. '''To Software [[Software|Software]]''' - '''To Software-Assessment [[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20120110-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20120124-S-A-MiniTOP|next meeting]]''' ---- = Minutes of the MiniTOP on the 2012-01-17 = == Setting == The MiniTOP will be held via telco 22:00 CET Attendees: dirk, marcus, uli, michael, ted == Topics == (skip to [[#AGENDA|agenda]]) Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]''' <> == Agenda == === 1. bug #985 - Move Translingo to Translations (incl. patches) === 1. Translingo [[https://bugs.cacert.org/view.php?id=985|bug #985]] . [[https://translations.cacert.org]] ([[http://translations.cacert.org/]]) (replacement for translingo) . the translingo.cacert.org had been in operation far longer, so I think it is possible that some users migrated to translingo.cacert.org, without telling us. . I would suggest to mass-mail the email addresses of the translation-project leaders in the translingo database, to inform them, and to ask them to speak up if they still need it * last foreign uploads 2008 on about 13 + cacert projects * whohas translingo server console access? * mario * req for console access for michael to contact project leaders, Updates? * Transfer In, Transfer Out problems * Update from new deployment ? * opened for: create an account can now be started * Michael current state: * import and export routine works * script to incorporate updates needs fixed * next: complete language handling needs to be updated * accept lang handler needs fix * FF de, de_de * IE 6 de, 8,9 de_de * working session within last meeting: michael, marcus * infos from meeting 2011-10-18 * pdf code needs rewrite (uni code library, move to external server (outsourcing)) * message cert notification - uses perl code, text source not avail (get bind-text-domain) * current state? * Marcus sent mailing to translators, no response so far, no tests so far (week 3) * Morten NO * Emanuel IT * current state: * create test system accounts dutch@test, espania@test and so on, let users do their tests * Magu, Marcus will give it a try * a couple of testers has started testing and reporting within the last 7 days * results: de, fr, en, pl, es, pl * last meeting: working session [[https://bugs.cacert.org/view.php?id=985|bug#985]] translingo transfer * Michael: needs 2nd review * Translations * problems that relates to blocks translations * changes into translations database * contact NEO to transfer manualy to testserver * [[https://bugs.cacert.org/view.php?id=985|bug #985]] needs 2nd review, so update script can run also on critical system * trying to assign to Ted, reviewed by Ted {{{ Did a review. I cannot judge locale/Makefile, the other changes are acceptable. I guess before a patch can be created a rebase will be necessary... }}} * comment by NEO {{{ OK, I have made a merge from release into that branch and removed the conflicts (a rebase would break fast forwarding). }}} * What is the impact? What is needed for going to production? * git potential problem solved, can be transfered to critical * Sync between translation server and critical system * make update, make upload to be started by critical admin on production console * po tool should send warning/errors, critical admin has to check on update * critical admins needs ssh key, to contact NEO * docu: new translations to add under system docu webdb * who ? * Critical team updated ssh firewall setting on critical system to pull and push updates from/to translations === 2. Patches queue === 1. bug #827 - New Points calculation / Thawte patch . [[https://bugs.cacert.org/view.php?id=827|bug #827]] * bug#827 + bug#882 to merge * close bug#882 * wot.inc.php + notary.inc.php to merge * continue with bug#827 * pojam bug to fix 1. [[https://bugs.cacert.org/view.php?id=540|bug#540]] No key usage attribute in cacert org certs anymore? * also: [[https://bugs.cacert.org/view.php?id=905|bug#905]] * Policy group discussion - Extended key usage -> [[PolicyDecisions#p20111113|p20111113]], motion CARRIED * deployment 1. prepare fixes -> Michael to prepare diffs, against svn 1. sending to testserver 1. transfer to critical system * (2011-12-13) approx 2 weeks to write the fix, approx 2 months to go * Michael did transfer the patch to testserver * signer code update * changes against svn * uli, to add to tester portal, done * uli to inform testers about new tests * test report from kenneth to transfer to report (email from 2011-12-25) * Michael: where to find the report from kenneth? link? * NEO has added the report (written to private dl) * who has adobe 8 for testing? * magu has, please test * next: needs testing (week 3) 1. [[https://bugs.cacert.org/view.php?id=1002|bug#1002]] 0001002: Contact Assurer form leaves a funny comment after sending * Michael did transfer the patch to testserver * Michael: request to alex to check, seems to be ok * next: needs testing (week 2) 1. Marcus: working session [[https://bugs.cacert.org/view.php?id=789|bug#789]] OA field extension * magu to test 1. Marcus: working session [[https://bugs.cacert.org/view.php?id=859|bug#859]] Activity on Account * Michael: needs 1st review + transfer to testserver * NEO: will check the next days (week 2) 1. [[https://bugs.cacert.org/view.php?id=440|bug#440]] Problem with subjectAltName (CSR, renew certs) * "There seems to be a problem with the subjectAltName. Dupes, missing entries, and more" * patch by gagern * Software-Assessors: needs 1st review + transfer to testserver (week 2) 1. [[https://bugs.cacert.org/view.php?id=978|bug #978]] bug 978 (weak keys) (bug 918) * invalid key format, no regular error message, something wrong, error code # identified * debugging infos from user + infos from critical team with error code #, was spkac routine * one test done 2011-12-17 by JensK * (week 5) 1. [[https://bugs.cacert.org/view.php?id=920|bug #920]] Join - single name only (eg Indonesian) * details under bug number * presented to Policy Group * first results from policy group? * dirk has made some changes in 6.php last year * there are 4 possible choices: 1. givenname 1. lastname (as current fix) 1. givenname or lastname 1. brians proposal, mononym + checkbox * dirks proposal: * make name handling more AP conform (1 line names, multiple names) * 2 possible paths: 1. allow multiple names (dirks proposal) is massive change (long term change) 1. "simple" solution (short term change) * global re-design * eg users view * 43.php, multiple views === 3. Michaels workqueue === 1. OCSP server - timeout 10 min too short, 3 days to long, recommendation is 24-48 hours max, verisign: 7 days, startssl: 2d * who has been informed, contacted? * Michael will inform Wytze * not yet written * thread relates to [[https://lists.cacert.org/wws/arc/cacert-board/2011-11/msg00021.html]] * general solved * scalability might be a problem in the future ?!? * preconfigured there is no solution * whats with EBJCA * java based * distribution solution (database replication), master server distributes to other criticial slaves, no caching function * post request includes timestamp, simple http cache probably doesn't work * engineX ? * ocsp protocol: version, requestor-name, extension, request-list * open issue, needs time for implementation * studienarbeit? bachelor arbeit? * new [[https://bugs.cacert.org/view.php?id=1001|bug #1001]] Need a way to set up redundant OCSP responders 1. New function to TMS - edit notary table record * [[https://bugs.cacert.org/view.php?id=980|bug #980]] * infos from last meeting * testers needs editing individual notary records: fields "method", "awarded", "points" * easier to create notary records with testserver (add F2F), and edit existing record, doesn't need to check for assurer-from, assuree-to and so on * Update? * Michael (2011-11-15): after some other bug reviews * TMS - certs expire handling * for testserver eg 3 days (short), 31 days (long) === 4. Dirks workqueue - The List of open / running / unhandled bugs === 1. VBscript for Vista/Win7 (select keysize >= 1024) (BlackJack) - '''reminder''' to dirk || x^1^ Dirk, new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' || current state: test /account/4.php added to testserver<
>Marcus will do detailed tests on Wed<
>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] || {0} || * as part of * x^1^ Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] / [[https://bugs.cacert.org/view.php?id=954|bug #954]] / [[https://bugs.cacert.org/view.php?id=964|bug#964]] * Current state: || {g} || pre mailing sent || || {g} || keys revocation script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]], finished || || {-} || dirk: DEV: [[Arbitrations/a20110312.1|a20110312.1]] [[https://bugs.cacert.org/view.php?id=918|bug#918]] Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' <
>vbscript needs to be improved with select box key size and lower limit to 2048 (based on [[https://wiki.mozilla.org/CA:MD5and1024]])<
>Api CertEnroll (MS crypto provider)<
>new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>current state: test /account/4.php added to testserver<
>Marcus will do detailed tests on Wed<
