## page was renamed from Software/Assessment/20100921-S-A-MiniTOP . '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' ---- = Minutes of the MiniTOP on the 2010-09-21 = == Setting == The MiniTOP was held by irc. 20:00 CEST Attendees: Andreas, Dirk, Martin, Uli == Action items from last meeting == * Markus: recover cacert-devel, Testserver == Topics == * State Testserver Update * Reset on Testserver / cacert-devel repositories * Preparing first patches for testing * Test run: current webdb mirror, add patches, document patches * Which repositories are active ? * How and where to document ? * reset of cacert-devel before first start ? * Andreas: reported problem relating signer deployment: no checkin possible on testserver, Update ? * Automated testing system * Andreas / Hayati * Building Testteam, Updates * Fabian, Bjoern, Peter, [[MartinGummi|Martin]], Jochim, [[Community/HomePagesMembers/JavierFernandez|Faramir]], [[PieterVanEmmerik|Pieter]], [[UlrichSchroeter|Uli]], Sebastian, Marcus, (Olaf) * next meeting: Tuesday, Sept 28, 2010 ? Oct 5th ? == Minutes == * problem with telco system ... meeting moved to irc * 20:30 meeting starts with 30 min delay * Action items from last meeting * Markus shreddered cacert-devel and testserver repo last week. recovered cacert-devel, Testserver last Wednesday * State Testserver * reset to cacert last revision + 3 patches * These patches didn't had a bug# * Who helps document these patches ? * Why did Markus add the patches from Michael w/o mantis bug # ? * Question can only be answered by Markus * again, who helps identifying and document patches ? * action item to next meeting: identify and document patches * part 2 testserver: Andreas: reported problem relating signer deployment: no checkin possible on testserver, Update ? * Andreas and Markus works today 3 hours on signer * we have to do a root ceremony on cacert1 and generate private keys for class1/class3 to build crls * there is a private key on the machine, probably Wytze generated it ? But there is password set. session finished. * private key => ask Wytze * as long as nobody tries to test if its signed with the correct key, we need only one key * as long there is only one crl * currently we probably only need one testkey, so that the key related functions (e.g. add client cert, add server cert) could be tested * Signer daemon on svn is a different version then on production system. Wytze has to update svn copy. But therefor he has to go to Ede and needs a 2nd critical system admin so source code can be backuped on another media * Will someone attend to the root key ceremony? Probably only thru irc or skype * Andreas: Is it a decision, that we will use only one key (simplification) or should I check, that we use a copy of the setup procedure including 2 keys and several clrs ? * We need a key, to test the functions that use a key. Class3 testkey is a nice2have, e.g. cert login doesn't work w/o a key, but it helps if we have one key * crl mechanism needs to be deployed also, that tooks a while. In the meanwhile I would like to set a link onto the cacert-production system, that clients doesn't runs into a timeout. somedays we also deploy an ocsp-testsystem, but this is low priority * Andreas: OK, I will decide this by time ... Its not only two keys, also TimeToLive of certs, dependency on count of points and much more. Probably I will bring it to success within the next 2 weeks * next top => Automated testing system Andreas / Hayati * Andreas / Hayati did a phone call, Andreas gave info which tool he wanted to use, and Hayati whould check it and searches for probably other tools * If the testers will find bugs, we're becoming probably active individualy. Maybe it goes to the same direction, maybe not. We need independent tests * so ... work in progress * infos by Uli from last Webmontag Frankfurt: [[http://www.andreas-demmer.de/2010/08/17/folien-zu-continuous-integration-deployment/]] * [[http://www.andreas-demmer.de/downloads/pdf/continuous-integration_folien_webmontag_20100816.pdf]] * [[http://www.andreas-demmer.de/downloads/pdf/continuous-integration_notizen_webmontag_20100816.pdf]] * top: Building Testteam, Updates * Olaf - from Fosdem - didn't respond so far * next meeting: Sept 28th is ATE Essen, so we defer meeting to Oct 5th * Question time: * Martin: Why discussion about signer ? We have a deadline for Thawte points removal patches * Uli: We are working on several parallel tasks, Signer is such one parallel task * Uli: action items: Uli + Dirk: Tasks till next meeting: identify patches, generate bug#'s, document patches, push testing * Dirk: I write patches. I test them by myself. I don't have time to check or create bug#'s for others. Therefor I have too much patch on my usb-stick w/o bug#'s, and they are over one year old * Uli: about the 3 patches there are probably no bug#'s. Therefor we have to create bug#'s, or we have to wait for Michael till end of this month ... also do you now help on identify those 3 patches ?!? * Uli: e.g. open question: what does 7-old.php in the system ?!? * Uli: Dirk, you are one of the 3 Software-Assessors who has to check this. If not, remove this patch * Andreas: didn't we received consens to