. '''To Software [[Software|Software]]''' - '''To Software-Assessment [[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20120918-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20121002-S-A-MiniTOP|next meeting]]''' ---- = Minutes of the MiniTOP on the 2012-09-25 = == Setting == The MiniTOP will be held via telco 22:00 CEST Attendees: uli, benbe, timo, Marcus, Michael, dirk == Topics == (skip to [[#AGENDA|agenda]]) Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]''' <> <> == Agenda == ## last full agenda https://wiki.cacert.org/Software/Assessment/20120228-S-A-MiniTOP === 1. Preface === === 2. DEV on bug 1023/1054 "Thawte Patch" === * "Thawte points removal, final step" [[https://bugs.cacert.org/view.php?id=1023|bug #1023]] * bug #1023 Testing (6.php) * last patch transfered to production system 2012-05-30 * what are the next steps for thawte points revoke? * points settings codes eg 50 pts open gpg/pgp, which certs avail by how many pts * 15.php needs rename to 10.php * next step in: [[https://bugs.cacert.org/view.php?id=1054|bug #1054]] Review the code regarding the new point calculation in ./includes/general.php (current state: testing) * email debug notification, search for other solution * testing scenarios: see [[https://bugs.cacert.org/view.php?id=1054#c3163|bug note c3163]] * some explanations * assure someone - f2f, ttp, the sentence "Only tick the next box if the Assurance was face to face" is conflicting, fixed * new patches by dirk, pushed to cacert-devel, (update 2012-09-18) * tverify removed (?) * merge conflict with account id 60 (eg email removal), see [[https://bugs.cacert.org/view.php?id=823|bug #823]] * max_points() routine replaced by new max_points() routine * get_assurer_status(), output_summary_content() with parameter 0 replaced by max_points() * received_points() === 3. 2nd review of about again 4 remaining patches === ||<#ff8080> '''Software-Assessors task''' || 1. Benny pre-views done || neo || [[https://bugs.cacert.org/view.php?id=978|bug #978]] Invalid SPKAC requests are not properly validated || recheck full certs signing procedures<
>duplicate report to bug#540 || 5 {0} || * from meeting 2012-07-17: * 5 patches reviewed * 3 simple, bugs 540 (fixed), 789 (fixed), 981 (reviewed) * 2 with some difficultys, 978 (related to bug#540), complexest one: 1024 (reviewed) 1. [[https://bugs.cacert.org/view.php?id=978|bug #978]] bug 978 (weak keys) (bug 918) * invalid key format, no regular error message, something wrong, error code # identified * debugging infos from user + infos from critical team with error code #, was spkac routine * one test done 2011-12-17 by JensK * uli, marcus: more tests: certs routine, weak keys (small keys test), relates to [[https://bugs.cacert.org/view.php?id=540|bug#540]] tests * (week 7) 1. [[https://bugs.cacert.org/view.php?id=1004|bug#1004]], stats, Marcus + Uli did some tests, one problem identified, fixed 2012-08-25 by NEO * fully re-tested by 2: 2012-08-25 (at froscon) 1. [[https://bugs.cacert.org/view.php?id=1091|bug #1091]] contact assurer improvement * 2nd review still started by dirk two times within last 3 weeks || neo || [[https://bugs.cacert.org/view.php?id=1091|bug #1091]] contact assurer improvement || tested by 2, needs 2nd review || {0} 1 || || neo || [[https://bugs.cacert.org/view.php?id=978|bug #978]] Invalid SPKAC requests are not properly validated || recheck full certs signing procedures<
>duplicate report to bug#540 || 5 {0} || || neo || [[https://bugs.cacert.org/view.php?id=1004|bug #1004]] Stats page improvement || tested by 2, needs 2nd review || {0} || || neo || [[https://bugs.cacert.org/view.php?id=860|bug #860]] someone accessed your password and secret questions notification || tested by 2, needs 2nd review || {0} || || gagern, neo || [[https://bugs.cacert.org/view.php?id=440|bug #440]] Problem with subjectAltName || tested, needs 2nd review || {0} || === 4. Patches Overview - Testing === 1. [[https://bugs.cacert.org/view.php?id=835|bug #835]] CATS test on testserver [[http://cats1.it-sls.de/]] * create client cert * go over to [[http://cats1.it-sls.de/]] pass a cats test * inform Ted to trigger a transfer of the tests to the testserver * check if CATS test passed to testserver * test with different accounts I. members age GT 18 a. member < 100 pts, pass the CATS test a. member >= 100 pts, pass the CATS test I. members age GT 14 and LT 18 a. member < 100 pts, pass the CATS test a. member >= 100 pts, pass the CATS test I. members age LT 14 a. member < 100 pts, pass the CATS test a. member >= 100 pts, pass the CATS test * finish and report the tests, no need to transfer to production 1. Problem with subjectAltName: bugs: [[https://bugs.cacert.org/view.php?id=440|bug #440]], [[https://bugs.cacert.org/view.php?id=1054|bug #1054, test 1054.3.6]], [[https://bugs.cacert.org/view.php?id=1035|bug #1035]] * create several types of certs (client certs, server certs, org client certs, org server certs) and analyse the content of the certs -> subjectAltName and CN with single SAN and multiple SANs * renew the certs 1. [[https://bugs.cacert.org/view.php?id=922|bug #922]] missing "certificate about to expire" messages * you can use previous test to also check "certificate about to expire" messages 1. [[https://bugs.cacert.org/view.php?id=964|bug #964]] and [[https://bugs.cacert.org/view.php?id=1017|bug #1017]], relates also to [[https://bugs.cacert.org/view.php?id=1054|bug #1054, test 1054.3.6]] - Chrome certificate enrollement (relates to #964 "Black Jack") * create client certs, go to signing routine * new routine with 3 different potential signed public key download routines /account.php?id=6 list 3 options a. Install the certificate into your browser (tested) a. Download the certificate in PEM format a. Download the certificate in DER format 1. [[https://bugs.cacert.org/view.php?id=1054|bug #1054]] (Thawte patch) tests passed ? 