>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] - codename "BlackJack" || || {g} || Weak keys blog post, published || || {g} || Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30) || || {b} || weak keys: problems with cryptostick (to test at [[events/FrOSCon2011|Froscon]] with Juergen ?) || * cert enroll infos under [[https://bugs.cacert.org/view.php?id=964|bug#964]] * vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation * [[http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx]] * Marcus: added notes for Win7 [[https://bugs.cacert.org/view.php?id=964#c2249]] * dirk: has not started the virtual machine * Question from Marcus: did someone contacted illuminat? * No, Marcus: to contact illuminat * illuminat will give it a try, first needs download of testserver image * Update? * marcus: illuminat not yet seen last time * baseline requirement - keyssize >= 2048 to fix till end of 2011 * how to proceed? * dirk: 1st step, to bring win test server localy online * marcus: to contact illuminat * Do we have other developers who may pick up this project? * Marcus -> dirk: announcement of vbscript bug to developers mailing list * change keysize * merge 2 scripts to one * fix on script 1 needs fix in 2nd script too, solutions: include, one file, or comment fix script 2 too * interrupt: [[https://bugs.cacert.org/view.php?id=964|bug#964]] -> codename "BlackJack" * relates to IE8 problem, that certs cannot be created * is there a security issue with available fix? also [[https://bugs.cacert.org/view.php?id=918|bug#918]] * related 927, 901, 847 * a patch is online on testserver, but cannot found * related patch files, /pages/account/ 3,4,16,17; /include/account.php * there are other vbscript pages: ../account/ 6 + 19 * Brian [[https://bugs.cacert.org/view.php?id=964|bug#964]] * Michael: Marcus to test with IE * IE select provider only * code from Brian needs some corrections, corrections to do, 4 + 17 inclusions, checkin * notification to Brian, done * quickfix has problems too * next step(s) * check error codes / debug routines * open developer mode, create cert * resulting error: line 213, put length, wrong parameter {{{ Zeile: 213 Fehler: CertEnroll::CX509PrivateKey::put_Length: Falscher Parameter. 0x80070057 (WIN32: 87) Zeile 213: objPrivateKey.Length = &h08000000 }}} === 5. General Bugs List Overview === 1. Bugs to Review #1, transfer to testserver - Currently '''5''' || uli || [[https://bugs.cacert.org/view.php?id=977|bug #977]] admin console text fix || admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue || {0} || || uli || [[https://bugs.cacert.org/view.php?id=967|bug #967]] OA isassurer check || Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer || {0} || || uli || [[https://bugs.cacert.org/view.php?id=859|bug #859]] admin console interface || feature request: show activity on an account in the admin interface, new update /!\ || {0} || || inopiae || [[https://bugs.cacert.org/view.php?id=981|bug #981]] OA overview (dupe of [[https://bugs.cacert.org/view.php?id=943|bug #943]]) || New layout of view for Organisation Administraors in account/id35 || {0} || || gagern || [[https://bugs.cacert.org/view.php?id=440|bug#440]] Problem with subjectAltName (CSR, renew certs) || There seems to be a problem with the subjectAltName. Dupes, missing entries, and more || {0} || 1. Bugs under testing: - Currently '''4''' || uli || [[https://bugs.cacert.org/view.php?id=855|bug #855]] admin console interface "unknown" + "empty" assurance method fields, needed for correct testing on testserver || admin console lists "empty" and "Unknown" assurance types on listing given Assurances || {0} || || Michael || [[https://bugs.cacert.org/view.php?id=978|bug #978]] bug 978 (weak keys) (bug 918) || invalid key format, no regular error message, something wrong, error code # identified<
>debugging infos from user + infos from critical team with error code # <
>was spkac routine || {0} || || Michael || [[https://bugs.cacert.org/view.php?id=540|bug #540]] || p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing || {0} || || Michael || [[https://bugs.cacert.org/view.php?id=1002|bug #1002]] || 0001002: Contact Assurer form leaves a funny comment after sending || {0} || 1. Needs 2nd review + transfer to Critical team, to bundle, to deploy - Currently '''2''' * define priority eg. 10,2, and so on, proposed order: from 1 to 10 || 7 || uli, ted || [[https://bugs.cacert.org/view.php?id=789|bug #789]] OA edit domain fix || Editing domain for organisations does not work<
>new update 2011-09-26<
>more fixes, more testing<
> * testcase scenario<
> * open org, edit 1st domain in new window, edit 2nd domain in new window<
> * results in: change made in window 2, written to record in window 2<
