To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting
Minutes of the MiniTOP on the 2011-11-01
Setting
The MiniTOP will be held via telco 22:00 CET
Attendees: Magu, Uli, Michael (dirk by irc occasionally)
Topics
(skip to agenda)
Action items from last meeting Meeting Action Items
Agenda
bug #976 - database restructure preperation
raw transcript from meeting results: sql structure modifications as discussed within meeting
- New table to add: high potential domains to secure (mozilla blue print)
- proposed testserver deployment - when ?
- results from meeting 2011-10-18
- deletedwhen - to rename to deleted type datetime
- from - to rename to creatorid
- enum - or not enum for cca method
- add table "mozilla blue print" domains
- proposal michael: to add this as file, also to deploy to signer
- sql update? or php script?
- adding versioning number ? table verno, when type datetime
- results from meeting 2011-10-25
- email addresses + domains verification on cert renewal: last verified (type datetime)
info from dirk regarding CCA table structure. structure defined in https://lists.cacert.org/wws/arc/cacert-devel/2009-06/msg00004.html. Current definition to compare with structure definition from mid 2009
- detailed discussion regarding CCA table
- comment field to name as method?
type -> boolan
- adding version table
- latin-1 is db standard
- sql script will be prepared by Michael
- Update?
bug #827 - New Points calculation / Thawte patch
- The patch
dirk needs results from arbitration a20100822.1 request to magu
- dirk sent update 2011-10-18: michael transfered to testserver
michael: sql injection of one notary record: date < 30.8.2006, awarded=0, points=35
test: 10.php: 35 points, 15.php shows 0 points => bug not fixed
problem was reported by Hans, needs to be fixed: awarded = 0, points = 35, assurance date < 1.9.2006
- there still exist 2 notary table records for test purposes to check this bug
script
10.php
15.php
43old
43new
assuree's view
assurances received35 pts {g}
35 pts {g}
35 pts {g}
35 pts {g}
assurer's view
assurances given35 pts {g}
0 pts {r}
35 pts {g}
0 pts {r}
problem awarded = 0, points = 35 -> assurances given wrong calculation
- dirk checks 15.php
- new patch by dirk, michael transfered to testserver, marcus tested: 15.php ok
- fix for 43.php needs to be fixed too
dirk
display Assurance when field in list of assurances received, assurances given by a user in admin console interface
last update 2011-10-25{0}
- first test: ok
- new fix for bug#827
- addtl. test: ok
michael: sql injection of two addtl. notary record: date < 30.8.2006, awarded=0, points=35
- there still exist 2 notary table records for test purposes to check this bug
- problem solved with last update, update pushed to critical system, deployed
script
10.php
15.php
43old
43new
assuree's view
assurances received35 pts {g}
35 pts {g}
35 pts {g}
35 pts {g}
assurer's view
assurances given35 pts {g}
35 pts {g}
35 pts {g}
35 pts {g}
- PR work - Update?
newsletter mailing: ok from board m20111016.2 and m20111023.2
newsletter reviewed English revision PR/News/NewPointsCalculation
- translations in progress
- script sql query to prepare based on events/oa mailing
- request for statement by critical team
- proposal by critical team:
- to pace the email sending out a bit, e.g. by doing a chunk of 1000, then waiting 19 minutes (by a programmatic sleep) before starting the next chunk of 1000 etc
- pushing out the whole mailing will take somewhere between one and two full days
- reduce Postfix' maximal_queue_lifetime from the default 5 days to say 2 days
Basically a20100309.1 already gives permission for this mailing, except that it outlines a somewhat different technical implementation of such mailings. But policy-wise there doesn't seem to be a difference to me with what we are proposing here, so why bother with addtl arbitration?
- Software-Assessors / developers to prepare a sql-query that can handle above requirements, also to handle localy translateded text
- script to use from events + OA mailing, SA's to build a sql query, sending to critical team
- Update ?
- translations, reviews
newsletter reviewed English revision PR/News/NewPointsCalculation
newsletter translated, reviewed German revision German needs 2nd review
newsletter translated, reviewed Dutch revision Dutch
newsletter translated, reviewed French revision French
newsletter translated, reviewed Spanish revision Spanish
newsletter translated Russian revision Russian needs 2nd review
- "Special case" - handling of 0:0 cases under arbitration
- New proposal: scripted mailing for 0:0 F2F cases with detailed instructions
- get information how many 0:0 cass we have ?
info from last years arbitration a20100822.1 ? (documentation is not yet avail)
- Lambert as Arbitrator, Martin as Case Manager and dirk in role as SA as Claimant should know the answer
- is it possible to update 15.php script to signal the 0:0 F2F assurance cases ?!? eg by color blue or background color light yellow ?
