Minutes of the MiniTOP on the 2011-07-12

Setting

The MiniTOP will be held via telco 22:00 CEST

Attendees: Marcus, dirk, Uli, Alex, Michael, Ted

Topics

(skip to agenda)

Action items from last meeting Meeting Action Items

Agenda

  1. Software Assessors Patch Reviews - working session in meeting and State Testserver Update, Current Patches on Testserver, current running Arbitrations:
    1. Workshop
    2. To discuss (the list of unhandled patches)
      1. Arbitration case a20110312.1 Weak keys bug #918

      2. Arbitration case a20110419.1 Bug #637: Weak Passwords

        • Pwd text removed, but reject pwd doesn't work, pwd can be set to weak pwd
        • problem #1 at login, plz change, use old pwd works - fail
        • problem #2 at join
        • to include in ? checkpassword() in includes(general.php) ... add addtl. requirements there ?
        • current: clear password in source code
        • checkpassword() needs rewrite, but this is another issue, first we have to take care about the Fred pwd
        • dictionary is still active grep current-pwd share/userdict
          1. Fred... to add into checkpassword()
          2. checkpassword() to add into login procedure
        • pwd cannot be changed - new Bug# 953 "After change of password change on account.php?id=14 does not meet requirements wrong redirect"

        • SE reset pwd procedure doesn't take care about weak pwd
        • Under testing: update
      3. "Thawte" patch Bug# 827 Points-Count-Order-Change project

        • in testing
        • problems in counting found, missing points
        • new commit by dirk, forwarded by NEO
        • 80 pts counted, 100 countable ... problem
        • new commit by dirk, forwarded by NEO
        • pts problem seems to be solved, assurer challenge needed seems now to be ok
        • Under testing: update
        • Marc: thawte patch problem found 2147483647 assurance pts entered, 15.php displays 2147483647 pts
          • Arbitration: exists values in points? limit 0-150 pts ? or no arbitration ? (discussion)
        • Next step(s)
    3. Review bugs under testing (finished testing?)
  2. AGM reports 2010-2011

    • Software-Assessment project team report started, review
  3. strategy plans ... next: strategy for "New Roots & Escrow"

    1. idea: using indirect crl's ?
      • 2 crl's needed, one valid, one invalid crl server
      • more infos available ? who ?
        1. build testserver with special certs
        2. Magu, Michael to send instructions for test deployment
      • Last meeting we've defined Testing requirements and a potential testszenario
      • Next step(s)
    2. policy group: define requirements
      • multimember escrow method ?
        • needs risk analyze
        • potential candidates ?
          • Marcus to contacted Benedikt, will contact Thomas K
          • Next step(s)
    3. how does debian work ?
      • defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
  4. Documentation
    • Bugs.cacert.org
      • discussion about states to define, redefine
      • bugs documentation I (bugs handbook)

      • bugs documentation II (to incorporate into the Software-Update-Cycle procedure/documentation)

      • Review, Update
  5. CI (Update)
  6. next meeting: Tuesday, July 19, 2011 22:00

Minutes

Fixed Action Items since last or within meeting


Action Items New

Action items: Meeting Action Items

Software/Assessment/ActionItems

Development, Deployment, Discussion

  • OAO, Ted

    bug #943 change OA admin/assurer text

    needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected

    {-}

    uli, Ted

    bug #824 Org User cert fix Case study

    Organisation User Certificates: Need UI improvement for proper production usage

    {0}

    uli, ted

    bug #823 email address removal fix

    No warning when removing e-mail address from account that certificates will be revoked
    checked by 4, needs 2nd review, deploy
    rejected

    {-}

    inopiae

    bug #920 Join - single name only (eg Indonesian)

    details under bug number

    {0}

    uli

    bug #859 admin console interface

    feature request: show activity on an account in the admin interface
    rejected, certs login doesn't modify "modified" field

    {r}

    Michael

    bug #540

    p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
    uli, marcus: needs full cert create tests
    duplicate report to bug#978
    tested by 3, 2nd review done, transfered
    Ken reported: still has problems, bug kept open

    {0}

    gagern, NEO

    bug #440 Problem with subjectAltName (CSR, renew certs)

    There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development

    {r}

    neo

    bug #1025 Domain Dispute issue

    disputes rc and rc2 var prob
    needs work

    {r}

    dirk

    bug #1054 0001054: Review the code regarding the new point calculation

    Thawte patch part II
    needs further work

    {r}

Software Assessors: Review 1 / add to cacert-devel, add to testserver

  • Software-Assessors task

Testing

  • Testers task

    neo

    bug #1004 Stats page improvement

    tested by 2, needs 2nd review

    {0}

    neo

    Bugs #1159 it might be possible to execute commands on the signing server

    {0}

    inopiae

    bug #1065 Wrong wording when sending mails during the assurance process

    {0}

    inopiae

    bug #1162 calcutate (the passwords) hash in php instead of in mysql

    create test scenarios for the software testers /!\
    Full testing /!\

    {0}

    inopiae

    bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails

    {0}

    inopiae

    bug #988 TTP cap form deployment

    {0}

Software Assessors: 2nd Review, Bundle Package to Critical Team

  • Software-Assessors task

    Ted

    bug #500 Get contact mail adress after resolving test

    tested by 3, requires review

    {0}

    Ted

    bug #1140 Show if a test is passed in learnprogress

    tested by 3, requires review

    {0}

    magu

    bug #1131 Rename _all_ Policies from .php to .html and fix all links

    global policy directory maintenance and update

    {0}

    inopiae

    bug #1010 Reorder the view on organisation certificates

    tested by 3

    {0}

Software Assessors: Bundle Package to Critical Team

  • Software-Assessors task

    inopiae

    bug #1139 Add new fields to the database

    tests through #500 and #1140, 2nd review done, requires transfer

    {0}

Awaiting Response from Critical Team

  • inopiae

    bug #411 Wrong text is made into link

    {g}