> * needs cross checking || {0} || ? / u7 / m7|| || 2 || neo || [[https://bugs.cacert.org/view.php?id=985|bug #985]] move translingo to translations || check language settings under testserver || {0} || 2 || 1. Needs development, deployment, discussion, reminder 1. [[https://bugs.cacert.org/view.php?id=835|bug #835]] Migrate CATS onto testserver || [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver) || asssigned to Ted, CATS to install on ca-mgr1, awaiting deployment || {0} || 2. [[https://bugs.cacert.org/view.php?id=964|bug#964]], [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] Codename "BlackJack" || Brian || new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' || some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>current state: first review, add to testserver || {0} || === 6. Long term projects === 1. strategy plans ... next: strategy for "New Roots & Escrow" 1. idea: using indirect crl's ? * 2 crl's needed, one valid, one invalid crl server * more infos available ? who ? 1. build testserver with special certs 1. Magu, Michael to send instructions for test deployment * indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5) * meetings ago we've defined Testing requirements and a potential testszenario * to remind every meeting * Michael: testserver environment deployment * Michael will review after Certs extension policy group vote * Michael: VM + OS builtup for CRL server tests (WIP) 1. policy group: define requirements * multimember escrow method ? * needs risk analyze * potential candidates ? * Marcus to contacted Benedikt, will contact Thomas K * Next step(s) 1. CI (Update) 1. [[http://live.eclipse.org/node/1031|description to eclipse testpage]], [[http://adobedev.adobe.acrobat.com/p4101brizwr/|Webinar]] * deployment scenario: 1. create testusers 1. testing 1. delete testusers * regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed * reminder 1. Jubula Test-Tool (by Michael) - update? * [[http://www.eclipse.org/jubula/download.php]] * instructions see under [[Software/Assessment/20110830-S-A-MiniTOP#Minutes|Minutes meeting 2011-08-30]] * Jubula documentation started: [[Software/Jubula]] * not performant as needed over internet, testing stopped. 1. new proposal by Sven: Webdriver with Maven and Jenkins-CI 1. sven did some work regarding frontendtest (Webdriver with Maven and Jenkins-CI) * Michael did some review: probably needs some seperation * [[https://github.com/Weltraumschaf/cacert-frontendtests|raw source]] * [[https://github.com/Weltraumschaf/cacert-frontendtests/blob/master/src/test/java/org/cacert/frontendtests/LoginTest.java|one implemented test case]] * needs building a team, sven + 2 others, to be forced and pushed forward * active people have to work with this framework a. write a testunit that triggers the bug a. write a bugfix a. start regression test 1. Infrastructure seperation 1. CAcert Inc statement - received 1. Hosting/Housing Provider * 2011-12-01: Vienna response * questions answered 1. contacting secure-u, oophaga started? * Frank, Mario, Ted, Uli, Sebastian ? * Secure-u started 2011-12-19, awaiting response 1. Hardware * alternate solutions * offer Frank a) 80 w, too high * b) IBM eServer xSeries 335 (Model-Type 8676-61X) => pentium4 * doesn't fit power consumption * uli: luxemburg connection, will try 1st week in january * 2 way path: search sponsors for money, search hardware sponsors * level after netburst * sample TK config: 1626.90€ + 117.30€ (1750) * includes: Intel Xeon 4-Core E3-1260L 2,4GHz 8MB 5GT/s, 16 GB ECC DDR3 1333-RAM, 4x 500 GB SATA II WD Raid * fund rising project 1. Helping CAcert * How does recruitment work? * Newsletters, recuring notifications * Fosdem -> focus on Nucleus events * Recruitment on events? * Recruitment page eg [[events/Recruitment]], [[HelpingCAcert]], Jobs * Flyers? * re-design main page: * dirk: 3 news, upcoming events * michael: * * rss-feed script modification is simple * main page cms page, login to secure area (portal project) * public: www.cacert.org * secure1: www.cacert.org * secure2: secure.cacert.org 1. Discovery II [[Arbitrations/a20110118.1|a20110118.1]] discussion * still running * who should receive infos? list of appropiate recipients listed in discovery II table * possible software solutions: a. triggered info mailing eg board-private mailing list + support a. view page with current results (like hidden stats page?) * [[https://bugs.cacert.org/view.php?id=1003|bug#1003]] Provide a possibility to regularly review the permissions in the system 1. Affilates program - topic for SA ? * currently not * planned income projects by CAcert Inc * new portal (Benedikt, Karsten working on it) * critical / non-critical systems * non-critical portal - with login link to critical secure.cacert.org * cms system: own user base? * critical system userid includes @, cms userid does not include @ * cms login adding userid from critical system may result in security leak that account data can be collected (MITM) * affiliate link to each event (template) 1. addtl. link under main ads 1. CAP Form redesign for upcoming events * Fosdem * Cebit * Chemnitzer Linuxtag * CAP forms have no bank account infos * CAP form redesign 1. "NEO projects" 1. architecture/design (aka Birdshack design) 1. signer rewrite * cabforum, blacklist implementation * needs a rewrite, protocol isn't that reliable