To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting
Minutes of the MiniTOP on the 2011-05-03
Setting
The MiniTOP will be held via telco 22:00 CEST
Attendees: Marcus, Michael, Uli, Dirk, Marc, Magu
Topics
new items in last meeting:
- Dirk, Uli: Next Board Meeting: Software-Testing - problem to find -active- testers
Dirk, Michael, Uli: strategy for: "Certificates Class3" problem and "New Roots & Escrow" - proposal to board, working session on Sunday
- Uli: Policy Repository migration plan, updating
Action items from last meeting Meeting Action Items
- triage test on CATS (Update)
- State Testserver Update, Current Patches on Testserver, current running Arbitrations:
Arbitration case a20110312.1 Weak keys
Arbitration case a20110419.1 Bug #637: Weak Passwords
"Thawte" patch Bug# 827 Points-Count-Order-Change project
- strategy plans ...
strategy for: "Certificates Class3" problem and "New Roots & Escrow" - proposal to board
- Delete Account procedure extension for email mask proposal: X11111111.111.111
based on a20090510.3 and a20110221.1 and bug #893 and 794
script has to interact with OTRS as the new email address goes to Support@c.o with the catch all a... filter mask (see Arbitration Training - Lesson 20 - Delete Account instructions for SE v2)
- CI app.test (Update)
- next meeting: Tuesday, May 10, 2011 22:00
Minutes
- testers: to contact by phone
strategy for: "Certificates Class3" problem and "New Roots & Escrow" - proposal to board, working session on Sunday
- Michael: documentation
- Policy Repository migration plan, updating
- uli: some testing
- Bug#897, no update [1]
- bug#918, no update [1]
- bug#827, no update [1]
- [1] Dirk lacks running developer VM image
Image conversion from esx http://www.vmware.com/go/download-converter
- image up and running till end of the meeting
- DEV: TMS function (Assurances), no update
- Hosting providers: to contact Martin Ga regarding questions about VMs on vienna hosting, no update
- RAM upgrade for existing addtl. hardware
- ISP prizing, 1 Euro / ip, 170 Euro / subnet 255, 80-90 Euro / 100 ips
- triage test on CATS (Update), no info from Ted, transfer not yet active
- Delete Account procedure extension for email mask proposal: X11111111.111.111
- catch email mask added by Mario
script has to interact with OTRS as the new email address goes to Support@c.o with the catch all a... filter mask (see Arbitration Training - Lesson 20 - Delete Account instructions for SE v2)
email mask to correct -> Mario, OTRS does not need changes
- (after meeting info: email mask added back in early 2010 by Daniel)
- Dirk: in general gives his Ok
- CI app.test (Update), no update
Fixed Action Items since last Meeting
Dirk, Michael, Uli
strategy for: "Certificates Class3" problem and "New Roots & Escrow" - proposal to board, working session on Sunday
Uli
Policy Repository migration plan, updating
Michael
Hosting providers: to contact Martin Ga regarding questions about VMs on vienna hosting
Action Items New
- Marcus, Uli: testers: to contact by phone
Michael: strategy for: "Certificates Class3" problem and "New Roots & Escrow" - proposal to board, working session on Sunday -> documentation
- Dirk: to get the VM image from 2011-04-21 up and running (fixed within meeting)
- Uli: Delete Account procedure extension for email mask proposal: X11111111.111.111, send meeting minutes to Arbitrator
Action items: Meeting Action Items
Software/Assessment/ActionItems
Marcus
cap.php review different languages, from meeting 2012-04-24, contact translators
uli
Experience points for ATE attendance
check board motions and/or trigger if not yet passed
uli
Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18
current state: see Funding Landing Page All
1. next: strategy for "New Roots & Escrow" - using indirect crl's ?
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment dirk, Michael
3. next: strategy for "New Roots & Escrow" - how does debian work?
to contact, deferred to next events (?)
Uli, Michael
Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png
Development, Deployment, Discussion
dirk Brian
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php)
new bug#964
current state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964 done.
proposal patch from Brian rcvd OAO, Ted
bug #943 change OA admin/assurer text
needs 2nd test -> Fabian, Marc, Alex?
/ needs 2nd review -> Ted, rejected 
uli, Ted
bug #824 Org User cert fix Case study
Organisation User Certificates: Need UI improvement for proper production usage
uli
bug #988 TTP cap form deployment Case study
sneak preview
for local testserver deployment only uli, ted
bug #823 email address removal fix
No warning when removing e-mail address from account that certificates will be revoked
checked by 4, needs 2nd review, deploy
rejected inopiae
bug #920 Join - single name only (eg Indonesian)
details under bug number
uli
bug #859 admin console interface
feature request: show activity on an account in the admin interface
rejected, certs login doesn't modify "modified" field All
bug #1034 files to remove from webdb
eg wot/14
Software Assessors: Review 1 / add to cacert-devel, add to testserver
Software-Assessors task
uli
bug #977 admin console text fix
admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue
Testing
Testers task
gagern
bug #440 Problem with subjectAltName (CSR, renew certs)
There seems to be a problem with the subjectAltName. Dupes, missing entries, and more
neo
bug #922 CAcert application code problem causing missing "certificate about to expire" messages
Ted
bug #835 Assurer challenge (on testserver)
needs testing
Michael
bug #1003 Provide a possibility to regularly review the permissions in the system
also bug #1038 Provide a script for board/tverify reset flags by arbitration a20110118.1
neo
bug #1025 Domain Dispute issue
disputes rc and rc2 var prob
Software Assessors: 2nd Review, Bundle Package to Critical Team
Software-Assessors task
uli, ted
bug #789 OA edit domain fix
Editing domain for organisations does not work
new update 2011-09-26
2 tests, needs 2nd review, deploy
more fixes, more testing6
uli
bug #967 OA isassurer check
Give an OA the opportunity to check if a designated Organisation Administrator is a CAcert assurer
neo
bug #978 Invalid SPKAC requests are not properly validated
recheck full certs signing procedures
duplicate report to bug#540 Michael
p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
uli, marcus: needs full cert create tests
duplicate report to bug#978 neo
bug #1024 Assurer flag is not set correctly on updatesort.php run
tested by 4, ok
dirk
bug #1023 Consolidate changes into the Assure Someone page
6.php global re-design project
assurance, wot area (Thawte points removal effective) inopiae
New layout of view for Organisation Administrators in account/id35
Software Assessors: Bundle Package to Critical Team
Software-Assessors task
Awaiting Response from Critical Team