. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110621-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110705-S-A-MiniTOP|next meeting]]'''
----
= Minutes of the MiniTOP on the 2011-06-28 =
== Setting ==
The MiniTOP will be held via telco 22:00 CEST
Attendees: Michael, Uli, Marcus, Marc, Mario, dirk
== Topics ==
(skip to agenda)
Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
== Agenda ==
* Software Assessors Reviews
* Patches reviewed since last meeting ?
* If yes, continue Agenda meeting
* else: working session in meeting
* Review 1: review, add to cacert-devel, transfer to testserver
|| Ted || [[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) ||
|| Mawa || [[https://bugs.cacert.org/view.php?id=943|bug #943]] (replace OA-admin text with OA-Assurer) ||
|| Michael || [[https://bugs.cacert.org/view.php?id=841|bug #841]] (cert login - check issuer source) ||
|| Michael || [[https://bugs.cacert.org/view.php?id=942|bug#942]] (CATS test) ||
* Review 2: finish tests, bundle patch, send to critical team
|| Dirk || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) ||
* strategy plans ... next: strategy for "New Roots & Escrow"
1. idea: using indirect crl's ?
* 2 crl's needed, one valid, one invalid crl server
* more infos available ? who ?
1. build testserver with special certs
1. Magu, Michael to send instructions for test deployment
* indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5)
1. policy group: define requirements
* multimember escrow method ?
* needs risk analyze
* potential candidates ?
* Marcus to contact Thomas K
* Uli to contact Benedikt
1. how does debian work ?
* defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
* State Testserver Update, Current Patches on Testserver, current running Arbitrations:
* the list of unhandled patches
1. Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]]
* mail to ted to continue with arb case, adding to thread on arb case
* Next: script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]]
1. Arbitration case [[Arbitrations/a20110419.1|a20110419.1]] [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Weak Passwords
* Pwd text removed, but reject pwd doesn't work, pwd can be set to weak pwd
* problem #1 at login, plz change, use old pwd works - fail
* problem #2 at join
* to include in ? checkpassword() in includes(general.php) ... add addtl. requirements there ?
* current: clear password in source code
* checkpassword() needs rewrite, but this is another issue, first we have to take care about the Fred pwd
* dictionary is still active grep current-pwd share/userdict
1. Fred... to add into checkpassword()
1. checkpassword() to add into login procedure
* pwd cannot be changed - new [[https://bugs.cacert.org/view.php?id=953|Bug# 953]] "After change of password change on account.php?id=14 does not meet requirements wrong redirect"
* SE reset pwd procedure doesn't take care about weak pwd
* Under testing: update
1. "Thawte" patch [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] Points-Count-Order-Change project
* in testing
* problems in counting found, missing points
* new commit by dirk, forwarded by NEO
* 80 pts counted, 100 countable ... problem
* new commit by dirk, forwarded by NEO
* pts problem seems to be solved, assurer challenge needed seems now to be ok
* Under testing: update
* Annoying gpg bug
|| dirk, michael, uli || annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]] (gpg expires 1970), activate gpg on testserver ? pickup upcoming weekend ? || {0} ||
* Documentation
* Bugs.cacert.org
* discussion about states to define, redefine
* bugs documentation I ([[Software/Assessment/Documentation/bugs|bugs handbook]])
* bugs documentation II (to incorporate into the [[Software/Assessment/Documentation|Software-Update-Cycle]] procedure/documentation)
* Update
* uli, marcus - Testserver + Software Testers - task based help - update
* uli, markus - testers how-to regarding testserver roots: live-cd ? how-to, 2nd profile add to [[Software/TestTeam/WelcomePack|Welcome Pack]] - update
* CI (Update)
* next meeting: Tuesday, July 5, 2011 22:00
== Minutes ==
* Reviews did not happen, so this meeting becomes a working session
* Michael currently works on TMS
* Weak keys patch: message in support mailing list, no infos currently avail
* Class3 no more requests or infos
* Michael works on [[https://bugs.cacert.org/view.php?id=942|bug#942]]
* reviewed
* added to testserver
* test szenario:
1. account not assurer
1. TMS add 70 pts, + CATS
1. check user account: should have 70 pts, no assurer
1. apply regular more assurances with regular other test accounts
1. check user account: should have 100 pts+, is-assurer
* nothing browser specific
* dirk works on [[https://bugs.cacert.org/view.php?id=948|Bug #948]]
* reviewed
* in repository
* last state ???
* not yet checked in
* assure someone, add domain, assure someone - account doesn't exist - send notification
* strategy plans ... next: strategy for "New Roots & Escrow"
1. idea: using indirect crl's ?
* 2 crl's needed, one valid, one invalid crl server
* more infos available ? who ?
1. build testserver with special certs
1. Magu, Michael to send instructions for test deployment
* indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5)
* Magu not avail, no update
* other testers ?
* Marcus: no, Marc: ?
* some discussion about potential test environment, no result
1. policy group: define requirements
* multimember escrow method ?
* needs risk analyze
* potential candidates ?
* Uli to contact Benedikt, no update
* Marcus to contact Thomas K
* contacted benedikt, will take care about
* will contact Thomas K
* Marc: thawte patch problem found 2147483647 assurance pts entered, 15.php displays 2147483647 pts
* Arbitration: exists values in points? limit 0-150 pts ? or no arbitration ? (discussion)
* State Testserver Update, Current Patches on Testserver, current running Arbitrations:
* the list of unhandled patches
1. Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]]
* mail to ted to continue with arb case, adding to thread on arb case
* Next: script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]]
* next meeting: Tuesday, July 5, 2011 22:00
==== Fixed Action Items since last or within meeting ====
|| Uli || to write mail to SA's: dirk, michael + ted, to appoint each SA two bugs for review 1 || {g} ||
|| Dirk, Michael || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) '''REVIEW 2''' || {g} ||
|| Dirk, Michael, Mawa || [[https://bugs.cacert.org/view.php?id=942|bug#942]] (cats test) (ted), triage test on CATS (Update), to review, to test '''REVIEW 1''' || {g} ||
|| Michael || [[https://bugs.cacert.org/view.php?id=942|bug#942]] (CATS test) || {g} ||
|| Dirk || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) || {g} ||
----
==== Action Items New ====
* Dirk: assure someone patches
* Uli: add to testers portal, push testers on [[https://bugs.cacert.org/view.php?id=942|bug#942]] and [[https://bugs.cacert.org/view.php?id=948|Bug #948]]
* Ted: Next: script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]]
Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
<<Include(Software/Assessment/ActionItems)>>
----
. CategorySoftwareAssessment