. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110607-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110621-S-A-MiniTOP|next meeting]]''' ---- = Minutes of the MiniTOP on the 2011-06-14 = == Setting == The MiniTOP will be held via telco * Workshop starts 21:00 CEST (Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] testing workshop) * Meeting starts 22:00 CEST Attendees: == Topics == (skip to agenda) new items in last meeting: * modify/split: Michael, Dirk, Uli - prepare patches, update wiki and other sources with new class3 fingerprint 1. webdb * /pages/index/3.php and 16.php to fix, also to add link to [[Roots/StateOverview|Roots/StateOverview]] * see [[https://bugs.cacert.org/view.php?id=946|Bug #946]] * capnew.php and coapnew.php to modify, removal project defered 1. wiki updates 1. svn updates * Marcus: flyer update: no label, but 1/3 page of A4 page printout, to cut in 3 pieces to insert in each flyer (fixed within meeting) * capnew.php doesn't work on cacert1.it-sls.de, pdf error message, added [[https://bugs.cacert.org/view.php?id=950|Bug #950]] (fixed within meeting) * Alex, Michael, Dirk, Ted, Uli, Critical Team: Proposed Class3 Subroot Re-sign project Rollout Date: Thursday 2011-06-09 or Friday 2011-06-10 * modify: All - Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys, workshop session before next weeks meeting, starting 21:00 UTC * Michael, Dirk, Ted: the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] impact on mail delivery (non RFC-2821 compliance) * Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]''' == Agenda == * strategy plans ... 1. strategy for: "Certificates Class3" problem * Debriefing * Patches and handling * Press release preparation and distribution * Timing * Rollout coordination * Documentation 1. next: strategy for "New Roots & Escrow" * ... * State Testserver Update, Current Patches on Testserver, current running Arbitrations: * the list of unhandled patches * Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] * Arbitration case [[Arbitrations/a20110419.1|a20110419.1]] [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Weak Passwords * "Thawte" patch [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] Points-Count-Order-Change project * Software Assessors Review 1 || Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) || || Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=943|bug #943]] (replace OA-admin text with OA-Assurer) || || Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=841|bug #841]] (cert login - check issuer source) || || Dirk, Michael, Mawa || [[https://bugs.cacert.org/view.php?id=942|bug#942]] (CATS test) || || Dirk || [[https://bugs.cacert.org/view.php?id=827|bug#827]] (Thawte patches, points order change) || * Software Assessors Review 2 || Dirk, Ted, Mawa || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) || * Testgroup: recruit new testers, update * Software Testers - Workshop at Barcamp Karlsruhe ? * CI app.test (Update) * next meeting: Tuesday, June 21, 2011 22:00 == Minutes == === Workshop Weak Keys === Attendees: Marcus, Michael, Uli, dirk Weak keys testing first test round is to disable patch on testserver to allow weak keys to add 1. generate 512 bit keys test (test [[http://bugs.cacert.org/view.php?id=918#c2034|bug #918 note #2034]]) a. openssl genrsa -out .key 512 a. openssl req -new -key .key -out .csr a. copy + paste to signing request a. copy + paste signed pub key -pub.key a. test new pub key: openssl x509 -text -in -pub.key -noout * should result in: * Subject Public Key Info: * Public Key Algorithm: rsaEncryption * RSA Public Key: (512 bit) * Modulus (512 bit): ... * Exponent: 65537 (0x10001) 2. generate exponent 3 key test (test [[http://bugs.cacert.org/view.php?id=918#c2036|bug #918 note #2036]]) a. openssl genrsa -aes256 -out .key -3 1024 a. openssl req -new -key .key -out .csr a. copy + paste to signing request a. copy + paste signed pub key -pub.key a. test new pub key: openssl x509 -text -in -pub.key -noout * should result in: * Subject Public Key Info: * Public Key Algorithm: rsaEncryption * RSA Public Key: (1024 bit) * Modulus (1024 bit): ... * Exponent: 3 (0x3) 3. OA server keys test === Meeting [22:35] === Attendees: Michael, Uli, dirk, mario, magu * strategy plans ... 1. strategy for: "Certificates Class3" problem * Debriefing * Patches and handling * Press release preparation and distribution * Michael: has distros received notifications ? * Timing * Rollout coordination * Documentation, * dispute has been filed regarding notifications to Orgs, but not yet picked up * no infos from Support yet * some accounts under twitter - who ? magu ( .. 