- dirk: 15.php can be easily upgraded - not only color also italic
- to prepare an arbitration process for a scripted mailing announcement
- to the assuree's who may loose points caused by 0:0 cases
- to the assurers, who can re-apply their assurance over assuree's with the 0:0 problem
- arbitration initiated
wiki faq created: FAQ/NewPointsCount#YellowLines
- No CM/A picked up this case yet
- Questions from last 6 meetings:
- dirk: when will 827 goes to production ?
- The patch
- Testers workqueue
Translingo bug #985
https://translations.cacert.org (http://translations.cacert.org/) (replacement for translingo)
- the translingo.cacert.org had been in operation far longer, so I think it is possible that some users migrated to translingo.cacert.org, without telling us.
- I would suggest to mass-mail the email addresses of the translation-project leaders in the translingo database, to inform them, and to ask them to speak up if they still need it
- last foreign uploads 2008 on about 13 + cacert projects
- whohas translingo server console access?
- mario
- req for console access for michael to contact project leaders, Updates?
- Transfer In, Transfer Out problems
- Update from new deployment ?
- opened for: create an account can now be started
- Michael current state:
- import and export routine works
- script to incorporate updates needs fixed
- next: complete language handling needs to be updated
- accept lang handler needs fix
- FF de, de_de
- IE 6 de, 8,9 de_de
- working session within last meeting: michael, marcus
- infos from meeting 2011-10-18
- pdf code needs rewrite (uni code library, move to external server (outsourcing))
- message cert notification - uses perl code, text source not avail (get bind-text-domain)
- infos from meeting 2011-10-18
- current state?
- Marcus sent mailing to translators, no response so far, no tests so far
bug#894 "Haeckchen bug" - review done, changes needs reviewed again
3
Dirk
bug#894 assure someone patches (checkbox)
(incl wot.php changes)
tested by 2, needs 2nd review, deploy
new test round{0}
? / u1 / m1
- review by dirk in session, review ok
- needs testing
- Update?
- No tests this week
- needs testing (summary)
- 985 translingo, needs 2nd test, eg mails, needs review
- no tests reported
- 894 Haeckchen bug
- no tests reported
827 new points count (15.php), needs review (-> Michael)
- 882 relates to 43.php
- transfered to critical system
- 985 translingo, needs 2nd test, eg mails, needs review
- Action items from last meeting:
- Spam attack (from last meeting)
- analyze process by Michael, Marcus regarding contact form
- OTRS solution
- Update?
- uli to trigger new testserver developer image
- new fixes: fixed git repository, switch apache to apache2
- to enable/start ntpdaemon (in modified image, yes)
links see under Testserver Images wiki page
- Spam attack (from last meeting)
- Build + Document Emergency Patches Path
Build + Document Emergency Patches Path
Andreas, Uli, Wytze
{0}
- Documentation written, reviewed by Wytze
- Michaels workqueue
- New function to TMS - edit notary table record
- infos from last meeting
- testers needs editing individual notary records: fields "method", "awarded", "points"
- easier to create notary records with testserver (add F2F), and edit existing record, doesn't need to check for assurer-from, assuree-to and so on
- Update?
- New function to TMS - edit notary table record
- Dirks workqueue - The List of open / running / unhandled bugs
VBscript for Vista/Win7 (select keysize >= 1024) - reminder to dirk
x1 Dirk, new bug#964
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEVcurrent state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964{-}
- as part of
x1 Arbitration case a20110312.1 Weak keys bug #918 / bug #954 / bug#964
- Current state:
{g}
pre mailing sent
{g}
keys revocation script to bulk revoke weak keys, new bug #954, finished
{-}
dirk: DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV
vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024)
Api CertEnroll (MS crypto provider)
new bug#964
current state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964{g}
Weak keys blog post, published
{g}
Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30)
{b}
weak keys: problems with cryptostick (to test at Froscon with Juergen ?)
cert enroll infos under bug#964
vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation
http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx
Marcus: added notes for Win7 https://bugs.cacert.org/view.php?id=964#c2249
- dirk: has not started the virtual machine
- Question from Marcus: did someone contacted illuminat?
- No, Marcus: to contact illuminat
- Update?
