. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110802-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110816-S-A-MiniTOP|next meeting]]'''
----
= Minutes of the MiniTOP on the 2011-08-09 =
== Setting ==
The MiniTOP will be held via telco 22:00 CEST
Attendees: dirk, Marcus, Uli, (Fabian), Michael
== Topics ==
(skip to agenda)
Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
== Agenda ==
1. Workshop - The List of open / running / unhandled bugs - Part I
* Working Session - Action Items to start
1. x^4^ [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login
* needs 2nd review - Ted, done<
>needs bundling, done
* NEO: did restructuring (sql query to subroutine), (Update 2011-07-26), re-tested, reviewed
* needs bundling
1. annoying gpg bug #911
|| [[https://bugs.cacert.org/view.php?id=911|bug #911]] gpg bug || gpg keys expires 1970<
>tests started 2 weeks ago<
>needs review, deploy || {0} ||
1. Needs development, deployment, discussion
1. Advertising
|| [[https://bugs.cacert.org/view.php?id=958|bug #958]] || ADS Challenge, Advertising || {0} ||
* [[CAcertInc/LogosForSale/Rules]] wiki link exist
* "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logo
. {{https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/bid.png|bid!|width=200,align="center"}} {{https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/BuyMe.png|Buy Me|width=200,align="center"}} {{https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/LogoForSale.png|Logo For Sale|width=200,align="center"}} {{https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/MonthlyAuction.png|Monthly Auction|width=200,align="center"}}
* "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logos 40px
. {{https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/bid40.png|bid!|height=40,align="center"}} {{https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/BuyMe40.png|Buy Me|height=40,align="center"}} {{https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/LogoForSale40.png|Logo For Sale|height=40,align="center"}} {{https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/MonthlyAuction40.png|Monthly Auction|height=40,align="center"}}
* "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logos 60px
. {{https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/bid60.png|bid!|height=60,align="center"}} {{https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/BuyMe60.png|Buy Me|height=60,align="center"}} {{https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/LogoForSale60.png|Logo For Sale|height=60,align="center"}} {{https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/MonthlyAuction60.png|Monthly Auction|height=60,align="center"}}
* [[https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/bid.png]]
* [[https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/BuyMe.png]]
* [[https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/LogoForSale.png]]
* [[https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/MonthlyAuction.png]]
* [[https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/bid40.png]]
* [[https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/BuyMe40.png]]
* [[https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/LogoForSale40.png]]
* [[https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/MonthlyAuction40.png]]
* [[https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/bid60.png]]
* [[https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/BuyMe60.png]]
* [[https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/LogoForSale60.png]]
* [[https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/MonthlyAuction60.png]]
* wiki links
* [[ads1]] ADS1
* [[ads2]] ADS2
* [[ads3]] ADS3
* [[ads4]] ADS4
1. VBscript for Vista/Win7 (select keysize >= 1024)
|| x^1^ Dirk, new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' || current state: test /account/4.php added to testserver<
>Marcus will do detailed tests on Wed<
>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] || {-} ||
* as part of
* x^1^ Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] / [[https://bugs.cacert.org/view.php?id=954|bug #954]] / [[https://bugs.cacert.org/view.php?id=964|bug#964]]
* Current state:
|| {g} || pre mailing sent ||
|| {g} || keys revocation script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]], finished ||
|| {-} || dirk: DEV: [[Arbitrations/a20110312.1|a20110312.1]] [[https://bugs.cacert.org/view.php?id=918|bug#918]] Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' <
>vbscript needs to be improved with select box key size and lower limit to 2048 (based on [[https://wiki.mozilla.org/CA:MD5and1024]])<
>Api CertEnroll (MS crypto provider)<
>new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>current state: test /account/4.php added to testserver<
>Marcus will do detailed tests on Wed<
>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] ||
|| {g} || Weak keys blog post, published ||
|| {g} || Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30) ||
|| {b} || weak keys: problems with cryptostick (to test at [[events/FrOSCon2011|Froscon]] with Juergen ?) ||
* cert enroll infos under [[https://bugs.cacert.org/view.php?id=964|bug#964]]
* vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation
* [[http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx]]
1. [[AGM/TeamReports/2011#Software-Assessment-Project|AGM reports 2010-2011]]
* Software-Assessment project team report finished, plz review
* Weak keys / Weak passwords missing
* Sections added:
* Weak Keys / Weak Passwords Arbitration cases
* The Software-Testteam
* Software-Assessment Documentation
* Statistics
* Summary
1. Thawte Patch - PR strategy
1. x^2^ [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
* [[https://bugs.cacert.org/view.php?id=959|bug #959]] deployed
* [[https://bugs.cacert.org/view.php?id=827|bug #827]] awaiting response from critical team
* next steps:
* preparing PR, support
1. Documentation Bugs.cacert.org Review
* discussion about states to define, redefine
* bugs documentation I ([[Software/Assessment/Documentation/bugs|bugs handbook]])
* bugs documentation II (to incorporate into the [[Software/Assessment/Documentation|Software-Update-Cycle]] procedure/documentation)
* Review, Update
* svg pictures have cuted text under some browsers
* u60: cant get it scaled
* Neo: added png files
* u60: problem persists
=== Unhandled Agenda Items from last meeting ===
1. PRO
* question from board -> PR officer
* request to Alex
* support from all
* Board meeting was 2011-08-07, but no PR officer nominated/appointed
1. Workshop - The List of open / running / unhandled bugs
1. Dirk '''reminder''' (from last meeting) assure someone patches (checkboxes)
|| Dirk || DEV: [[https://bugs.cacert.org/view.php?id=894|bug #894]] problems with check-boxes on website forms (Assure someone) -> [[Arbitrations/a20091118.3|a20091118.3]] || {0} ||
1. Bugs under testing:
|| Dirk, Michael, Ted || [[https://bugs.cacert.org/view.php?id=957|bug #957]] Resize the comment field on [[https://secure.cacert.org/account.php?id=27]] so more information is visible || {0} ||
|| Dirk, Michael, Ted || [[https://bugs.cacert.org/view.php?id=965|bug #965]] 0000965: Outsource / fix Webdb text pages id=12, 13 || {0} ||
