sources with new class3 fingerprint
Michael - mantis bug: notification emails missing
Michael - mantis bug: bug #854 (white page)
Michael, Dirk, Ted - * New bug fixes:
- bug #940 (outsource help pages to wiki)
- bug #943 (replace OA-admin text with OA-Assurer)
- bug #841 (cert login - check issuer source)

Action items: Meeting Action Items

Software/Assessment/ActionItems

all	proposed Apache config SSLCipherSuite settings for CAcert SSL enabled infrastructure systems see also BEAST migration https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls Proposal from Sysadm list 2013-09-06	{0}
SA	documentation server cert design concept to SystemAdministration/Systems/Development/Prepare	{0}
all	review Software patches Update Cycle	{0}
BenBE, Marcus	documentation: developer git repos under github bug #1131 history @ github CAcertOrg @ github started under Software/Assessment/Documentation/UpdateCycle/step1	{0}
NEO	BenBe: request: htttps header on bugtracker bug #1116	{0}
all	read x509 guide	{0}
all	bug#1068 blog problem (also relates to community) debian lenny - edge - squeeze upgrades needed alternate: new server with squeeze, install wordpress, transfer domain workaround: configure your FF FAQ/BrowserClients	{g}
uli	Experience points for ATE attendance check board motions and/or trigger if not yet passed	{0}
uli	Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18 current state: see Funding Landing Page May 2013: tk-server sponsoring, tk-server rcvd, deployment: WIP, project not yet finished	{0}
All	1. next: strategy for "New Roots & Escrow" - using indirect crl's ? indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment	{0}
dirk, Michael	3. next: strategy for "New Roots & Escrow" - how does debian work? to contact, deferred to next events (?) next round: picked up by Benedikt new proposal 2013-06-02	{0}
Uli, Michael	Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png	{0}

Development, Deployment, Discussion

OAO, Ted	bug #943 change OA admin/assurer text	needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected	{-}
uli, Ted	bug #824 Org User cert fix Case study	Organisation User Certificates: Need UI improvement for proper production usage	{0}
uli, ted	bug #823 email address removal fix	No warning when removing e-mail address from account that certificates will be revoked checked by 4, needs 2nd review, deploy rejected	{-}
inopiae	bug #920 Join - single name only (eg Indonesian)	details under bug number	{0}
uli	bug #859 admin console interface	feature request: show activity on an account in the admin interface rejected, certs login doesn't modify "modified" field	{r}
Michael	bug #540	p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing uli, marcus: needs full cert create tests duplicate report to bug#978 tested by 3, 2nd review done, transfered Ken reported: still has problems, bug kept open	{0}
gagern, NEO	bug #440 Problem with subjectAltName (CSR, renew certs)	There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development	{r}
neo	bug #1025 Domain Dispute issue	disputes rc and rc2 var prob needs work	{r}
dirk	bug #1054 0001054: Review the code regarding the new point calculation	Thawte patch part II needs further work	{r}

Software Assessors: Review 1 / add to cacert-devel, add to testserver

Software-Assessors task

Testing

Testers task

neo	bug #1004 Stats page improvement	tested by 2, needs 2nd review	{0}
neo	Bugs #1159 it might be possible to execute commands on the signing server		{0}
inopiae	bug #1065 Wrong wording when sending mails during the assurance process		{0}
inopiae	bug #1162 calcutate (the passwords) hash in php instead of in mysql	create test scenarios for the software testers $/!\$ Full testing $/!\$	{0}
inopiae	bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails		{0}
inopiae	bug #988 TTP cap form deployment		{0}

Software Assessors: 2nd Review, Bundle Package to Critical Team

Software-Assessors task

Ted	bug #500 Get contact mail adress after resolving test	tested by 3, requires review	{0}
Ted	bug #1140 Show if a test is passed in learnprogress	tested by 3, requires review	{0}
magu	bug #1131 Rename _all_ Policies from .php to .html and fix all links	global policy directory maintenance and update	{0}
inopiae	bug #1010 Reorder the view on organisation certificates	tested by 3	{0}

Software Assessors: Bundle Package to Critical Team

Software-Assessors task

inopiae

bug #1139 Add new fields to the database

tests through #500 and #1140, 2nd review done, requires transfer

{0}

Awaiting Response from Critical Team

inopiae

bug #411 Wrong text is made into link

{g}

CategorySoftwareAssessment

CategorySoftwareAssessment

Software/Assessment/20110524-S-A-MiniTOP (last edited 2011-09-23 00:06:17 by UlrichSchroeter)