To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting
Minutes of the MiniTOP on the 2011-07-26
Setting
The MiniTOP will be held via telco 22:00 CEST
Attendees: dirk, uli, michael, alex, ted
Topics
(skip to agenda)
Action items from last meeting Meeting Action Items
Agenda
strategy plans ... next: strategy for "New Roots & Escrow"
- idea: using indirect crl's ?
- 2 crl's needed, one valid, one invalid crl server
- more infos available ? who ?
- build testserver with special certs
- Magu, Michael to send instructions for test deployment
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5)
- meetings ago we've defined Testing requirements and a potential testszenario
- to remind every meeting
- policy group: define requirements
- multimember escrow method ?
- needs risk analyze
- potential candidates ?
- Marcus to contacted Benedikt, will contact Thomas K
- Next step(s)
- multimember escrow method ?
- how does debian work ?
- defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
- idea: using indirect crl's ?
- Software-Assessment project team report finished, plz review
- Documentation Bugs.cacert.org Review
- discussion about states to define, redefine
bugs documentation I (bugs handbook)
bugs documentation II (to incorporate into the Software-Update-Cycle procedure/documentation)
- Review, Update
- CI (Update)
- Workshop - The List of open / running / unhandled bugs
x1 Arbitration case a20110312.1 Weak keys bug #918 / bug #954
- mail to ted to continue with arb case, adding to thread on arb case
Next: script to bulk revoke weak keys, new bug #954
on mailing the $reason had not been added into the mail, nor the specified wiki links, that were created for this mailing (see https://lists.cacert.org/wws/arc/cacert-support/2011-06/msg00072.html)
- Remove Weak Certs is under deployment, testing
- Weak Certs script testing
- out of chroot, vulnkey out of chroot
- set delete date to 1970.. triggers cert revoke routine in client.pl
needs review bug #954
- infos from critical team
- Current state:
- mailing sent
- keys revocation script not started
- Weak keys article not yet published
weak keys: problems with cryptostick (to test at Froscon with Juergen ?)
x2 Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
* in testing * problems in counting found, missing points * new commit by dirk, forwarded by NEO * 80 pts counted, 100 countable ... problem * new commit by dirk, forwarded by NEO * pts problem seems to be solved, assurer challenge needed seems now to be ok * Under testing: update * Marc: thawte patch problem found 2147483647 assurance pts entered, 15.php displays 2147483647 pts * Arbitration: exists values in points? limit 0-150 pts ? or no arbitration ? (discussion) * problem fixed under bug 959 * Next step(s) ? * current state on production system? table points: count(id) > 150 points ? * fix points < 0 and points > 150 in bug 827 ?
x3 Bug #637: Weak Passwords - 2nd Review + deploy
* Pwd text removed, but reject pwd doesn't work, pwd can be set to weak pwd * problem #1 at login, plz change, use old pwd works - fail * problem #2 at join * to include in ? checkpassword() in includes(general.php) ... add addtl. requirements there ? * current: clear password in source code * checkpassword() needs rewrite, but this is another issue, first we have to take care about the Fred pwd * dictionary is still active grep current-pwd share/userdict 1. Fred... to add into checkpassword() 1. checkpassword() to add into login procedure * pwd cannot be changed - new [[https://bugs.cacert.org/view.php?id=953|Bug# 953]] "After change of password change on account.php?id=14 does not meet requirements wrong redirect" * SE reset pwd procedure doesn't take care about weak pwd * Under testing: update * Overall result: Please evaluate if the session problem can be fixed!