as required/needed * problems in current design: eg count of days a cert expires will be transfered from client to server * multiple servers (staging/scaling/load balancing) * problems in current design: eg OpenSSL and multithreading 1. Vendor-Api / New Assurers Portal * Marcus sent some proposals * A team is working on a Portal project (Carsten, Marcus) === 7. next meeting === * Tuesday, January 24, 2012 22:00 == Minutes == 1. Experience points for ATE attendance * requirements to upgrade database schema * co-auditor has the list of primary email addresses by co-audits * currently technical not possible, needs coding, database upgrade * AP references subpol TTP and/or PoJAM, references co-audit, with reference to AH {{{ AP 4.4 Additional Experience Points may be granted temporarily or permanently to an Assurer by CAcert Inc.'s Committee (board), on recommendation from the Assurance Officer. }}} * There are other policy requirements, that also needs to be implemented * Exp. pts has low priority: tasks with highest priority: Thawte points removal (6.php), TTP (+TOPUP), then others * add note to AH: (currently technical not possible) 1. Thawte points removal, final step * relates to 6.php * this also relates to TTP * dirk will work on this upcoming weekend === 1. bug #985 - Move Translingo to Translations (incl. patches) === 1. Translingo [[https://bugs.cacert.org/view.php?id=985|bug #985]] . [[https://translations.cacert.org]] ([[http://translations.cacert.org/]]) (replacement for translingo) . the translingo.cacert.org had been in operation far longer, so I think it is possible that some users migrated to translingo.cacert.org, without telling us. . I would suggest to mass-mail the email addresses of the translation-project leaders in the translingo database, to inform them, and to ask them to speak up if they still need it * last foreign uploads 2008 on about 13 + cacert projects * whohas translingo server console access? * mario * req for console access for michael to contact project leaders, Updates? * Transfer In, Transfer Out problems * Update from new deployment ? * opened for: create an account can now be started * Michael current state: * import and export routine works * script to incorporate updates needs fixed * next: complete language handling needs to be updated * accept lang handler needs fix * FF de, de_de * IE 6 de, 8,9 de_de * working session within last meeting: michael, marcus * infos from meeting 2011-10-18 * pdf code needs rewrite (uni code library, move to external server (outsourcing)) * message cert notification - uses perl code, text source not avail (get bind-text-domain) * current state? * Marcus sent mailing to translators, no response so far, no tests so far (week 3) * Morten NO * Emanuel IT * current state: * create test system accounts dutch@test, espania@test and so on, let users do their tests * Magu, Marcus will give it a try * a couple of testers has started testing and reporting within the last 7 days * results: de, fr, en, pl, es, pl * last meeting: working session [[https://bugs.cacert.org/view.php?id=985|bug#985]] translingo transfer * Michael: needs 2nd review * Translations * problems that relates to blocks translations * changes into translations database * contact NEO to transfer manualy to testserver * [[https://bugs.cacert.org/view.php?id=985|bug #985]] needs 2nd review, so update script can run also on critical system * trying to assign to Ted, reviewed by Ted {{{ Did a review. I cannot judge locale/Makefile, the other changes are acceptable. I guess before a patch can be created a rebase will be necessary... }}} * comment by NEO {{{ OK, I have made a merge from release into that branch and removed the conflicts (a rebase would break fast forwarding). }}} * What is the impact? What is needed for going to production? * git potential problem solved, can be transfered to critical * Sync between translation server and critical system * make update, make upload to be started by critical admin on production console * po tool should send warning/errors, critical admin has to check on update * critical admins needs ssh key, to contact NEO * docu: new translations to add under system docu webdb * who ? * Critical team updated ssh firewall setting on critical system to pull and push updates from/to translations * recuring pootle tests every night, dayly notes to mailing list 1. Bring TTP assurances up to running * requirement: make 855 active on production * TTP-caps can be build by TTP-admins offline, not for public distribution !! || uli || [[https://bugs.cacert.org/view.php?id=855|bug #855]] admin console interface "unknown" + "empty" assurance method fields, needed for correct testing on testserver || admin console lists "empty" and "Unknown" assurance types on listing given Assurances || {0} || * uli to add test report * needs 2nd review by dirk, ted, markus, pg - ted will do within the upcoming days, probably Thursday 1. [[https://bugs.cacert.org/view.php?id=540|bug#540]] No key usage attribute in cacert org certs anymore? * also: [[https://bugs.cacert.org/view.php?id=905|bug#905]] * uli, marcus: needs full cert create tests 1. Infrastructure Separation * new hardware -> leasing? 