. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110621-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110705-S-A-MiniTOP|next meeting]]''' ---- = Minutes of the MiniTOP on the 2011-06-28 = == Setting == The MiniTOP will be held via telco 22:00 CEST Attendees: Michael, Uli, Marcus, Marc, Mario, dirk == Topics == (skip to agenda) Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]''' == Agenda == * Software Assessors Reviews * Patches reviewed since last meeting ? * If yes, continue Agenda meeting * else: working session in meeting * Review 1: review, add to cacert-devel, transfer to testserver || Ted || [[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) || || Mawa || [[https://bugs.cacert.org/view.php?id=943|bug #943]] (replace OA-admin text with OA-Assurer) || || Michael || [[https://bugs.cacert.org/view.php?id=841|bug #841]] (cert login - check issuer source) || || Michael || [[https://bugs.cacert.org/view.php?id=942|bug#942]] (CATS test) || * Review 2: finish tests, bundle patch, send to critical team || Dirk || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) || * strategy plans ... next: strategy for "New Roots & Escrow" 1. idea: using indirect crl's ? * 2 crl's needed, one valid, one invalid crl server * more infos available ? who ? 1. build testserver with special certs 1. Magu, Michael to send instructions for test deployment * indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5) 1. policy group: define requirements * multimember escrow method ? * needs risk analyze * potential candidates ? * Marcus to contact Thomas K * Uli to contact Benedikt 1. how does debian work ? * defered to Froscon (end of Aug), CCCcamp (around Aug 10th) * State Testserver Update, Current Patches on Testserver, current running Arbitrations: * the list of unhandled patches 1. Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] * mail to ted to continue with arb case, adding to thread on arb case * Next: script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]] 1. Arbitration case [[Arbitrations/a20110419.1|a20110419.1]] [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Weak Passwords * Pwd text removed, but reject pwd doesn't work, pwd can be set to weak pwd * problem #1 at login, plz change, use old pwd works - fail * problem #2 at join * to include in ? checkpassword() in includes(general.php) ... add addtl. requirements there ? * current: clear password in source code * checkpassword() needs rewrite, but this is another issue, first we have to take care about the Fred pwd * dictionary is still active grep current-pwd share/userdict 1. Fred... to add into checkpassword() 1. checkpassword() to add into login procedure * pwd cannot be changed - new [[https://bugs.cacert.org/view.php?id=953|Bug# 953]] "After change of password change on account.php?id=14 does not meet requirements wrong redirect" * SE reset pwd procedure doesn't take care about weak pwd * Under testing: update 1. "Thawte" patch [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] Points-Count-Order-Change project * in testing * problems in counting found, missing points * new commit by dirk, forwarded by NEO * 80 pts counted, 100 countable ... problem * new commit by dirk, forwarded by NEO * pts problem seems to be solved, assurer challenge needed seems now to be ok * Under testing: update * Annoying gpg bug || dirk, michael, uli || annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]] (gpg expires 1970), activate gpg on testserver ? pickup upcoming weekend ? || {0} || * Documentation * Bugs.cacert.org * discussion about states to define, redefine * bugs documentation I ([[Software/Assessment/Documentation/bugs|bugs handbook]]) * bugs documentation II (to incorporate into the [[Software/Assessment/Documentation|Software-Update-Cycle]] procedure/documentation) * Update * uli, marcus - Testserver + Software Testers - task based help - update * uli, markus - testers how-to regarding testserver roots: live-cd ? how-to, 2nd profile add to [[Software/TestTeam/WelcomePack|Welcome Pack]] - update * CI (Update) * next meeting: Tuesday, July 5, 2011 22:00 == Minutes == * Reviews did not happen, so this meeting becomes a working session * Michael currently works on TMS * Weak keys patch: message in support mailing list, no infos currently avail * Class3 no more requests or infos * Michael works on [[https://bugs.cacert.org/view.php?id=942|bug#942]] * reviewed * added to testserver * test szenario: 1. account not assurer 1. TMS add 70 pts, + CATS 1. check user account: should have 70 pts, no assurer 1. apply regular more assurances with regular other test accounts 1. check user account: should have 100 pts+, is-assurer * nothing browser specific * dirk works on [[https://bugs.cacert.org/view.php?id=948|Bug #948]] * reviewed * in repository * last state ??? * not yet checked in * assure someone, add domain, assure someone - account doesn't exist - send notification * strategy plans ... next: strategy for "New Roots & Escrow" 1. idea: using indirect crl's ? * 2 crl's needed, one valid, one invalid crl server * more infos available ? who ? 1. build testserver with special certs 1. Magu, Michael to send instructions for test deployment * indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5) * Magu not avail, no update * other testers ? * Marcus: no, Marc: ? * some discussion about potential test environment, no result 1. policy group: define requirements * multimember escrow method ? * needs risk analyze * potential candidates ? * Uli to contact Benedikt, no update * Marcus to contact Thomas K * contacted benedikt, will take care about * will contact Thomas K * Marc: thawte patch problem found 2147483647 assurance pts entered, 15.php displays 2147483647 pts * Arbitration: exists values in points? limit 0-150 pts ? or no arbitration ? (discussion) * State Testserver Update, Current Patches on Testserver, current running Arbitrations: * the list of unhandled patches 1. Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] * mail to ted to continue with arb case, adding to thread on arb case * Next: script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]] * next meeting: Tuesday, July 5, 2011 22:00 ==== Fixed Action Items since last or within meeting ==== || Uli || to write mail to SA's: dirk, michael + ted, to appoint each SA two bugs for review 1 || {g} || || Dirk, Michael || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) '''REVIEW 2''' || {g} || || Dirk, Michael, Mawa || [[https://bugs.cacert.org/view.php?id=942|bug#942]] (cats test) (ted), triage test on CATS (Update), to review, to test '''REVIEW 1''' || {g} || || Michael || [[https://bugs.cacert.org/view.php?id=942|bug#942]] (CATS test) || {g} || || Dirk || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) || {g} || ---- ==== Action Items New ==== * Dirk: assure someone patches * Uli: add to testers portal, push testers on [[https://bugs.cacert.org/view.php?id=942|bug#942]] and [[https://bugs.cacert.org/view.php?id=948|Bug #948]] * Ted: Next: script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]] Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]''' <> ---- . CategorySoftwareAssessment