- VBscript, Weak Keys script - awaiting dirks deployment
dirk
DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV
vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024)
Api CertEnroll (MS crypto provider)
Dirk reminder (from last meeting) assure someone patches (checkboxes)
Dirk
DEV: bug #894 problems with check-boxes on website forms (Assure someone) -> a20091118.3
- Review 1: review, add to cacert-devel, transfer to testserver
?
bug #955 Possibilty to change the sorting order for the organisation overview
?
bug #957 Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible
- Review bugs under testing (finished testing?) (Review 2?)
revoke keys deployment
needs 1 more test, needs 2nd review
2nd review: also check -x
tests done, 2nd review outstanding x^3 bug #637 weak password
needs 2nd review, not Micha -> Ted, done
Overall result: Please evaluate if the session problem can be fixed!
bug #835 Assurer challenge (on testserver)
asssigned to Ted, set to needs work, CATS to install on ca-mgr1
bug #942 CATS import (2)
complete re-test as of code changes
fully re-tested by 2 testers bug #943 change OA admin/assurer text
needs 2nd test -> Fabian, Marc, Alex
needs 2nd review -> Ted, rejected gpg keys expires 1970
tests started last week
- to bundle, to deploy
- On hold
ADS Challenge, awaiting response from board
- Deployed, Finished
- next meeting: Tuesday, August 2, 2011 22:00
Minutes
- Sysadmin reset procedure - some discussion
- Software-Assessment project team report finished, plz review
- Weak keys / Weak passwords missing
- Documentation Bugs.cacert.org Review
- discussion about states to define, redefine
bugs documentation I (bugs handbook)
bugs documentation II (to incorporate into the Software-Update-Cycle procedure/documentation)
- Review, Update
- svg pictures have cuted text under some browsers
- CI (Update)
- deployment scenario:
- create testusers
- testing
- delete testusers
- regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
- Workshop - The List of open / running / unhandled bugs
x1 Arbitration case a20110312.1 Weak keys bug #918 / bug #954
- script needs 2nd review
- Ted code added
- NEO has made two changes, needs review (whitespaces, license code)
- next bundle package, transfer to critical team, Ted, but don't know how to
- instructions given by NEO, will be handled by Ted within the next upcoming days
- ||
bug #841 Problems on cert login || needs 2nd review - Ted, done
needs bundled || || - root certs req into join ?
- view / controller
- export complete sql statement ?
- function serial + issuer, returns id of email cert (advance server cert, org email, org server cert)
- next? NEO will check to get this updated
- update added to testserver, needs review, needs testing
x2 Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
- Next step(s) ?
current state on production system? table points: count(id) > 150 points ?
fix points < 0 and points > 150 in bug 827 ?
- missing: #959 2nd review
bug #959 - Diff http://git-cacert.it-sls.de/cgi-bin/gitweb.cgi?p=cacert-devel.git;a=blobdiff;f=www/wot.php;h=7fa572f6ce5cced08fa04fabd28b40a26ca09c9c;hb=f5cca0215ef95189fd24966e3260948605df0e5e;hpb=b24134a0a06df0855652457a28d8077e24a7a354
+ } elseif (intval($_POST['points']) < 0) {
- + $awarded = $newpoints = 0;
- yet included
- dirk to add note in bugtracker
- todo:
- Next step(s) ?
x3 Bug #637 and bug #963 : Weak Passwords - 2nd Review + deploy
- Overall result: Please evaluate if the session problem can be fixed!
- if password changed, cached info - reminder plz change pwd
- session reset and error messages in system log
new bug #963
- /includes/loggedin.php line 140 ff. to fix
- Ted: checked-in cacert-devel, added to testserver
- needs review, re-testing
- VBscript, Weak Keys script - awaiting dirks deployment
dirk
DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV
vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024)
Api CertEnroll (MS crypto provider)
new bug#964
- current state: test /account/4.php added to testserver
- Marcus will do detailed tests on Wed
- Review bugs under testing (finished testing?) (Review 2?)
