. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110705-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110719-S-A-MiniTOP|next meeting]]'''
----
= Minutes of the MiniTOP on the 2011-07-12 =
== Setting ==
The MiniTOP will be held via telco 22:00 CEST
Attendees: Marcus, dirk, Uli, Alex, Michael, Ted
== Topics ==
(skip to agenda)
Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
== Agenda ==
1. Software Assessors Patch Reviews - working session in meeting and State Testserver Update, Current Patches on Testserver, current running Arbitrations:
1. Workshop
* Dirk '''reminder''' (from last meeting) assure someone patches (checkboxes)
* Review 1: review, add to cacert-devel, transfer to testserver
|| Ted || [[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) ||
|| Michael || [[https://bugs.cacert.org/view.php?id=953|bug #953]] (change pwd routine, text changes only) || ||
|| Michael || [[https://bugs.cacert.org/view.php?id=958|bug #958]] add ads on main website ||
|| Michael || [[https://bugs.cacert.org/view.php?id=959|bug #959]] add points bug ||
* VBscript, Weak Keys script
|| dirk || DEV: [[Arbitrations/a20110312.1|a20110312.1]] [[https://bugs.cacert.org/view.php?id=918|bug#918]] Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' || {-} ||
* vbscript needs to be improved with select box key size and lower limit to 2048 (based on [[https://wiki.mozilla.org/CA:MD5and1024]])
* Api CertEnroll (MS crypto provider)
* annoying gpg [[http://bugs.cacert.org/view.php?id=911|bug #911]]
|| dirk, michael, uli || annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]] (gpg expires 1970), activate gpg on testserver ? pickup upcoming weekend ? || {0} ||
* [[https://lists.cacert.org/wws/arc/cacert-devel/2011-06/msg00012.html]]
* [[https://lists.cacert.org/wws/arc/cacert-devel/2011-06/msg00013.html]]
a. the key is ok
a. display on gpg list in webdb displays wrong date
* to increase priority of this bug, to fix displaying gpg key date in list as too many reports receives support
* 2 potential propblem areas
1. add and sign new gpg key (save to database script results in wrong date)
1. view gpg keys (read from database)
1. To discuss (the list of unhandled patches)
1. Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]]
* mail to ted to continue with arb case, adding to thread on arb case
* Next: script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]]
* on mailing the $reason had not been added into the mail, nor the specified wiki links, that were created for this mailing (see [[https://lists.cacert.org/wws/arc/cacert-support/2011-06/msg00072.html]])
* Remove Weak Certs is under deployment, testing
1. Arbitration case [[Arbitrations/a20110419.1|a20110419.1]] [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Weak Passwords
* Pwd text removed, but reject pwd doesn't work, pwd can be set to weak pwd
* problem #1 at login, plz change, use old pwd works - fail
* problem #2 at join
* to include in ? checkpassword() in includes(general.php) ... add addtl. requirements there ?
* current: clear password in source code
* checkpassword() needs rewrite, but this is another issue, first we have to take care about the Fred pwd
* dictionary is still active grep current-pwd share/userdict
1. Fred... to add into checkpassword()
1. checkpassword() to add into login procedure
* pwd cannot be changed - new [[https://bugs.cacert.org/view.php?id=953|Bug# 953]] "After change of password change on account.php?id=14 does not meet requirements wrong redirect"
* SE reset pwd procedure doesn't take care about weak pwd
* Under testing: update
1. "Thawte" patch [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] Points-Count-Order-Change project
* in testing
* problems in counting found, missing points
* new commit by dirk, forwarded by NEO
* 80 pts counted, 100 countable ... problem
* new commit by dirk, forwarded by NEO
* pts problem seems to be solved, assurer challenge needed seems now to be ok
* Under testing: update
* Marc: thawte patch problem found 2147483647 assurance pts entered, 15.php displays 2147483647 pts
* Arbitration: exists values in points? limit 0-150 pts ? or no arbitration ? (discussion)
* Next step(s)
1. Review bugs under testing (finished testing?)
* [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver)
* [[https://bugs.cacert.org/view.php?id=827|bug #827]] "Thawte" patch (still running)
* [[https://bugs.cacert.org/view.php?id=897|bug #897]] transfer text pages to wiki (points system) (T)
* [[https://bugs.cacert.org/view.php?id=637|bug #637]] weak password
* [[https://bugs.cacert.org/view.php?id=921|bug #921]] Privacy Policy cleanup
* [[https://bugs.cacert.org/view.php?id=948|bug #948]] SMTP protocol bug and fix (T)
* [[https://bugs.cacert.org/view.php?id=942|bug #942]] CATS import (2)
* [[https://bugs.cacert.org/view.php?id=943|bug #943]] change OA admin/assurer text
* [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login
1. [[AGM/TeamReports/2011#Software-Assessment-Project|AGM reports 2010-2011]]
* Software-Assessment project team report started, review
1. strategy plans ... next: strategy for "New Roots & Escrow"
1. idea: using indirect crl's ?