21 followers), dirk (cacert_me 63 followers) ... * mailing lists: debian 12.6., http://www.elgonzo.net/index.php/tag/cacert/, http://osdir.com/ml/general/2011-06/msg20283.html, https://www.xing.com/net/sicherheit/feedback-biete-suche-tools-events-288/fwd-pressemitteilung-neue-signaturen-fur-cacert-class-3-subroot-zertifikat-anderungen-fur-nutzer-von-cacert-zertifikaten-37158796/ * reminder to heise ? * linux community - posted 1. next: strategy for "New Roots & Escrow" * idea: using indirect crl's ? * 2 crl's needed, one valid, one invalid crl server * policy group: define requirements * multimember escrow method ? * how does debian work ? * secret sharing schema * docu process [[http://ftp-master.debian.org/keys.html]] * public mailing lists ? contacts ? * dirk ? michael ? jandd ? alexander ? sven ? and other contacts (ftp team ?) * dnssec has distributed last year * State Testserver Update, Current Patches on Testserver, current running Arbitrations: * Michael added new states in mantis * the list of unhandled patches * Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] * test running * Arbitration case [[Arbitrations/a20110419.1|a20110419.1]] [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Weak Passwords * needs rework * "Thawte" patch [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] Points-Count-Order-Change project * problems with network setup ... fixed within session, 15.php package uploaded * Software Assessors Review 1 || Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) || || Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=943|bug #943]] (replace OA-admin text with OA-Assurer) || || Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=841|bug #841]] (cert login - check issuer source) || || Dirk, Michael, Mawa || [[https://bugs.cacert.org/view.php?id=942|bug#942]] (CATS test) || || Dirk || [[https://bugs.cacert.org/view.php?id=827|bug#827]] (Thawte patches, points order change) || * Software Assessors Review 2 || Dirk, Michael, Mawa || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) || * Testgroup: recruit new testers, update * Software Testers - Workshop at Barcamp Karlsruhe ? * Idea: push patches to production for testing * testing with deadline (eg 2 weeks?), after which patch will be pushed to production * annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]] (gpg expires 1970) * gpg on testserver not active * pickup upcoming weekend (dirk, michael, uli) * CI app.test (Update) * Hudson, integrated in eclipse * silenium good for creating * upcomung new release announced, old revision not under full maintenance eg ff4 not supported * next meeting: Tuesday, June 21, 2011 22:00 * git over http: [[http://git-cacert.it-sls.de/cgi-bin/gitweb.cgi]] * Testserver + Software Testers - task based help: * '''Emails will not be send to your email address, use testserver management system instead''' * how to create admin account? * how to add new user? * how to assure an account? * where to find email? ==== Fixed Action Items since last Meeting ==== || Michael, Dirk, Ted, Uli || prepare patches, update wiki and other sources with new class3 fingerprint<
>1. (Dirk, Ted) webdb: [[https://bugs.cacert.org/view.php?id=946|Bug #946]] '''REVIEW 2'''<
>2. (Uli) wiki updates<
>3. (Uli) svn updates || {g} <
> {g} <
> {g} <
> {g} || || Alex, Michael, Dirk, Ted, Uli, Critical Team || Proposed Class3 Subroot Re-sign project Rollout Date: Thursday 2011-06-09 or Friday 2011-06-10 || {g} || || Marcus || flyer update: no label, but 1/3 page of A4 page printout, to cut in 3 pieces to insert in each flyer (fixed within meeting) || {g} || || Dirk, Michael || capnew.php doesn't work on cacert1.it-sls.de, pdf error message, added [[https://bugs.cacert.org/view.php?id=950|Bug #950]] (fixed within meeting) || {g} || || All, Testers || Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys, reviewed by Ted, needs testing !!! Urgent<
>workshop session before next weeks meeting, starting 21:00 UTC [[https://bugs.cacert.org/view.php?id=918|Bug #918]] '''TESTING''' || {g} || ---- ==== Action Items New ==== 1. dirk ? michael ? jandd ? alexander ? sven ? - next strategy for "New Roots & Escrow" - get in contact with debian group 1. dirk, michael, uli - annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]] (gpg expires 1970), activate gpg on testserver ? pickup upcoming weekend ? 1. uli, marcus - Testserver + Software Testers - task based help Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]''' <> ---- . CategorySoftwareAssessment