Team Reports 2019
Team Leaders are encouraged to present a report for their team. (alphabetic order)
17 = Text from 2017, please replace!
booking.com – Hotel-buchen-Portal
This webshop with T-shirts, caps, mugs and more is run by secureU, a partner association from CAcert in Germany. The benefit is sent to us or used to pay bills for us.(Ru)
Since April 2018, CAcert has Amazon Affiliates links. Unfortunatley, there are different links for each different language/shop:
On the wiki, we have Google Ads on the top corner. To help CAcert, please allow your adblocker to show this ads. They are small, discrete and do not disturb you while writing or reading on the wiki.
Critical System Administrator Team
Day to day operation
Regular system administration activities resulting in site visits or software updates of one or more of the critical systems are dutifully reported on the public systemlog mailinglist firstname.lastname@example.org with archives kept at https://lists.cacert.org/wws/arc/cacert-systemlog We refer the interested reader to those resources rather than duplicating or summarizing the information here.
The interest in CAcert is diminishing, not only within the user base, but also with the Critical System Administrator team. Besides general market circumstances there is also a major problem emerging due to the aging of the CAcert application code.
Without a fully functioning CAcert software development team, hardly any changes to the application code have occurred in the past three years. Thus the CAcert application (written in PHP) is locking CAcert into an old and soon obsolete version of the Debian OS. In April 2018 we did complete the upgrade of the webdb server to Debian Jessie, at that time the "oldstable" release from Debian. As predicted in last year's report: this causes a permanent stream of PHP warning messages in the Apache logfiles, because the application code is using obsoleted constructs. Due to the release of Debian Buster in July 2019, the Jessie release has dropped now even behind the "oldstable" state. But an upgrade to Debian Stable or Oldstable is not possible with the current PHP code base, due to its dependency on an obsolete mySQL database interface layer, which is not supported anymore in the PHP version bundled with Debian Stretch, the current Debian Oldtable.
Without the ability to upgrade the application platform to a well-maintained version of Debian, the Critical System Administrator Team will be unable to take responsibility in the near future for the safe and correct operation of CAcert's main server, the web application and database server.
Team change (November 2019)
In April 2019 we announced in https://lists.cacert.org/wws/arc/cacert-board/2019-04/msg00002.html that we did not see a sound perspective for continuing CAcert in its current form. After waiting six weeks for a clear decision of the board to shutdown, we announced that the full team would resign by September 1, 2019. On August 30 we received a request to allow some flexibility in that date, which we did by extending the final date to November 1, 2019. Lo and behold, on that date we did transfer all knowledge and secrets of the CAcert critical systems to the new team leader Dirk Astrath in a six-hour session at BIT, Ede (https://lists.cacert.org/wws/arc/cacert-systemlog/2019-11/msg00001.html). You will probably read more about that in next year's team report ...
- CAcert had a booth at FrOSCon (DE) August 2019 (next to secure-u).
- On Fosdem (BE) we were not able to get a booth, but Dirk was present with CAcert-clothing at the infodesk.
Unfortunately, there was no ?OpenRheinRuhr (DE) exhibition taking place this year.
Currently the team is quite small, any help to increase the team is appreciated. (As)
This year we finally managed to upgrade our infrastructure host (Infra02) to the current Debian 10 (Buster) OS release. This provides a much more modern LXC (0.7 -> 3.0.3) and OS kernel (4.19) as well as improvements in other areas like firewalling. The full announcement of the upgrade can be read in the cacert-sysadm mailing list archive.
After this huge improvement a few more upgrades have been done. Our board voting system has been moved away from the aging community system to its own container and is now available at https://motion.cacert.org/. The community email system at email.cacert.org has been upgraded from Debian 5 to Debian 10 and has a much newer Postfix and Dovecot setup than before supporting modern TLS versions and cipher suites. A new community (webmail) system is still work in progress and will hopefully be finished later this year.
All new systems are now managed via Puppet and the Puppet code can be found in a public Git repository. We have now 17 systems that are managed by Puppet by at least some degree, the new systems have all their services setup via Puppet which should become the standard way of doing system administration in the future.
We had a lot of interest in system administration tasks after the call for help sent out by board/secretary and I (Jan) added some information about what could need help in the Infrastructure Team section of the Wiki. I wrote a longer response to the CAcert sysadm volunteer list to explain in which areas help is needed.
-- JanDittberner 2019-10-27 20:14:31
New Root & Escrow Project (NRE)
Organisation Assurance Team
- After 2k mailing for new staff we got a reply from a CAcert Assurer in Pennsylvania, USA. He seems very encouraged to help and I'm trying.
- Another interested member was giving up. He was no Assurer yet and had difficulties finding an Assurer: No listed Assurer replyed to his request.
- Anyone willing for networking and building a team and exchange ideas really helps as I got overworked in the past few months.
- The former PR officer, together with the secretary, is active on the various communication channels as twitter, blog, mailing lists and social networks. Furthermore a small group of two took over the "CAcert for dummies" project and started writing first chapters. I currently cannot present new chapters as I'm completely overworked during last months. Eventually this gets better in the beginning of the new year and I can continue.
We are looking especially for native speakers in english and spanish who like to help practically in terms of giving ideas, writing text, and translate text into their language for blog posts, Twitter and social media as well as articles for news and magazines. Any voluntary please talk to email@example.com or write to firstname.lastname@example.org.
- Todo: Current list of Affiliate Links should be promoted again and made publicly visible for better support.
Software Development Team
Translation / Localisation
CATS is now available in Czech. A French translation is waiting for review (for several months now).