- Advertising
Prepare Advertising fix for testserver - reminder to dirk
Dirk
Advertising (from last board meeting), bug #958
add changes as discussed in last meeting to testserver
{0}
CAcertInc/LogosForSale/Rules wiki link exist
- "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logo
- Logos and Links exist, needs deployment to testserver
- Update ?
- Bugs rejected in review 2
2
uli, ted
visibility over certificates for sysadm in account administration, new update 2011-09-24
{-}
? / u1 / m1
- shorten ttl for certs on testserver modification?
- update?
9
uli
bug #823 email address removal fix
No warning when removing e-mail adres from acount that certificates will be revoked
checked by 4, needs 2nd review, deploy{-}
? / u9 / m9
- update?
Bugs to Review #1, transfer to testserver - Currently 4
uli
bug #977 admin console text fix
admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue
{0}
uli
bug #967 OA isassurer check
Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer
{0}
uli
bug #859 admin console interface
feature request: show activity on an account in the admin interface, new update
{0}
inopiae
New layout of view for Organisation Administraors in account/id35
{0}
Bugs under testing: - Currently 4
neo
bug #985 move translingo to translations
check language settings under testserver
{0}
inopiae
bug #920 Join - single name only (eg Indonesian)
details under bug number
{0}
uli
bug #855 admin console interface "unknown" + "empty" assurance method fields, needed for correct testing on testserver
admin console lists "empty" and "Unknown" assurance types on listing given Assurances
{0}
3
Dirk
bug#894 assure someone patches (checkbox)
(incl wot.php changes)
tested by 2, needs 2nd review, deploy
new test round{0}
? / u1 / m1
Needs 2nd review + transfer to Critical team, to bundle, to deploy - Currently 4 (!!!)
- define priority eg. 10,2, and so on
- proposed order: from 1 to 10
5
uli, ted
bug #968 error logging cleanup (splitted bug #909)
split 0000909: too many error messages logged - part II - general.php
create certs,certs,certs
2 sessions: 2011-09-21 + 2011-09-25
more tests needed
create certs,certs,certs,certs
create client, server, gpg keys, org client and server certs{0}
? / u4 / m5
7
uli, ted
bug #789 OA edit domain fix
Editing domain for organisations does not work
new update 2011-09-26{0}
? / u7 / m7
8
Ted, uli
bug #957 Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible
last update 2011-08-19
tested 3 times
ready to deploy?{0}
? / u8 / m8
10
uli, Ted
bug #965 0000965: Outsource / fix Webdb text pages id=12, 13
addtl. id=37, id=38, new update 2011-09-25
{0}
? / u10 / m10
- #1 reviewed and transfered by Michael within meeting
- Needs development, deployment, discussion
bug #835 Migrate CATS onto testserver
bug #835 Assurer challenge (on testserver)
asssigned to Ted, CATS to install on ca-mgr1, awaiting deployment
{0}
bug #943 change OA admin/assurer text
bug #943 change OA admin/assurer text
-> Ted, rejected, needs comment from OAO
{-}
webdb names OrgAdmins as OrgAssurers and names OrgAssurers as OrgAdmins.
- patch takes account about this issue
- problem with menu link Org Admin .. is Org Assurers menu
- but this menu includes one addtl. link "View" that is available for Org Admins
- and Org Admins with master flag to add new admins
master flag is not described in OAP
- addtl master flag to revoke ?
- rename to "Org Administration"
don't show menu to OrgAdmins
- but this menu includes one addtl. link "View" that is available for Org Admins
- dupe bug# 981
bug #824 Org User cert fix
uli, Ted
bug #824 Org User cert fix
Organisation User Certificates: Need UI improvement for proper production usage
working session: needs to be removed from testserver, done
Case study{0}
bug #988 TTP cap form deployment
uli
bug #988 TTP cap form deployment
Case study
{0}
strategy plans ... next: strategy for "New Roots & Escrow"
- idea: using indirect crl's ?
- 2 crl's needed, one valid, one invalid crl server
- more infos available ? who ?
- build testserver with special certs
- Magu, Michael to send instructions for test deployment
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5)
- meetings ago we've defined Testing requirements and a potential testszenario
- to remind every meeting
- Michael: testserver environment deployment
- policy group: define requirements
- multimember escrow method ?
- needs risk analyze
- potential candidates ?
- Marcus to contacted Benedikt, will contact Thomas K
- Next step(s)
- multimember escrow method ?
- how does debian work ?
- defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
- idea: using indirect crl's ?
