. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110614-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110628-S-A-MiniTOP|next meeting]]'''
----
= Minutes of the MiniTOP on the 2011-06-21 =
== Setting ==
The MiniTOP will be held via telco 22:00 CEST
Attendees: Marcus, Uli, Michael, Magu, Dirk
== Topics ==
(skip to agenda)
new items in last meeting:
1. dirk ? michael ? jandd ? alexander ? sven ? - next strategy for "New Roots & Escrow" - get in contact with debian group
1. dirk, michael, uli - annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]] (gpg expires 1970), activate gpg on testserver ? pickup upcoming weekend ?
1. uli, marcus - Testserver + Software Testers - task based help
Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
== Agenda ==
* strategy plans ...
1. next: strategy for "New Roots & Escrow"
* idea: using indirect crl's ?
* 2 crl's needed, one valid, one invalid crl server
* more infos available ? who ?
* policy group: define requirements
* multimember escrow method ?
* how does debian work ?
* secret sharing schema
* docu process [[http://ftp-master.debian.org/keys.html]]
* public mailing lists ? contacts ?
* dirk ? michael ? jandd ? alexander ? sven ? and other contacts (ftp team ?)
* State Testserver Update, Current Patches on Testserver, current running Arbitrations:
* the list of unhandled patches
* Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]]
* Arbitration case [[Arbitrations/a20110419.1|a20110419.1]] [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Weak Passwords
* "Thawte" patch [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] Points-Count-Order-Change project
* Software Assessors Review 1
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) ||
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=943|bug #943]] (replace OA-admin text with OA-Assurer) ||
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=841|bug #841]] (cert login - check issuer source) ||
|| Dirk, Michael, Mawa || [[https://bugs.cacert.org/view.php?id=942|bug#942]] (CATS test) ||
|| Dirk || [[https://bugs.cacert.org/view.php?id=827|bug#827]] (Thawte patches, points order change) ||
* Software Assessors Review 2
|| Dirk, Ted, Mawa || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) ||
* Testgroup: recruit new testers, update
* result from: Software Testers - Workshop at Barcamp Karlsruhe
* CI (Update)
* next meeting: Tuesday, June 28, 2011 22:00
== Minutes ==
* Bugs.cacert.org
* discussion about states to define, redefine
* bugs documentation I ([[Software/Assessment/Documentation/bugs|bugs handbook]])
* bugs documentation II (to incorporate into the [[Software/Assessment/Documentation|Software-Update-Cycle]] procedure/documentation)
* strategy plans ...
* next: strategy for "New Roots & Escrow"
1. idea: using indirect crl's ?
* 2 crl's needed, one valid, one invalid crl server
* more infos available ? who ?
1. build testserver with special certs
1. Magu, Michael to send instructions for test deployment
* indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5)
1. policy group: define requirements
* multimember escrow method ?
* needs risk analyze
* potential candidates ?
* Marcus to contact Thomas K
* Uli to contact Benedikt
1. how does debian work ?
* secret sharing schema
* docu process [[http://ftp-master.debian.org/keys.html]]
* public mailing lists ? contacts ?
* dirk ? michael ? jandd ? alexander ? sven ? and other contacts (ftp team ?)
* Update: no update, no one works on contacts
* defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
* State Testserver Update, Current Patches on Testserver, current running Arbitrations:
* the list of unhandled patches
1. Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]]
* mail to ted to continue with arb case, adding to thread on arb case
1. Arbitration case [[Arbitrations/a20110419.1|a20110419.1]] [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Weak Passwords
* Pwd text removed, but reject pwd doesn't work, pwd can be set to weak pwd
* problem #1 at login, plz change, use old pwd works - fail
* problem #2 at join
* to include in ? checkpassword() in includes(general.php) ... add addtl. requirements there ?
* current: clear password in source code
* checkpassword() needs rewrite, but this is another issue, first we have to take care about the Fred pwd
* dictionary is still active grep current-pwd share/userdict
1. Fred... to add into checkpassword()
1. checkpassword() to add into login procedure
* pwd cannot be changed - new [[https://bugs.cacert.org/view.php?id=953|Bug# 953]] "After change of password change on account.php?id=14 does not meet requirements wrong redirect"
* SE reset pwd procedure doesn't take care about weak pwd
* to continue testing
1. "Thawte" patch [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] Points-Count-Order-Change project
* in testing
* problems in counting found, missing points
* new commit by dirk, forwarded by NEO
* 80 pts counted, 100 countable ... problem
* new commit by dirk, forwarded by NEO
* pts problem seems to be solved, assurer challenge needed seems now to be ok
1. Software Assessors Review 1
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) ||
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=943|bug #943]] (replace OA-admin text with OA-Assurer) ||
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=841|bug #841]] (cert login - check issuer source) ||
|| Dirk, Michael, Mawa || [[https://bugs.cacert.org/view.php?id=942|bug#942]] (CATS test) ||
|| Dirk || [[https://bugs.cacert.org/view.php?id=827|bug#827]] (Thawte patches, points order change) || {g} ||
* we need active SA's
* PG inactive
* Mawa currently on projects
* Dirk writes patches
* Ted is currently busy
* Michael is alone
* new SA's ?
