. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110412-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110426-S-A-MiniTOP|next meeting]]'''
----
= Minutes of the MiniTOP on the 2011-04-19 =
== Setting ==
The MiniTOP will be held via telco 22:00 CEST
Attendees: Dirk, Martin, Ted, Uli, Marcus
== Topics ==
* Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
new items in last meeting:
* Arbitration case [[Arbitrations/a20110312.1|a20110312.1]]
* Ted: perl script trigger to critical team by ted
* dirk: /pages/account/.. 4.php, 17.php to combine ?
* Ted: triage test on CATS (Update), probably upcoming week
* [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Password suggestion always the same. Proposed solution.
* dirk: will take care about text removal (general.php check pwd proc, text /pages/index/1.php)
* marcus: start dispute, first test: sql-query, to be verified by 2nd SA: select count(*) from users where password='xxx';
* Arbitration case [[Arbitrations/a20110312.1|a20110312.1]]
* State Testserver Update
* Current Patches on Testserver:
* "Thawte" patch [[https://bugs.cacert.org/view.php?id=827|Bug# 827]]
* Prepare Easter Eggs [[https://bugs.cacert.org/view.php?id=921|Bug# 921]] also for PR - blog post, find new testers
* triage test on CATS (Update)
* strategy plans ...
* strategy for: "Certificates Class3" problem and "New Roots & Escrow"
* [[https://lists.cacert.org/wws/arc/cacert-root/2011-02/msg00030.html|pragmatic solution proposed]]
* [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Password suggestion always the same. Proposed solution.
* CI new product
* next meeting: Tuesday, April 26, 2011 22:00
== Minutes ==
* Magu: has new product under test, app.test, eclipse based
* has deployed a Hudson installation
* Action Items
* Ted, triage test on CATS (Update), probably upcoming week
* finished
* transfer of TRIAGE results to webdb is currently commented out, not active, but CATS is still active
* OA test is only avail on test1
* Marcus: Bug #637 Weak Password: start dispute, first test: sql-query, to be verified by 2nd SA -> a20110413.1
* 1st step: Quick fix: reject default pwd
* 2nd step: to fix current effected accounts, to be handled under arbitration
* Michael: index old id=1 is join form, check pwd in /includes/general.php
* Dirk: 1.php, 6.php, 14.php modified
* send info to users, weak pwd, please replace pwd
* 1 month deadline, running script to set randam pwd
* addtl. query to crtical team:
1. when last logged-in ?
1. accounts assured ?
* Michael: to add a new branch within git
* git fetch (current state between server and local)
* git checkout -b bug-637 origin/release
* further documentation by Michael
* Request Michael to Uli: to write request to Markus, Andreas to create new cacert1 image and set url for download
* dirk Bug #637 Weak Password: will take care about text removal (general.php check pwd proc, text /pages/index/1.php)
* bug#637 files send by dirk, reviewed by Michael, pushed to branch, pushed to master, checked-out to testserver, part I + II
* part I: removal of text
* part II: to push users to replace their pwd
* next steps: arbitrator to decide, how this case should be handled eg mailing, how to handle unused accounts and so on
* arbitration: file dispute, who ? Michael, what ? see above step 2
* Arbitration case [[Arbitrations/a20110312.1|a20110312.1]], bug#918
* perl script started, runs long time, result sent by Wytze
* scipt is ok, one run 9 hours !
* if web code fixes on production then script can be run on production
* mailing script is pushed to git
* some tests has been made, Hanno also involved in testing but no report, only keys < 1024 blocked
* review of patches:
* perl script by ted, reviewed by michael
* mailing script php by ted, reviewed by Michael
* patches to block weak keys by michael, needs to be reviewed -> Ted
* dirk: a20110312.1 /pages/account/.. 4.php, 17.php to combine ? no update
* michael briefs dirk
* call 17.php from 16.php, call 4.php from 3.php
* add/replace code with include(/includes/keygen.php) within 4.php + 17.php under bug#918
* Dirk: 15.php, not updated
* Michael: add SA's to Admin in bugs for customizing, mail to Philipp, Andreas, Mario
* email to write, within session, mail sent
* Bug#921, Michael will review Wed and add to testserver
* Uli to prepare blog post
* Bug#897 HowManyPoints
* patch by Uli, first review by Michael, needs 2nd review
* dirk has new xen vm, trafic limit 1 or 5 TB, 4 ip's, and IPv6 for 10 EUR, alternate for hosting ?
* no concensus, probably for Non-Critical not interesting as each of the Non-Critical machines are VMs by itself
* strategy plans ...
* strategy for: "Certificates Class3" problem and "New Roots & Escrow"
* [[https://lists.cacert.org/wws/arc/cacert-root/2011-02/msg00030.html|pragmatic solution proposed]]
* Michael: class3 renew ?
* Dirk: board motion, no new class3 cert
* Michael: to wait for new roots & escrow is probably no option
* Dirk: current class1 + class3 on testserver, test class3 replacement on testserver, what are the changes to do ?
* Michael: changes to do:
* /etc/ssl/openssl-ca.cnf algorythm to replace line 30 default md5 to sha1
* Dirk: revocation list, and renewal of keys ?
* Class3 replace test after Eastern
* Uli: tester to inform regarding class3 certs creation in mailing regarding bug#921
* next meeting: Tuesday, April 26, 2011 22:00
==== Fixed Action Items since last Meeting ====
|| Ted || [[Arbitrations/a20110312.1|a20110312.1]] perl script trigger to critical team || {+} ||
|| Ted || triage test on CATS (Update), probably upcoming week || {+} ||
|| dirk || [[https://bugs.cacert.org/view.php?id=637|Bug #637]] Weak Password: will take care about text removal (general.php check pwd proc, text /pages/index/1.php) || {+} ||
|| Marcus || [[https://bugs.cacert.org/view.php?id=637|Bug #637]] Weak Password: start dispute, first test: sql-query, to be verified by 2nd SA -> [[Arbitrations/a20110413.1|a20110413.1]] || {+} ||
|| Michael || update to Hanno || {+} ||
|| Michael || add SA's to Admin in bugs for customizing, mail to Philipp, Andreas, Mario || {+} ||
|| Dirk || strategy for: "Certificates Class3" problem and "New Roots & Escrow"<
>contact root cert group<
>new plan: signer class3 test on cacert1 || {-} ||
----
Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
==== Action Items New ====
* Uli: to write request to Markus, Andreas to create new cacert1 image and set url for download
* Ted: bug#918 patches to block weak keys by michael, needs to be reviewed
* Michael: Bug #637 Weak Password, file dispute regarding 2nd step: to fix current effected accounts, to be handled under arbitration
* Uli: added patch bug#637 onto testserver, update testers portal, notify tester group
* Michael: Bug#921 review on Wed and add to testserver
* Uli: add patch bug#921 onto testserver, update testers portal, notify tester group, publish blog post "Easter Eggs"
* Ted, Markus, Dirk: Bug#897 2nd review
* Uli: tester to inform regarding class3 certs creation in mailing regarding bug#921
<>
----
. CategorySoftwareAssessment