Team Reports 2020/2021
Team Leaders are encouraged to present a report for their team. (alphabetic order)
19 = Text from 2019 or 2020, please replace!
booking.com – Hotel-buchen-Portal
This webshop with T-shirts, caps, mugs and more is run by secureU, a partner association from CAcert in Germany. The benefit is sent to us or used to pay bills for us.(Ru)
Since April 2018, CAcert has Amazon Affiliates links. Unfortunatley, there are different links for each different language/shop:
On the wiki, we have Google Ads on the top corner. To help CAcert, please allow your adblocker to show this ads. They are small, discrete and do not disturb you while writing or reading on the wiki.
Critical System Administrator Team
Outages of critical hard/software
Day to day operation
Regular system administration activities resulting in site visits or software updates of one or more of the critical systems are dutifully reported on the public systemlog mailinglist email@example.com with archives kept at https://lists.cacert.org/wws/arc/cacert-systemlog . We refer the interested reader to those resources rather than duplicating or summarizing the information here.
To avoid any outages of the critical infrastructure there there is a decision to activate sun1 again and to add a second signer machine (hot standby) to the environment.
But without a fully functioning CAcert software development team, no changes to the application code have occurred in the past three years. Thus the CAcert application (written in PHP) is locking CAcert into an old and soon obsolete version of the Debian OS. In April 2018 we did complete the upgrade of the webdb server to Debian Jessie, the "oldstable" release from Debian. As predicted in last year's report: this causes a permanent stream of PHP warning messages in the Apache logfiles, because the application code is using obsoleted constructs. But an upgrade to Debian Stable is not possible with the current PHP code base, due to its dependency on an obsolete mySQL database interface layer, which is not supported anymore in the PHP version bundled with Debian Stretch, the current Debian Stable.
Without the ability to upgrade the application platform to a well-maintained version of Debian, the Critical System Administrator Team will be unable to take responsibility in the near future for the safe and correct operation of CAcert's main server, the web application and database server. (da)
As all access team members were limited due to corona-restricions a new member (without selfstanding access) was added to the team temporary, so necessary maintenance-tasks and replacement of the signer machine was possible in May. (da)
Currently the events team is quite small, any help to help the events-team is appreciated. (da)
A new (refurbished) server was offered in 2020 by abilit.eu. The server has been moved to the datacenter in EDE and is now running as infra03.
Infra03 provides the new nextcloud.cacert.org service for internal document sharing. A MariaDB and PostgreSQL instance have been setup on infra03. MariaDB is used as backend database for nextcloud and the PostgreSQL instance is planned for an ORY Hydra based OAuth2/OIDC authentication service.
The plan to implement a mutual backup of infra02 and infra03 is still work in progress.
Several virtual infrastructure servers had been update to more recent software and added to Puppet.
Attempts to get more people on board in the infrastructure team failed, due to missing interactions. Operations of most systems run smoothly due to a high grade of automation and well established monitoring. (jd)
New Root & Escrow Project (NRE)
Organisation Assurance Team
Lead (no head exists) didn't manage to build a good working OA team. This is a) because OA assurances are quite complicated to perform, and b) because due to Corona business workload has raised to 2 times and rather no time for CAcert left
- Eventually the encouraged CAcert Assurer in Pennsylvania, USA is still available for help in case someone may take over the task. He seems very encouraged to help and I'm trying.
- Anyone willing for networking and building a team and exchange ideas really helps as I got overworked in the past months.
- Head didn't manage to build a team. He has an unimaginably big desaster with family issues during whole year not finished yet.
- Due to Corona no onsite-events. There is an idea to offer online-events, but due to lack of time, it was not further planned, I'm afraid. Online usually means a video call, which head is currently able to offer due to personal contact.
- CAcert's Facebook page can be managed by PR head, Dirk as infrastructure lead and from just before AGM 2021 also by secretary. Voluntary people can be added on request.
- Head is deeply grateful that Etienne Ruedin has done an amazing job for promoting CAcert to the public, and writing many important blog articles.
- Online fair of CAcert for interested people.
- Current list of Affiliate Links should be promoted again and made publicly visible for better support.
- Continue writing book "CAcert for dummies"
- More team members for giving ideas and writing text
- Looking for native speakers in english and spanish writing and translating text into their language for blog posts, Twitter and social media as well as articles for news and magazines
Software Development Team
There are some changes in the queue currently to add a serial number to the CRL and to reduce the size of the CRL.
But ... the number of Software-team-members is quite low, we're in urgent need of ABCed software-assessors. (da)
A serious issue with non western character sets has been discovered (after the end of financial year 20/21) and analyzed after a endless loop of the signer. Characters outside of the ISO-8859-1 cannot be handled by the PHP code, the MySQL database and the signer software parts. A full rewrite to support UTF-8/Unicode in all parts of the code that touches any text that could end up in certificates is required to make the software usable for anybody that has a non ISO-8859-1 name. There is a patch available to at least mitigate the signer crash. Unfortunately the patch is missing reviews and has not been applied to the production system yet.
Progress on other patches like the PHP 7 compatibility fixes has stalled due to missing reviews/testing.
A suggested reimplementation of the CAcert software will only make sense if we find enough people who will do reviews/QA/documentation/test automation. (jd)
Triage is doing it's work very well, sometimes they add a note to incoming tickets, so support team members can use this as an answer to the member. (da)
Translation / Localisation
CATS is now available in Czech. A French translation is waiting for review (for several months now).