* Uli to write mail to SA's: dirk, michael + ted, to appoint each SA two bugs
* next week working session
1. Software Assessors Review 2
|| Dirk, Ted, Mawa || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) ||
* dirk will check
* Testgroup: recruit new testers, update
* result from: Software Testers - Workshop at Barcamp Karlsruhe
* no real new testers ... some interesting talks, but no HR
* next meeting: Tuesday, June 28, 2011 22:00
==== Unhandled within meeting ====
. (from action items)
|| dirk, michael, uli || annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]] (gpg expires 1970), activate gpg on testserver ? pickup upcoming weekend ? || {0} ||
|| uli, marcus || Testserver + Software Testers - task based help || {0} ||
|| uli, markus || testers how-to regarding testserver roots: live-cd ? how-to, 2nd profile add to [[Software/TestTeam/WelcomePack|Welcome Pack]] || {0} ||
==== Fixed Action Items since last or within meeting ====
|| Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=946|Bug #946]] (Class3 Fingerprints) || {g} ||
|| Dirk || DEV: [[https://bugs.cacert.org/view.php?id=827|bug#827]] regular Thawte patches: still open<<BR>>15.php - add assurers state at bottom of page Thursday ? '''REVIEW 1''' || {g} ||
|| Michael || 1. next: strategy for "New Roots & Escrow" - using indirect crl's ?<<BR>>send instructions for test deployment || {g} ||
|| Michael || Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]]<<BR>>mail to ted to continue with arb case, adding to thread on arb case || {g} ||
|| Marcus || pwd cannot be changed - new [[https://bugs.cacert.org/view.php?id=953|Bug# 953]] "After change of password change on account.php?id=14 does not meet requirements wrong redirect" || {g} ||
==== Modification on Action Items ====
|| dirk ? michael ? jandd ? alexander ? sven ? || next strategy for "New Roots & Escrow" - get in contact with debian group || split to 3 sub parts ||
----
==== Action Items New ====
|| Michael, Ted, Uli, Marcus || bugs documentation I ([[Software/Assessment/Documentation/bugs|bugs handbook]])<<BR>>bugs documentation II (to incorporate into the [[Software/Assessment/Documentation|Software-Update-Cycle]] procedure/documentation) || {0} ||
|| Michael || 1. next: strategy for "New Roots & Escrow" - using indirect crl's ?<<BR>>send instructions for test deployment || {g} ||
|| Magu || 1. next: strategy for "New Roots & Escrow" - using indirect crl's ?<<BR>>indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5) - test deployment || {0} ||
|| Marcus, Uli || 2. next: strategy for "New Roots & Escrow" - multimember escrow method risk analyze<<BR>>contact potential candidates for doing a risk analyze || {0} ||
|| dirk, Michael || 3. next: strategy for "New Roots & Escrow" - how does debian work?<<BR>>to contact, defered to Froscon (end of Aug), CCCcamp (around Aug 10th) || {b} ||
|| Michael || Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]]<<BR>>mail to ted to continue with arb case, adding to thread on arb case || {g} ||
|| Marcus || pwd cannot be changed - new [[https://bugs.cacert.org/view.php?id=953|Bug# 953]] "After change of password change on account.php?id=14 does not meet requirements wrong redirect" || {g} ||
|| Testers || Arbitration case [[Arbitrations/a20110419.1|a20110419.1]] [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Weak Passwords * one report: lost password: is fixed on testserver, needs testing !!! Continue '''TESTING''' || {0} ||
|| Testers || [[https://bugs.cacert.org/view.php?id=827|bug#827]] regular Thawte patch/Points-Count-Order-Change project<<BR>>applied to testserver, needs testing !!! Urgent '''TESTING''' || {0} ||
|| Uli || to write mail to SA's: dirk, michael + ted, to appoint each SA two bugs for review 1 || {0} ||
|| All || bugs for review 1: if unhandled before next meeting to handle under working session within next meeting || {0} ||
|| Dirk || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) '''REVIEW 2''' || {-} ||
Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
<<Include(Software/Assessment/ActionItems)>>
----
. CategorySoftwareAssessment