- CI (Update)
description to eclipse testpage, Webinar
- deployment scenario:
- create testusers
- testing
- delete testusers
- regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
- reminder
- deployment scenario:
- Jubula Test-Tool (by Michael) - update?
instructions see under Minutes meeting 2011-08-30
- test deployment needs to be continued by software testers
Jubula documentation started: Software/Jubula
- new proposal by Sven: Webdriver with Maven and Jenkins-CI
- Jubula vs. Webdriver
- testserver variants
- testserver for manual tests
- testserver of OS and application upgrades
- testserver for CI
- test methods
- unit test
- test single modules, exceptions
- integration tests
- test interaction of modules
- system tests
- complete system test, with database interactions, module interactions and much more
- unit test
- sven did some work regarding frontendtest
- roles for users: new user, user with points, assurer, admin user
- Infrastructure seperation
- info from funkfeuer.at
- proposal by mario:
- buy new machine: sample proposal alternate individual pieces: Euro 1042
- (1x Rasurbo BC-10, 1x Intel® DB65ALB3, 1x Intel® Core™ i7-2600, 4x Kingston ValueRAM DIMM 8 GB ECC, 2x Western Digital WD2002FAEX 2 TB)
- buy new machine: sample proposal alternate individual pieces: Euro 1042
- infos from meeting 2011-10-18
- other hosting providers
- hetzner: 50 euro server + setup 150 euro once + ip's: 22 euro
- funkfeuer: + ip's: unknown
- ip's needed: 24-30
- other hosting providers
- current: email discussion between board and non-critical infrastructure t/l
- next meeting: Tuesday, November 08, 2011 22:00
Minutes
bug #976 - database restructure preperation
- if ... in sql script is only possible if exist
- other specials only thru script or in stored procdures
- Michael: script pure tested, failed with addtl. if statements
- Michael: will test thru php script the next days
bug #827 - New Points calculation / Thawte patch
- PR work / newsletter - Update?
- newsletter script
- dirk: script not yet deployed, will do till weekend
- translations, reviews
newsletter translated, reviewed German revision German needs 2nd review
- newsletter script
- PR work / newsletter - Update?
- Testers workqueue
Translingo bug #985
- 985 translingo, needs 2nd test, eg mails, needs review
- no tests reported
- 894 Haeckchen bug
- no tests reported
827 new points count (15.php), needs review (-> Michael)
- 882 relates to 43.php
- transfered to critical system
- Action items from last meeting:
- Spam attack (from last meeting)
- analyze process by Michael, Marcus regarding contact form
- OTRS solution
- problem disappeared
- uli to trigger new testserver developer image
- new fixes: fixed git repository, switch apache to apache2
- to enable/start ntpdaemon (in modified image, yes)
links see under Testserver Images wiki page
- torrent with broken zip?
alternate link http://cacert.nhng.de/cacert-testserver/20111026/cacert1.it-sls.de/
- Spam attack (from last meeting)
- Build + Document Emergency Patches Path
Build + Document Emergency Patches Path
Andreas, Uli, Wytze
{0}
- Documentation written, reviewed by Wytze
- to review
- Michaels workqueue
- New function to TMS - edit notary table record
- no update
- New function to TMS - edit notary table record
- CI (Update)
- new proposal by Sven: Webdriver with Maven and Jenkins-CI
- Michael did some review: probably needs some seperation
- new proposal by Sven: Webdriver with Maven and Jenkins-CI
- Infrastructure seperation
- current: email discussion between board and non-critical infrastructure t/l
- funkfeuer needs to be contacted regarding costs for addtl. ip's
- sata consumer vs. server disks discussion
- root server hoster: hetzner, ovh
- bug 827 review
- identified 1 more problem: assurance date 2009, record displays yellow mark + italic
correction to date LT 2006-09-01 according to a20091118.1 and a20100822.1 by NEO for 15.php (bug #827) and 43.php (bug #882)
- tests with assurance dates 2006-09-02, 2006-09-01, 2006-08-31, 2006-08-30 were successful
- next meeting: Tuesday, November 08, 2011 22:00
Fixed Action Items since last or within meeting
uli
to trigger new testserver developer image
{g}
Uli
"Build + Document Emergency Patches Path" documentation
who decides that issue is an emergency patch ?
disconnect machine from network
what if a check of user data is needed?