needs 2nd review, not Micha -> Ted, done
Overall result: Please evaluate if the session problem can be fixed! (new bug #963) bug #835 Assurer challenge (on testserver)
asssigned to Ted, set to needs work, CATS to install on ca-mgr1
bug #942 CATS import (2)
complete re-test as of code changes
fully re-tested by 2 testers bug #943 change OA admin/assurer text
needs 2nd test -> Fabian, Marc, Alex
needs 2nd review -> Ted, rejected gpg keys expires 1970
tests started last week NEO: bug #841 Problems on cert login
needs 2nd review - Ted, done
needs bundled
NEO will check to get sql query extracted
needs pushing
pushed to testserver
Needs Review & testing
- to bundle, to deploy
NEO: bug #921 Privacy Policy cleanup
Marcus: 2nd test, finished
Dirk, Ted: 2nd review, finished
needs bundling to CT
needs 1 more test, needs 2nd review
2nd review: also check -x
tests done, 2nd review outstanding
dirk to add note in bugtracker
revoke keys deployment
next bundle package, transfer to critical team, Ted, but don't know how to - git pull
git diff origin/release...origin/bug-921>bug921.patch
- send to critical team by email (with template)
- link to bug, who reviewed, people to cc
- Review 1: review, add to cacert-devel, transfer to testserver
?
bug #955 Possibilty to change the sorting order for the organisation overview
?
bug #957 Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible
?
bug #963 session reset
Fixed Action Items since last or within meeting
Awaiting Response from Critical Team
Action Items New
Action items: Meeting Action Items
Software/Assessment/ActionItems
Marcus
cap.php review different languages, from meeting 2012-04-24, contact translators
uli
Experience points for ATE attendance
check board motions and/or trigger if not yet passed uli
Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18
current state: see Funding Landing Page All
1. next: strategy for "New Roots & Escrow" - using indirect crl's ?
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment dirk, Michael
3. next: strategy for "New Roots & Escrow" - how does debian work?
to contact, deferred to next events (?) Uli, Michael
Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png
Development, Deployment, Discussion
dirk Brian
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php)
new bug#964
current state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964 done.
proposal patch from Brian rcvd OAO, Ted
bug #943 change OA admin/assurer text
needs 2nd test -> Fabian, Marc, Alex?
/ needs 2nd review -> Ted, rejected uli, Ted
bug #824 Org User cert fix Case study
Organisation User Certificates: Need UI improvement for proper production usage
uli
bug #988 TTP cap form deployment Case study
sneak preview
for local testserver deployment only uli, ted
bug #823 email address removal fix
No warning when removing e-mail address from account that certificates will be revoked
checked by 4, needs 2nd review, deploy
rejected inopiae
bug #920 Join - single name only (eg Indonesian)
details under bug number
uli
bug #859 admin console interface
feature request: show activity on an account in the admin interface
rejected, certs login doesn't modify "modified" field All
bug #1034 files to remove from webdb
eg wot/14
Software Assessors: Review 1 / add to cacert-devel, add to testserver
Software-Assessors task
uli
bug #977 admin console text fix
admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue
Testing
Testers task
gagern
bug #440 Problem with subjectAltName (CSR, renew certs)
There seems to be a problem with the subjectAltName. Dupes, missing entries, and more
neo
bug #922 CAcert application code problem causing missing "certificate about to expire" messages
Ted
bug #835 Assurer challenge (on testserver)
needs testing
Michael
bug #1003 Provide a possibility to regularly review the permissions in the system
also bug #1038 Provide a script for board/tverify reset flags by arbitration a20110118.1
neo
bug #1025 Domain Dispute issue
disputes rc and rc2 var prob
Software Assessors: 2nd Review, Bundle Package to Critical Team
Software-Assessors task
uli, ted
bug #789 OA edit domain fix
Editing domain for organisations does not work
new update 2011-09-26
2 tests, needs 2nd review, deploy
more fixes, more testing6
uli
bug #967 OA isassurer check
Give an OA the opportunity to check if a designated Organisation Administrator is a CAcert assurer
neo
bug #978 Invalid SPKAC requests are not properly validated
recheck full certs signing procedures
duplicate report to bug#540 Michael
p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
uli, marcus: needs full cert create tests
duplicate report to bug#978 neo
bug #1024 Assurer flag is not set correctly on updatesort.php run
tested by 4, ok
dirk
bug #1023 Consolidate changes into the Assure Someone page
6.php global re-design project
assurance, wot area (Thawte points removal effective) inopiae
New layout of view for Organisation Administrators in account/id35
Software Assessors: Bundle Package to Critical Team
Software-Assessors task
Awaiting Response from Critical Team