* 2 crl's needed, one valid, one invalid crl server
* more infos available ? who ?
1. build testserver with special certs
1. Magu, Michael to send instructions for test deployment
* indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5)
* Last meeting we've defined Testing requirements and a potential testszenario
* Next step(s)
1. policy group: define requirements
* multimember escrow method ?
* needs risk analyze
* potential candidates ?
* Marcus to contacted Benedikt, will contact Thomas K
* Next step(s)
1. how does debian work ?
* defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
1. Documentation
* Bugs.cacert.org
* discussion about states to define, redefine
* bugs documentation I ([[Software/Assessment/Documentation/bugs|bugs handbook]])
* bugs documentation II (to incorporate into the [[Software/Assessment/Documentation|Software-Update-Cycle]] procedure/documentation)
* Review, Update
1. CI (Update)
1. next meeting: Tuesday, July 19, 2011 22:00
== Minutes ==
* 1. Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]]
* mail to ted to continue with arb case, adding to thread on arb case
* Next: script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]]
* on mailing the $reason had not been added into the mail, nor the specified wiki links, that were created for this mailing (see [[https://lists.cacert.org/wws/arc/cacert-support/2011-06/msg00072.html]])
* Remove Weak Certs is under deployment, testing
* Weak Certs script testing
* out of chroot, vulnkey out of chroot
* set delete date to 1970.. triggers cert revoke routine in client.pl
* needs review [[https://bugs.cacert.org/view.php?id=954|bug #954]]
* adwards from last board meeting
* ads will only displayed in logout mode
* http vs https mode ?
* googleads doesn't work with https
* question from dirk: to add ads only on http or also under https ? login mode too ?
* new [[https://bugs.cacert.org/view.php?id=958|bug #958]]
* Workshop - Review patches
* Review 1: review, add to cacert-devel, transfer to testserver
|| Ted || [[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) || {+} ||
|| Michael || [[https://bugs.cacert.org/view.php?id=953|bug #953]] (change pwd routine, text changes only) || {+} ||
|| Michael || [[https://bugs.cacert.org/view.php?id=958|bug #958]] 0000958: Board wants advertisments on main CAcert website || {+} ||
|| Michael || [[https://bugs.cacert.org/view.php?id=959|bug #959]] add points bug || {+} ||
* [[AGM/TeamReports/2011#Software-Assessment-Project|AGM reports 2010-2011]] for review
* Review bugs under testing (finished testing?)
|| [[https://bugs.cacert.org/view.php?id=897|bug #897]] transfer text pages to wiki (points system) (T) || finished testing, ready to deploy || {+} ||
|| [[https://bugs.cacert.org/view.php?id=948|bug #948]] SMTP protocol bug and fix (T) || needs more tests || {0} ||
* next meeting: Tuesday, July 19, 2011 22:00
==== Fixed Action Items since last or within meeting ====
|| Michael || [[https://bugs.cacert.org/view.php?id=959|bug #959]] add points bug || {+} ||
|| All || bugs for review 1: if unhandled before next meeting to handle under working session within next meeting || {+} ||
|| Michael, Dirk, Ted || New bug fixes: review, add to cacert-devel, transfer to testserver '''REVIEW 1'''<
>[[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) {+} || {+} ||
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=953|bug #953]] (change pwd routine, text changes only) '''REVIEW 1''' || {+} ||
. ''Software Assessors Review 1''
|| Ted || [[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) || {+} ||
|| Michael || [[https://bugs.cacert.org/view.php?id=953|bug #953]] (change pwd routine, text changes only) || {+} ||
|| Michael || [[https://bugs.cacert.org/view.php?id=958|bug #958]] add ads on main website || {+} ||
|| Michael || [[https://bugs.cacert.org/view.php?id=959|bug #959]] add points bug || {+} ||
----
==== Action Items New ====
Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
<>
----
. CategorySoftwareAssessment