Team Reports 2020

Team Leaders are encouraged to present a report for their team. (alphabetic order)


19 = Text from 2019, please replace!

AffiliateProgramme

booking.com

booking.com – Hotel-buchen-Portal

spreadshirt.de

This webshop with T-shirts, caps, mugs and more is run by secureU, a partner association from CAcert in Germany. The benefit is sent to us or used to pay bills for us.(Ru)

Amazon

Since April 2018, CAcert has Amazon Affiliates links. Unfortunatley, there are different links for each different language/shop:

Google

On the wiki, we have Google Ads on the top corner. To help CAcert, please allow your adblocker to show this ads. They are small, discrete and do not disturb you while writing or reading on the wiki.


Arbitration


Assurance


ATE


Audit Team


Critical System Administrator Team

The critical team changed in November 2019 from Wytze, Mendel and Martin. Since then Joost and Dirk are members of the critical team.

Many many thanks for the work the former team members did over all the years.

=== On-site work ===

There had been two visits at the BIT data center in 2019/2020:

On the first visit there was the handover of the old critical team to Dirk. It took some time to get familiar with the setup afterward with the help of Wytze.

The second visit was in May to replace the broken signer hardware (and to do other maintenance tasks).

=== Outages of critical hard/software ===

We had a short outage of www.cacert.org in January, which was resolved by Access Team by doing a power-cycle (as requested by Critical Team remotely).

At the beginning of the Corona-Pandemic the signer broke, which caused some more issues: After we detected remotely, that the hardware did not consume power anymore, there was the decision to find a replacement machine before a visit at the data center takes place.

Due to corona-based delays the signer was offline for around 6 weeks until the hardware arrived, was prepared and a visit at the data center following our security guidelines was possible.

=== Day to day operation ===

Regular system administration activities resulting in site visits or software updates of one or more of the critical systems are dutifully reported on the public systemlog mailinglist cacert-systemlog@lists.cacert.org with archives kept at https://lists.cacert.org/wws/arc/cacert-systemlog . We refer the interested reader to those resources rather than duplicating or summarizing the information here.

=== Current status ===

The web service has gone without application maintenance for 3 years now, and is now left to run on an oldstable Debian distro with limited security patching. As time continues, that distro will become unsupported, leaving CAcert in a non-maintainable state.

=== Future outlook ===

To avoid any outages of the critical infrastructure there there is a decision to activate sun1 again and to add a second signer machine (hot standby) to the environment.

But ...

Without a fully functioning CAcert software development team, no changes to the application code have occurred in the past three years. Thus the CAcert application (written in PHP) is locking CAcert into an old and soon obsolete version of the Debian OS. In April 2018 we did complete the upgrade of the webdb server to Debian Jessie, the "oldstable" release from Debian. As predicted in last year's report: this causes a permanent stream of PHP warning messages in the Apache logfiles, because the application code is using obsoleted constructs. But an upgrade to Debian Stable is not possible with the current PHP code base, due to its dependency on an obsolete mySQL database interface layer, which is not supported anymore in the PHP version bundled with Debian Stretch, the current Debian Stable.

Without the ability to upgrade the application platform to a well-maintained version of Debian, the Critical System Administrator Team will be unable to take responsibility in the near future for the safe and correct operation of CAcert's main server, the web application and database server. (da)


=== Access Team ===

There had been three visits at the datacenter in FY 2019/2020:

The handover to new critical team in November 2019.

Doing a power cyle on sun2 in January 2020 as requested by Critical Team. Critical team was then able to access the hardware again via remote console to activate the services again.

As all access team members were limited due to corona-restricions a new member (without selfstanding access) was added to the team temporary, so necessary maintenance-tasks and replacement of the signer machine was possible in May. (da)


Education


EventsTeam

CAcert had a booth at Froscon 2019 with secure-u. The interest at CAcert is still active, but moved from "server certificate"-requests to "client certificate"-request (identity).

For other events there was no application due to personal and time limitations.

Currently the events team is quite small, any help to help the events-team is appreciated. (da)


Infrastructure

A new (refurbished) server was offered by abilit.eu, which is currently running outside of the datacenter.

This usage of this infra03-server will be to take some load of infra02, so both servers can act as a backup to each other. It will be installed at the datacenter at the next visit of the critical team.

Several virtual infrastructure servers had been update to more recent software and added to Puppet.

Currently there is a progress to add new members to the infrastructure-team (and maybe to Critical Team). (da)


New Root & Escrow Project (NRE)


Organisation Assurance Team


Policy Group


PublicRelations


Software Development Team

Within the FY 2019/2020 no new patches had been installed on our WebDB-Server (www.cacert.org).

There are some changes in the queue currently to add a serial number to the CRL and to reduce the size of the CRL.

But ... the number of Software-team-members is quite low, we're in urgent need of ABCed software-assessors. (da)


Support Team

There is a more-or-less static flow of members wanting their CAcert-Account closed. Most members never received an assurance (and therefore never gave one). If a reason to close the account is given, it's usually a move to another CA.

Within FY 2019/2020 only a very small number of cases had been moved to dispute-queue.

Processing support-tickets is quite slow as the number of support members is quite low.

Triage is doing it's work very well, sometimes they add a note to incoming tickets, so support team members can use this as an answer to the member.

Support Team is in urgent need of new support team members, which is currently in progress. (da)


Translation / Localisation

CATS is now available in Czech. A French translation is waiting for review (for several months now).

Finance Team

secure-u e.V.

After there was a donation-request in September 2019, a lot of donations were received by secure-u, which allowed to reduce the invoices to CAcert Inc. enormously and to buy replacement hardware to ensure a sustainable operation of the hardware.

Since then there is a steady flow of donations to ensure the (financial) future of CAcert. (da)