1. Review bugs under testing (finished testing?) (Review 2?)
|| [[https://bugs.cacert.org/view.php?id=910|bug #910]] Outsource board member list || from Webdb to wiki (id=8) (Part II) || {0} ||
|| [[https://bugs.cacert.org/view.php?id=955|bug #955]] change sort order Orga list || Possibilty to change the sorting order for the organisation overview || {0} ||
1. (review), to bundle, to deploy
|| [[https://bugs.cacert.org/view.php?id=940|bug #940]] help* to wiki || Outsource Webdb text pages help.php?id=0..9 to wiki<
>needs review, deploy || {0} ||
1. Needs review, transfer to Critical team
1. x^4^ [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login
* needs 2nd review - Ted, done<
>needs bundling, done
* NEO: did restructuring (sql query to subroutine), (Update 2011-07-26)
* needs re-tested
* needs 2nd review, bundling
* => Ted on Wed, not done
|| x^4^ NEO: [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login || needs 2nd review - Ted, done<
>needs bundled<
>NEO will check to get sql query extracted<
>needs pushing<
>pushed to testserver<
>Needs Review & testing || {0} ||
1. Needs development, deployment, discussion
1. [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver)
|| [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver) || asssigned to Ted, set to needs work, CATS to install on ca-mgr1 || {0} ||
1. [[https://bugs.cacert.org/view.php?id=943|bug #943]] change OA admin/assurer text
|| [[https://bugs.cacert.org/view.php?id=943|bug #943]] change OA admin/assurer text || -> Ted, rejected, needs comment from OAO || {-} ||
* webdb names OrgAdmins as OrgAssurers and names OrgAssurers as OrgAdmins.
* patch takes account about this issue
* problem with menu link Org Admin .. is Org Assurers menu
* but this menu includes one addtl. link "View" that is available for Org Admins
* and Org Admins with master flag to add new admins
* master flag is not described in OAP (!)
* addtl master flag to revoke ?
* rename to "Org Administration"
* don't show menu to OrgAdmins
1. [[https://bugs.cacert.org/view.php?id=966|bug #966]]
* tests ok, but the question is, is OrgAdmin allowed to remove other admins ? yes or no?
* current scenario doesn't allow removal of other admin
* NEO: reset testserver state to fix state before bugfix
* NEO: re-add bug 966 to testserver
* bug needs more work, selection currently clashes with language setting (Delete != Löschen)
* general problem in /pages/account.php with process variable, transfer of "cancel" pushes any action
* potential workaround to fix all "Cancel" requests available
* read [[https://bugs.cacert.org/view.php?id=966#c2287]]
1. Still awaiting response from Critical team
|| x^2^ [[https://bugs.cacert.org/view.php?id=827|bug #827]] "Thawte" patch (still running)<
>related [[https://bugs.cacert.org/view.php?id=959|bug #959]] || needs 1 more test, needs 2nd review<
>2nd review: also check -x<
>tests done, 2nd review outstanding || {0} <
> {g} ||
* x^2^ [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
* todo:
1. NEO: 2nd review of [[https://bugs.cacert.org/view.php?id=827|Bug# 827]]
1. NEO: bundling [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] to critical team
* [[https://bugs.cacert.org/view.php?id=959|bug #959]] deployed
* 2nd review and bundling by Ted
* bundling instruction to critical team, deploy 15.php, and 7 days later 10.php
* awaiting response from critical team
1. strategy plans ... next: strategy for "New Roots & Escrow"
1. idea: using indirect crl's ?
* 2 crl's needed, one valid, one invalid crl server
* more infos available ? who ?
1. build testserver with special certs
1. Magu, Michael to send instructions for test deployment
* indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5)
* meetings ago we've defined Testing requirements and a potential testszenario
* to remind every meeting
1. policy group: define requirements
* multimember escrow method ?
* needs risk analyze
* potential candidates ?
* Marcus to contacted Benedikt, will contact Thomas K
* Next step(s)
1. how does debian work ?
* defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
1. CI (Update)
* [[http://live.eclipse.org/node/1031|description to eclipse testpage]], [[http://adobedev.adobe.acrobat.com/p4101brizwr/|Webinar]]
* deployment scenario:
1. create testusers
1. testing
1. delete testusers
* regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
* reminder
1. next meeting: Tuesday, August 16, 2011 22:00
== Minutes ==
1. Working session
* Dirk: to handle bug #911 ?
* has no working environment to handle transfers to critical team
1. Advertising
* current 3 (4) places
1. top, right CAcert logo
1. right, below menu (text advertisement)
1. menu footer (Bit, Tunix)
1. google ads, nobody knows about
* google new ads program with challenge
* [[http://www.cocomore.de/das-neue-google-adwords-zertifikat-%E2%80%93-wir-haben-es]]
* [[http://adwords.google.com/]]
* [[http://google.de/adsense/]] - needs google account
* ad client id: pab.*9860, email adress is needed
* addtl. pin number ?
* board member to write email request to Robert, Philipp, Philpp, Teus, ernie
* contact google?
* account recovery?
* logo height max 62 px
* u60: added logos 40px + 60px
* add new wiki pages [[ads1]] .. [[ads4]]
* add new wiki page [[ads5]] with refresh parameter for external url redirect
* source: [[http://moinmo.in/HelpOnProcessingInstructions]]
* but currently not working, needs wiki admin: edit moinmoin config to enable external redirection
* addtl logos series B under [[CAcertInc/LogosForSale]]
1. VBscript for Vista/Win7 (select keysize >= 1024)
|| x^1^ Dirk, new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' || current state: test /account/4.php added to testserver<
>Marcus will do detailed tests on Wed<
>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] || {-} ||
* Marcus: added notes for Win7 [[https://bugs.cacert.org/view.php?id=964#c2249]]
1. [[AGM/TeamReports/2011#Software-Assessment-Project|AGM team report]]
* new items
1. Weak Keys / Weak Passwords Arbitration cases
1. The Software-Testteam
1. Software-Assessment Documentation
1. Statistics
1. Summary
* so far so good
1. Thawte Patch - PR strategy
1. x^2^ [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
* [[https://bugs.cacert.org/view.php?id=959|bug #959]] deployed
* [[https://bugs.cacert.org/view.php?id=827|bug #827]] awaiting response from critical team
* next steps:
* preparing PR, support
1. if the patch goes active, this needs support
* wiki faq (existing page? thawte topic?)
* blog (-> alex)
* mailing list
* press release? probably not at this state
* Support: could be better, but is ok
* Triage: where to forward Thawte patch requests?
* add to Support team meeting agenda
1. Documentation Bugs.cacert.org Review
* bugs documentation I ([[Software/Assessment/Documentation/bugs|bugs handbook]])
* bugs documentation II (to incorporate into the [[Software/Assessment/Documentation|Software-Update-Cycle]] procedure/documentation)
* svg pictures have cuted text under some browsers
* u60: cant get it scaled
* Neo: added png files
* u60: problem persists
* u60 + Neo, both using Inkscape, cuted text cannot be corrected with Inkscape
* u60 will try other solutions
* still on the action items list, but not to put on the agenda again
==== Fixed Action Items since last or within meeting ====
|| Michael || [[https://bugs.cacert.org/view.php?id=942|bug #942]] CATS import (2) || complete re-test as of code changes, tested || {g} ||
|| Michael || [[https://bugs.cacert.org/view.php?id=953|bug #953]] from bundle:<
>[[https://bugs.cacert.org/view.php?id=637|bug #637]] and [[https://bugs.cacert.org/view.php?id=963|bug #963]] weak password and<
>[[https://bugs.cacert.org/view.php?id=953|bug #953]] failure on pwd change redirect || needs 2nd review, not Micha -> Ted, done<
>Overall result: Please evaluate if the session problem can be fixed! (new [[https://bugs.cacert.org/view.php?id=963|bug #963]])<
>session problem seems to be fixed || {g} <
> {g} <
> {g} ||
|| Michael || [[https://bugs.cacert.org/view.php?id=963|bug #963]] from bundle:<
>[[https://bugs.cacert.org/view.php?id=637|bug #637]] and [[https://bugs.cacert.org/view.php?id=963|bug #963]] weak password and<
>[[https://bugs.cacert.org/view.php?id=953|bug #953]] failure on pwd change redirect || needs 2nd review, not Micha -> Ted, done<
>Overall result: Please evaluate if the session problem can be fixed! (new [[https://bugs.cacert.org/view.php?id=963|bug #963]])<
>session problem seems to be fixed || {g} <
> {g} <
> {g} ||
----
==== Action Items New ====
|| uli || [[https://bugs.cacert.org/view.php?id=966|bug #966]]<
>bug needs more work, selection currently clashes with language setting (Delete != Löschen)<
>general problem in /pages/account.php with process variable, transfer of "cancel" pushes any action<
>potential workaround to fix all "Cancel" requests available<
>read [[https://bugs.cacert.org/view.php?id=966#c2287]] and attached fix || {0} ||
Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
<>
----
. CategorySoftwareAssessment