remove this file ? because this file isn't used by the system? Probably this was a backup from old days, where changes made on production system. A backup if a hotfix doesn't did as expected and has then been checked in. * Uli: then the patch is: removal of this file from system and to check if all works fine * Uli: action items: create bug#, removal of 7-old.php. Dirk, Markus has to remove this file from cacert-devel and testserver, is this correct ? * Uli: Dirk, where does /scripts/addpoints.php belongs to ? Will this file be used by the webdb system ? or is all under scripts only executable from system console ? * Dirk: if we try starting to review all files, who should be removed from the production system, we start a bigger construction site * Uli: currently we have to take care about 7-old.php only. Wether to document it or remove it ... no global garbage collection, thats for later, after we've completed the patches backlog * Dirk: each needless script can be a security vulnerability * Uli: 7-old.php can be seen as a test, if it reaches the production system * Uli: ok, 1/3 files identified for removal ... whats with the other 2 files ? ... /scripts/addpoints.php * Andreas: currently I don't see a way, how we can test creating certs and if it works. Someday I would like to see certs created not only with the Testserver-Mgmt-System. On the other side, we don't have the time with the "Thawte" patches * Uli: Dirk, 1 week ago, I've signaled to start with the first patches ... Testsystem is in a state where signer is currently not working, but this doesn't prevent us from start with tests that doesn't need a signer. So we can start testing with patches, which don't need a signer for testing * Dirk: so why not as action item: 'deploy the thawte-patch' ? * Uli: testserver has been reset by Markus to state cacert + 3 patches. Now we have to deal with these 3 patches to pass one complete update cycle. The problem: these patches doesn't have currently a bug#. Action item about 'Thawte-patch' I gave you 2 weeks ago * Dirk: if the state of the patches is unclear, why not remove them ? Michael can comment on them, if he returns or are these patches also time critical ? * Uli: 'cause Dirk and Markus are the Software-Assessors who has the authority to do this ?!? * Uli: 1. until now, we didn't pass one complete update cycle. 1. currently we have 3 simple, uncritical patches in cacert-devel and testserver ... if planned or unplanned .. for playing around, for testing, who knows? ... These patches are good for testing a complete update cycle. 7-old also to test the removal of files * Andreas: and this we would test with "trivial-patches", this includes removal of 7-old.php * Uli (continued) 3. This patch series should be passed as quick as possible (is there something to test with these patches ?!?) 4. "thawte-patch" from Dirk * Dirk: point 4 is the uncritical part of the thawte-removal-patches ... who shows only the points in descending order but doesn't change the points count on Assurances. The 2nd patch (re-calculation of points) makes only sense if the first patch passes once the update cycle. Should I now correct the first patch or should I delay the correction? * Uli: Order given 2 weeks ago: please correct the first patch * Uli: 7-old.php => [[https://bugs.cacert.org/view.php?id=865|Bug# 865]] added * Dirk: then I have to check who to remove files with git * Dirk: is thinking ... if he reviews the sources and creates a bundle of bug reports to remove all needless sources, also thinks about capnew.php ...;-) * Uli: /scripts/addpoints.php => [[https://bugs.cacert.org/view.php?id=866|Bug# 866]] added * Uli: www/wot.php => [[https://bugs.cacert.org/view.php?id=867|Bug# 867]] added * Uli: Documentation written: [[Software/CurrentTest|Current Tests]] * Uli: Dirk + Markus: this patch you need to test at testservers console => [[https://bugs.cacert.org/view.php?id=866|Bug# 866]] * Dirk: I have to check this * Andreas: who manages mantis bugs system? * Uli: I only know that PG has set permissions and added a new category, so he has admin access * Andreas: therefor you need shell-access onto the system: see [[http://manual.mantisbt.org/manual.customizing.mantis.customizing.status.values.php]] * Mario: probably bugs hasn't currently an admin * Andreas: We would define a state for the testteam, so they'll can find the current testing bug#'s quickly, alternately to the wiki site: [[Software/CurrentTest|Current Tests]] * Mario: If somebody has some Config wishes for bugs, please describe it completely and send it by email to me * 22:43 meeting closed ---- Action items: * Uli - document 3 patches currently on cacert-devel, testserver * [[https://bugs.cacert.org/view.php?id=865|Bug # 865]] * [[https://bugs.cacert.org/view.php?id=866|Bug # 866]] * [[https://bugs.cacert.org/view.php?id=867|Bug # 867]] * Uli: writes docu for patches, pushes tests * Dirk, Markus: removal of /pages/wot/7-old.php from cacert-devel and testserver * Dirk: continue correction of "Thawte" patch * Andreas: contact Wytze about private key on cacert1 * Andreas, Markus: continous signer deployment * Andreas: contact Wytze about updated signer revision ---- . CategorySoftwareAssessment