To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting

Minutes of the MiniTOP on the 2011-06-07

Setting

The MiniTOP will be held via telco 22:00 CEST

Attendees: dirk, Ted, uli, magu, marcus, alex, michael

Topics

new items in last meeting:

Alex, Ian, Pieter - prepare pressrelease about class3 project
Uli - documentation: sources of class3 fingerprint
Michael, Dirk, Uli - prepare patches, update wiki and other sources with new class3 fingerprint
Michael - mantis bug: notification emails missing
Michael - mantis bug: bug #854 (white page)
Michael, Dirk, Ted - * New bug fixes:
- bug #940 (outsource help pages to wiki)
- bug #943 (replace OA-admin text with OA-Assurer)
- bug #841 (cert login - check issuer source)
Action items from last meeting Meeting Action Items
the Bug #948 impact on mail delivery (non RFC-2821 compliance)
dirk: wot.php analysis (read email from last week)
triage test on CATS (Update)
- bug #942 (cats test) (ted), triage test on CATS (Update), to review, to test, no update
State Testserver Update, Current Patches on Testserver, current running Arbitrations:
- Arbitration case a20110312.1 Weak keys
- Arbitration case a20110419.1 Bug #637: Weak Passwords
- "Thawte" patch Bug# 827 Points-Count-Order-Change project
strategy plans ...
- strategy for: "Certificates Class3" problem and "New Roots & Escrow" - proposal to board, done in last board meeting
  - upgrade plan: Press release, Announcements to be presented to board by Community
  - m20110515.2 "Class 3 Certificate Resign"
  - m20110515.3 "Prepare press statement about Class 3 Resign"
```
That we ask the community to prepare a press statement, to be sent to
various groups, and to be accepted by Board before sending out.
```
  - Press release written: Roots/Class3ResignProcedure/PressRelease
    - Approved by board: m20110605.2
    - translations: Dutch, French, Spanish, Russian requested
Testgroup: recruit new testers, update
1. m20110515.4 "Rewarding testers"
2. Result: May-2011 report
  - requested confirmation from winner #2, no response so far
  - next: blog post
CI app.test (Update)
next meeting: Tuesday, June 14, 2011 22:00

Minutes

Alex, Ian, Pieter - prepare pressrelease about class3 project, press release is prepared, translations triggered
Uli - documentation: sources of class3 fingerprint
Michael, Dirk, Uli - prepare patches, update wiki and other sources with new class3 fingerprint
- webdb
  - /pages/index/3.php and 16.php to fix, also to add link to Roots/StateOverview
  - see Bug #946
  - capnew.php and coapnew.php to modify, removal project defered
- flyer
  - no label, but 1/3 page of A4 page printout, to cut in 3 pieces to insert in each flyer
  - who ?
  - nobody?
  - Marcus, builds addon
    - sends proposal, accepted
  - adding links: upcoming events,
- capnew.php doesn't work on cacert1.it-sls.de, pdf error message, added Bug #950
  - ```
  <strong>TCPDF error: </strong>Can't open image file: logos/CAcert-logo-colour-1000.png
```
Mantis bugs: fixed
bug #942 (cats test) (ted), triage test on CATS (Update), to review, to test
- reviewed by michael
- connection permissions to mgr system for ted
m20110515.4 "Rewarding testers" post proposal, publish with updated infos, May-2011 report
- 3 simple reports, 2 winners rewarded and given back as donation, with aphexer in communications to handle this
the Bug #948 impact on mail delivery (non RFC-2821 compliance)
- affects email check
- affects domain check
- accepted, will be fixed
capnew.php Bug #950
- request to michael, to execute
- cp /home/cacert/cacert4.png /home/cacert/www/www/logos/CAcert-logo-colour-1000.png
- capnew.php pdf generation now works on cacert1.it-sls.de
dirk: wot.php analysis (read email from last week)
- fyi
"Thawte" patch Bug# 827 Points-Count-Order-Change project
- problems with includes
  - Michael: use -> include_once($_SESSION['_config']['filepath']."/pages/index/$id.php");
Rollout Date ?
- Thursday or Friday this week ?
- Webdb patches under construction by Michael, Ted
Arbitration case a20110312.1 Weak keys
- workshop session before next weeks meeting, starting 21:00 UTC
next meeting: Tuesday 2011-06-14, 21:00 weak keys test workshop, 22:00 regular meeting

Fixed Action Items since last Meeting

Alex, Ian, Pieter	prepare pressrelease about class3 project
Uli	documentation: sources of class3 fingerprints
Michael	mantis bug: notification emails missing
Michael	mantis bug: bug #854 (white page)
Dirk	strategy for: "Certificates Class3" problem and "New Roots & Escrow" - Press release, Announcements to be presented to board by Community: contact alex
Uli	m20110515.4 "Rewarding testers" post proposal, publish with updated infos, May-2011 report