1. Marcus Bugs list * see [[Software/BugsOverview]] 1. new [[https://bugs.cacert.org/view.php?id=1095|bug #1095]] "Problems with creating server sertificate where the csr is created with Java SDK Tools" * cmdline sample: keytool -genkey -alias test.test.net -keyalg RSA -keystore test.test.net.ks -validity 1095 * NEO couldn't reproduce the problem using keytool, tested against production and testserver === 5. New SA candidates and Coders === 1. ABC Benny - possible Itzehoe (2012-09-14), mrmcd (2012-09-08) or other events before 2012-08-10 - 2012-08-11 BarCamp kiel * [[Arbitrations/a20120703.1|ABC Benny]] passed/closed 1. Heino, not yet prepared, needs first contact 1. How to find coders? Experiences from the Gentoo project * [[http://redmonk.com/dberkholz/2012/07/10/how-to-recruit-open-source-contributors/]] * [[http://www.slideshare.net/dberkholz/lessons-on-recruiting-open-source-contributors-from-the-google-summer-of-code]] * use as blueprint for other recruits? 1. report from last board meeting - topic Arbitration * is added to upcoming [[Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20120819|board meeting 2012-08-19]] === 6. Long Term Projects === 1. NEO: "BlackJack" [[https://bugs.cacert.org/view.php?id=964|bug #964]] * how does [[https://bugs.cacert.org/view.php?id=1017|bug #1017]] relate to this bug? * NEO: "BlackJack" [[https://bugs.cacert.org/view.php?id=964|bug #964]] testing from last week -> error codes * started implementing 1. Marek's sql class project: * is working on charset replacement 1. api project, Carsten continues with portal project not waiting for vendor-api to be delivered * vendor-api delayed * no coders * other projects * related to sql class project * portal project continues with a workaround, needs an assurer * arbitration case on locations database orders outsourcing of find-an-assurer asap * with portal function, update of data is possible vs. update of data on critical system is difficult (keep data current for assurers) * relation to location database 1. website find an assurer 1. scripted mailing for ATE invitations * user check that data is still valid eg every 1 year * notification at login upto 6 months not online * notification by email if not logged in within last 6 months 1. Automated testing system * Timo: Unit-test testsystem, phpunit jenkins * [[http://ci.partkeepr.org/job/PartKeepr/]] * [[https://github.com/NEOatNHNG/cacert-frontendtests]] * can we merge both environments? frontend tests and unit tests? === 7. next meeting === * Tuesday, October 2nd, 2012 22:00 CEST == Minutes == 1. Preface 1. BenBe reviewed repo changes from within last 2 weeks * found bug #1023 "Thawte Patch" changes * mysql query, bug 967 1e98bc7a * includes/account.php: lines 2295, 2296; related to line 2259 ? * new function to document (description, input parameters, output parameters) 1. timo: signer monitoring? 1. BenBE: 453ad50d line 77: is there a missing [=] ??? 1. scripted mailings source (with win-line-endings), can be removed after some time 1. commit message: bug text 1. bug 1054 "Thawte Patch" testing * u60 stumbled over bug 440, 1017, 1035 bugs in testing * parse routines, get_alt, get_cn checks domains etc 1. bug 440 review -> dirk * not started, not finished 1. neo sent msi package for testing to u60, benbe {{{ >openssl sha1 CAcert_Root_Certificates.msi SHA1(CAcert_Root_Certificates.msi)= f95043eb19828d3d1bce671dbc944c80cf41ba16 >openssl dgst -sha256 CAcert_Root_Certificates.msi SHA256(CAcert_Root_Certificates.msi)= c59901773f79929e675e9ebc1ac4d723a02220fcc4465304bab4557305ba8cf4 }}} 1. [[https://bugs.cacert.org/view.php?id=922|bug #922]] missing "certificate about to expire" messages * notification expected: 1d, 15d, 30d, 45d 1. new [[https://bugs.cacert.org/view.php?id=1095|bug #1095]] "Problems with creating server sertificate where the csr is created with Java SDK Tools" * cmdline sample: keytool -genkey -alias test.test.net -keyalg RSA -keystore test.test.net.ks -validity 1095 * NEO couldn't reproduce the problem using keytool, tested against production and testserver * identified as weak key usage: csr used MD2 encryption, not or no longer supported by openssl 1. NEO: "BlackJack" [[https://bugs.cacert.org/view.php?id=964|bug #964]] * how does [[https://bugs.cacert.org/view.php?id=1017|bug #1017]] relate to this bug? * NEO: "BlackJack" [[https://bugs.cacert.org/view.php?id=964|bug #964]] testing from last week -> error codes * started implementing * cert signing routine * ie5 ie6 automatic storage of signed key in local keystore * doesn't work under vista, win7 * msi package is to download and import the keys to the local keystore under vista, win7 * relates to [[https://bugs.cacert.org/view.php?id=1099|bug #1099]] but is quite different 1. next meeting * Tuesday, October 2nd, 2012 22:00 CEST ==== Fixed Action Items since last or within meeting ==== ==== Action Items New ==== Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]''' ---- . CategorySoftwareAssessment