  * Case Number: a20140422.1
  * Status: running
  * Claimant: Michael T, Benny B
  * Respondent: CAcert
  * initial Case Manager: EvaStöwe
  * Case Manager: BernhardFröhlich
  * Arbitrator: EvaStöwe
  * Date of arbitration start: 2014-04-23
  * Date of ruling: 201Y-MM-DD
  * Case closed: 201Y-MM-DD
  * Complaint: Gather evidence about the SQL injection/ shell execution discovered in #1272

  * Relief: TBD

Before: Arbitrator Eva Stöwe (A), Respondent: CAcert (R), Claimants: Michael T (C1), Benny B (C2), Case: a20140422.1


== History Log ==
 . 2014-04-22 (issue.c.o): case [s20140422.172]
 . 2014-04-22 (iCM): added to wiki
 . 2014-04-22 (iCM): request for CM / A, informed Claimants about case
 . 2014-04-23 (A): I'll take care of this case as A, Bernhard Fröhlich will be CM
 . 2014-04-23 (C2): Please include me in the case
 . 2014-04-23 (A): init mail send to C1, C2

== Private Part ==
 * '''Link to Arbitration case [[Arbitrations/priv/a20140422.1|a20140422.1 (Private Part)]], Access for (CM) + (A) only''' 

## ==> INCLUDE SECTION BOT
<<Include(Arbitrations/priv/a20140422.1)>>  
## <== INCLUDE SECTION EOT

==== EOT Private Part ====

== original Dispute ==

 {{{
Dear Arbitrators,

I want to file dispute to gather evidence whether the SQL injection /
shell code injection described and fixed in bugs reports #1272 and #1266
has been exploited on the critical system.

One of the persons that reported the vulnerability agreed that we could
forward mail exchanges about this issue to Arbitration for reference.

I have accepted CCA and DRP.
}}}

== Discovery (currently under seal) ==

This case is currently handled in private under seal. As soon as there is a result known, this decision will be re-evaluated with a high favor to be transparent. 

This decision is based on the urge of the internal auditor to handle this case under seal as long as needed to come to a final conclusion.

Sealing decisions for rulings are to be reviewed by board. Currently there is no known board-decision regarding a seal on this case, even as board was repeatedly addressed by the Arbitrator.

2014-05-04, Cologne

History extract on sealing-request:
 . 2014-04-23 (A): asked board about a seal for the case
 . 2014-04-23 (A): updates request about seal to board
 . 2014-04-27 (board): business about seal of an arbitration case, probably discussed in private - nothing reported back to A, CM
 . 2014-04-29 (A): asks board about an answer regarding a sealing of the case, anounces further details in encrypted mail to those board members that A has a certificate of
 . 2014-05-03 (A): again asks board for some answer regarding the seal - sets deadline and anounces to handle the case openly if deadline passes without an answer from board - mail includes internal auditor
 . 2014-05-03 (internal auditor): urges board to seal the case until a final ruling is given
 . 2014-05-03 (UTC) (DRO): tells A that currently no board decision is needed as he reads the DRP
 . 2014-05-04 (A): contests the notion of the DRO with a reference to [[Arbitrations/a20110511.1|a20110511.1]], where intermediate rulings in a running case are accepted to be appeal-able, for this they have to be public while a case is running, if no seal is applied, there are intermediate rulings to be done 
 . 2014-05-04 (internal auditor): please seal this case
 . 2014-05-04 (A): places the case under seal for the time being (notifies in case file that answer from board is missing)
 . 2014-05-11 (A): asks former internal auditor about his opinion regarding anglo based law, intermediate rulings and seals, as the DRO based his notion on the nature of anglo law, former internal auditor who is an anglo based law native agrees that since intermediate rulings are appealable they have to be treated as rulings regarding seals
 . 2014-05-15 (board-voting-system): opens voting for motion m20140515.6 related to 2014-04-27
 . 2014-05-15 (board minutes): for board meeting at 2014-04-27 published, it contains [[Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20140427#A2.3_Decide_on_Sealing_of_Arbitration_Case| a motion that board does not see a responsibility to act in this case]]
 . 2014-05-16 (A): again asks board for an answer to the request to seal the case, because normally board is quite firm, what one should accept as a board answer and also A considers the reasoning behind the motion for incorrect as A has elaborated - without a response from board.

== Ruling (currently under seal) ==
two intermediate rulings

== Execution ==

== Similiar Cases ==

|| [[Arbitrations/a20120614.1|a20120614.1]] || [[Arbitrations/a20120614.1|Emergency Patch ]] ||

----
 . CategoryArbitration
 . CategoryArbCaseSystemTasks
 . CategoryArbCaseOthers