Action Items New

modify/split: Michael, Dirk, Uli - prepare patches, update wiki and other sources with new class3 fingerprint
1. webdb
  - /pages/index/3.php and 16.php to fix, also to add link to Roots/StateOverview
  - see Bug #946
  - capnew.php and coapnew.php to modify, removal project defered
2. wiki updates
3. svn updates
Marcus: flyer update: no label, but 1/3 page of A4 page printout, to cut in 3 pieces to insert in each flyer (fixed within meeting)
capnew.php doesn't work on cacert1.it-sls.de, pdf error message, added Bug #950 (fixed within meeting)
Alex, Michael, Dirk, Ted, Uli, Critical Team: Proposed Class3 Subroot Re-sign project Rollout Date: Thursday 2011-06-09 or Friday 2011-06-10
modify: All - Arbitration case a20110312.1 Weak keys, workshop session before next weeks meeting, starting 21:00 UTC
Michael, Dirk, Ted: the Bug #948 impact on mail delivery (non RFC-2821 compliance)

Action items: Meeting Action Items

Software/Assessment/ActionItems

Marcus	cap.php review different languages, from meeting 2012-04-24, contact translators
uli	Experience points for ATE attendance check board motions and/or trigger if not yet passed
uli	Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18 current state: see Funding Landing Page
All	1. next: strategy for "New Roots & Escrow" - using indirect crl's ? indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment
dirk, Michael	3. next: strategy for "New Roots & Escrow" - how does debian work? to contact, deferred to next events (?)
Uli, Michael	Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png

Development, Deployment, Discussion

dirk Brian	DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php)	new bug#964 current state: test /account/4.php added to testserver Marcus will do detailed tests on Wed some references added to bug#964 done. proposal patch from Brian rcvd
OAO, Ted	bug #943 change OA admin/assurer text	needs 2nd test -> Fabian, Marc, Alex? / needs 2nd review -> Ted, rejected
uli, Ted	bug #824 Org User cert fix Case study	Organisation User Certificates: Need UI improvement for proper production usage
uli	bug #988 TTP cap form deployment Case study	sneak preview for local testserver deployment only
uli, ted	bug #823 email address removal fix	No warning when removing e-mail address from account that certificates will be revoked checked by 4, needs 2nd review, deploy rejected
inopiae	bug #920 Join - single name only (eg Indonesian)	details under bug number
uli	bug #859 admin console interface	feature request: show activity on an account in the admin interface rejected, certs login doesn't modify "modified" field
All	bug #1034 files to remove from webdb	eg wot/14

Software Assessors: Review 1 / add to cacert-devel, add to testserver

Software-Assessors task

uli

bug #977 admin console text fix

admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue

Testing

Testers task

gagern	bug #440 Problem with subjectAltName (CSR, renew certs)	There seems to be a problem with the subjectAltName. Dupes, missing entries, and more
neo	bug #922 CAcert application code problem causing missing "certificate about to expire" messages
Ted	bug #835 Assurer challenge (on testserver)	needs testing
Michael	bug #1003 Provide a possibility to regularly review the permissions in the system	also bug #1038 Provide a script for board/tverify reset flags by arbitration a20110118.1
neo	bug #1025 Domain Dispute issue	disputes rc and rc2 var prob

Software Assessors: 2nd Review, Bundle Package to Critical Team

Software-Assessors task

uli, ted	bug #789 OA edit domain fix	Editing domain for organisations does not work new update 2011-09-26 2 tests, needs 2nd review, deploy more fixes, more testing	6
uli	bug #967 OA isassurer check	Give an OA the opportunity to check if a designated Organisation Administrator is a CAcert assurer
neo	bug #978 Invalid SPKAC requests are not properly validated	recheck full certs signing procedures duplicate report to bug#540
Michael	bug #540	p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing uli, marcus: needs full cert create tests duplicate report to bug#978
neo	bug #1024 Assurer flag is not set correctly on updatesort.php run	tested by 4, ok
dirk	bug #1023 Consolidate changes into the Assure Someone page	6.php global re-design project assurance, wot area (Thawte points removal effective)
inopiae	bug #981 OA overview (dupe of bug #943)	New layout of view for Organisation Administrators in account/id35

Software Assessors: Bundle Package to Critical Team

Software-Assessors task

Awaiting Response from Critical Team

CategorySoftwareAssessment

CategorySoftwareAssessment

Software/Assessment/20110607-S-A-MiniTOP (last edited 2011-09-23 00:05:36 by UlrichSchroeter)