1. [[https://bugs.cacert.org/view.php?id=1002|bug#1002]] 0001002: Contact Assurer form leaves a funny comment after sending * Michael did transfer the patch to testserver * Michael: request to alex to check, seems to be ok * tested by 2, needs 2nd review + deploy (week 2), ted? 1. [[https://bugs.cacert.org/view.php?id=978|bug #978]] bug 978 (weak keys) (bug 918) * invalid key format, no regular error message, something wrong, error code # identified * debugging infos from user + infos from critical team with error code #, was spkac routine * one test done 2011-12-17 by JensK * (week 5) * uli, marcus: more tests: certs routine, weak keys (small keys test), relates to [[https://bugs.cacert.org/view.php?id=540|bug#540]] tests 1. OCSP server - timeout 10 min too short, 3 days to long, recommendation is 24-48 hours max, verisign: 7 days, startssl: 2d * after all the modifications done, accecss to ocsp server has a hickup, sometimes, sporadic * Michael: no idea 1. VBscript for Vista/Win7 (select keysize >= 1024) (BlackJack) - '''reminder''' to dirk || x^1^ Dirk, new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' || current state: test /account/4.php added to testserver<
>Marcus will do detailed tests on Wed<
>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] || {0} || * current state: an undef error with current patch * we need someone who has experience with vbscript, to come into telco, reviews interface/api beforehand * illuminat: not before eastern * marcus: will ask users on assurance party tommorow 1. CI (Update) 1. new proposal by Sven: Webdriver with Maven and Jenkins-CI 1. sven did some work regarding frontendtest (Webdriver with Maven and Jenkins-CI) * Michael did some review: probably needs some seperation * [[https://github.com/Weltraumschaf/cacert-frontendtests|raw source]] * [[https://github.com/Weltraumschaf/cacert-frontendtests/blob/master/src/test/java/org/cacert/frontendtests/LoginTest.java|one implemented test case]] * needs building a team, sven + 2 others, to be forced and pushed forward * active people have to work with this framework a. write a testunit that triggers the bug a. write a bugfix a. start regression test * what do we want? * is this our direction? * does this fit to our requirements? * someone needs time to do a deep review * long term view: * developers needs to become familiar with the automated testing system to write also the test scripts * software-assessors to review test results 1. Foundations * dst files for logos 1. Discovery II [[Arbitrations/a20110118.1|a20110118.1]] discussion * still running * who should receive infos? list of appropiate recipients listed in discovery II table * possible software solutions: a. triggered info mailing eg board-private mailing list + support a. view page with current results (like hidden stats page?) * [[https://bugs.cacert.org/view.php?id=1003|bug#1003]] Provide a possibility to regularly review the permissions in the system * motion from last board meeting (not avail yet), carried {{{ It is moved that Board or a representative asks the persons responsible for an up-to-date copy of all access lists as specified in the Security Policy §3.4.2 including OA }}} 1. next meeting: Tue 24th ==== Fixed Action Items since last or within meeting ==== ---- ==== Action Items New ==== || uli || Experience points for ATE attendance || add note to AH: (currently technical not possible) || {0} || || uli || Experience points for ATE attendance || check board motions and/or trigger if not yet passed || {0} || || uli || Experience points for ATE attendance || check bug tracker for bug# and/or add new || {0} || || uli, marcus || [[https://bugs.cacert.org/view.php?id=540|bug#540]] No key usage attribute in cacert org certs anymore? || uli, marcus: needs full cert create tests<
>set relation to bug #978 || {0} || || uli, marcus || [[https://bugs.cacert.org/view.php?id=978|bug #978]] bug 978 (weak keys) (bug 918) || invalid key format, no regular error message, something wrong, error code # identified<
>debugging infos from user + infos from critical team with error code #, was spkac routine<
>one test done 2011-12-17 by JensK, (week 5)<
>uli, marcus: more tests: certs routine, weak keys (small keys test), relates to [[https://bugs.cacert.org/view.php?id=540|bug#540]] tests<
>set relation to bug #540 || {0} || Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]''' <> ---- . CategorySoftwareAssessment