- Case Number: a20120330.1
- Status: closed
- Respondents: CAcert
Case Manager: UlrichSchroeter
- Date of arbitration start: 2012-03-30
- Date of ruling: 2015-04-16
- Case closed: 2015-04-20
- Complaint: Unknown CAcert user with SE permissions (was: Permissions Review)
- Relief: Remove "Admin" flag from anonymized account
2012-03-30 (issue.c.o) case s20120330.67
- 2012-03-30 (C): accepts CCA/DRP under this arbitration in dispute filing.
- 2012-03-30 (CM): added to wiki, request for CM / A
- 2012-03-30 (CM): I'll take care about this case as CM, Ted takes care about this case as (A)
- 2012-03-30 (CM): sending init mailing to (C)
- 2012-04-01 (A): Sent a short analysis of the facts to C, asking to confirm or correct it.
- 2012-05-01 (A): Sent reminder, including some additional discoveries, to C asking to reply till 2012-05-14.
- 2012-07-03 (SE): (with old account in question) asks (CM) Why his old account has SE flag? Mail forwarded to (A), (C) of this case
2012-07-03 (CM): response to (SE) with reference to a20120330.1
- 2012-07-03 (SE): report about test on testserver
- 2012-07-03 (SE2): [s20120703.18] closing support ticket
- 2014-01-11 (SE2): asks for progress in this case by phone to (CM)
- 2014-01-12 (CM): forwarding progress report request to (A)
2015-02-26 (A): asking Support about current status of the account email@example.com
- 2015-02-26 Support reports that the account is normally anonymized (and therefor not usable), with the only exception that the Admin-Flag is set.
- 2015-03-17 (A): Sent mail to (C) asking if he expects anything in addition to resetting the flag.
- 2015-03-20 C responds, confirming that, from what he reads from the public part of this Arbitration, removing the flag from the account would be a valid releif.
- 2015-03-30 (A): Sent some more information to (C), asking for information if this changes his position.
Original Dispute, Discovery (Private Part)
Link to Arbitration case a20120330.1 (Private Part)
EOT Private Part
- The user account in question has been anonymized in an Arbitration
- The user formerly owning the anonymized account is now a Support Engineer
Account Anonymisation Procedure explicitly requests to reset all flags to 0
The account in question was anonymized in Arbitration Case a20110308.1
When a20110308.1 was executed account deletion procedure Arbitrations/Training/Lesson20/DeleteAccountProcSEv2a was newly installed, which includes the resetting of all flags. Its predecessor Arbitrations/Training/Lesson20/DeleteAccountProcSEv2 did not mention resetting the flags.
From the information found during this case it seems plausible that before anonymisation the concerned account had the SE flag validly set, and the resetting of the flag was overlooked when processing DeleteAccountProcSEv2a.
Resetting the flags was one thing newly mentioned in DeleteAccountProcSEv2a, and could easily be overread. So, while Support deviated from the procedure, I judge this as a slight negligence, with no need to be pursued further.
The current Account Anonymisation Procedure has already been edited to give a bigger emphasize to the flags.
As laid down in the deliberation I rule that the SE flag in account firstname.lastname@example.org shall be reset. No further action is considered necessary.
2015-04-16 (A): Sending Mail to support, the SE flag in account email@example.com should be reset.
- 2015-04-16 SE reports that the SE flag has been reset, and no other peculiarities could be found in the account.
- 2015-04-20 (A): Notified C of execution and closing of the case.
- 2015-04-20 This case is closed now.