simple case: Software Assessor requests emergency patch thru critical admin{g}
dirk
bug #882 Thawte patch/Points-Count-Order-Change project
43.php, admin console viewdisplay Assurance when field in list of assurances received, assurances given by a user in admin console interface
last update 2011-10-25
fixed, tested2 {g}
Done: Dirk, Michael, Michael
ToDo: Tedbug #827 and bug #959 Thawte patch/Points-Count-Order-Change project
15.php, users viewrelated bug 959 {g} reviewed, deployed
827 {g} reviewed, deployment in 2 steps: 15.php, 10.php
deployed, new problem, needs fixing
one fix 2011-10-18 doesnt solve the problem
needs more fixing
2011-10-25: fixed, tested1 {g}
{0}
Action Items New
Action items: Meeting Action Items
Software/Assessment/ActionItems
all
proposed Apache config SSLCipherSuite settings for CAcert SSL enabled infrastructure systems
see also BEAST migration https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
Proposal from Sysadm list 2013-09-06{0}
SA
documentation server cert design concept to SystemAdministration/Systems/Development/Prepare
{0}
all
{0}
BenBE, Marcus
documentation: developer git repos under github
bug #1131 history @ github
CAcertOrg @ github
started under Software/Assessment/Documentation/UpdateCycle/step1{0}
NEO
{0}
all
read x509 guide
{0}
all
bug#1068 blog problem (also relates to community)
debian lenny - edge - squeeze upgrades needed
alternate: new server with squeeze, install wordpress, transfer domain
workaround: configure your FF FAQ/BrowserClients{g}
uli
Experience points for ATE attendance
check board motions and/or trigger if not yet passed{0}
uli
Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18
current state: see Funding Landing Page
May 2013: tk-server sponsoring, tk-server rcvd, deployment: WIP, project not yet finished{0}
All
1. next: strategy for "New Roots & Escrow" - using indirect crl's ?
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment{0}
dirk, Michael
3. next: strategy for "New Roots & Escrow" - how does debian work?
to contact, deferred to next events (?)
next round: picked up by Benedikt new proposal 2013-06-02{0}
Uli, Michael
Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png
{0}
Development, Deployment, Discussion
OAO, Ted
bug #943 change OA admin/assurer text
needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected
{-}
uli, Ted
bug #824 Org User cert fix Case study
Organisation User Certificates: Need UI improvement for proper production usage
{0}
uli, ted
bug #823 email address removal fix
No warning when removing e-mail address from account that certificates will be revoked
checked by 4, needs 2nd review, deploy
rejected{-}
inopiae
bug #920 Join - single name only (eg Indonesian)
details under bug number
{0}
uli
bug #859 admin console interface
feature request: show activity on an account in the admin interface
rejected, certs login doesn't modify "modified" field{r}
Michael
p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
uli, marcus: needs full cert create tests
duplicate report to bug#978
tested by 3, 2nd review done, transfered
Ken reported: still has problems, bug kept open{0}
gagern, NEO
bug #440 Problem with subjectAltName (CSR, renew certs)
There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development
{r}
neo
bug #1025 Domain Dispute issue
disputes rc and rc2 var prob
needs work{r}
dirk
bug #1054 0001054: Review the code regarding the new point calculation
Thawte patch part II
needs further work{r}
Software Assessors: Review 1 / add to cacert-devel, add to testserver
Software-Assessors task
Testing
Testers task
neo
bug #1004 Stats page improvement
tested by 2, needs 2nd review
{0}
neo
Bugs #1159 it might be possible to execute commands on the signing server
{0}
inopiae
bug #1065 Wrong wording when sending mails during the assurance process
{0}
inopiae
bug #1162 calcutate (the passwords) hash in php instead of in mysql
create test scenarios for the software testers
Full testing{0}
inopiae
bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails
{0}
inopiae
bug #988 TTP cap form deployment
{0}
Software Assessors: 2nd Review, Bundle Package to Critical Team
Software-Assessors task
Ted
bug #500 Get contact mail adress after resolving test
tested by 3, requires review
{0}
Ted
bug #1140 Show if a test is passed in learnprogress
tested by 3, requires review
{0}
magu
bug #1131 Rename _all_ Policies from .php to .html and fix all links
global policy directory maintenance and update
{0}
inopiae
bug #1010 Reorder the view on organisation certificates
tested by 3
{0}
Software Assessors: Bundle Package to Critical Team
Software-Assessors task
inopiae
bug #1139 Add new fields to the database
tests through #500 and #1140, 2nd review done, requires transfer
{0}
Awaiting Response from Critical Team
inopiae
bug #411 Wrong text is made into link
{g}