. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110719-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110802-S-A-MiniTOP|next meeting]]'''
----
= Minutes of the MiniTOP on the 2011-07-26 =
== Setting ==
The MiniTOP will be held via telco 22:00 CEST
Attendees: dirk, uli, michael, alex, ted
== Topics ==
(skip to agenda)
Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
== Agenda ==
1. strategy plans ... next: strategy for "New Roots & Escrow"
1. idea: using indirect crl's ?
* 2 crl's needed, one valid, one invalid crl server
* more infos available ? who ?
1. build testserver with special certs
1. Magu, Michael to send instructions for test deployment
* indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5)
* meetings ago we've defined Testing requirements and a potential testszenario
* to remind every meeting
1. policy group: define requirements
* multimember escrow method ?
* needs risk analyze
* potential candidates ?
* Marcus to contacted Benedikt, will contact Thomas K
* Next step(s)
1. how does debian work ?
* defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
1. [[AGM/TeamReports/2011#Software-Assessment-Project|AGM reports 2010-2011]]
* Software-Assessment project team report finished, plz review
1. Documentation Bugs.cacert.org Review
* discussion about states to define, redefine
* bugs documentation I ([[Software/Assessment/Documentation/bugs|bugs handbook]])
* bugs documentation II (to incorporate into the [[Software/Assessment/Documentation|Software-Update-Cycle]] procedure/documentation)
* Review, Update
1. CI (Update)
* [[http://live.eclipse.org/node/1031|description to eclipse testpage]], [[http://adobedev.adobe.acrobat.com/p4101brizwr/|Webinar]]
1. Workshop - The List of open / running / unhandled bugs
1. x^1^ Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] / [[https://bugs.cacert.org/view.php?id=954|bug #954]]
* mail to ted to continue with arb case, adding to thread on arb case
* Next: script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]]
* on mailing the $reason had not been added into the mail, nor the specified wiki links, that were created for this mailing (see [[https://lists.cacert.org/wws/arc/cacert-support/2011-06/msg00072.html]])
* Remove Weak Certs is under deployment, testing
* Weak Certs script testing
* out of chroot, vulnkey out of chroot
* set delete date to 1970.. triggers cert revoke routine in client.pl
* needs review [[https://bugs.cacert.org/view.php?id=954|bug #954]]
* infos from critical team
* Current state:
* mailing sent
* keys revocation script not started
* Weak keys article not yet published
* weak keys: problems with cryptostick (to test at [[events/FrOSCon2011|Froscon]] with Juergen ?)
1. x^2^ [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
{{{
* in testing
* problems in counting found, missing points
* new commit by dirk, forwarded by NEO
* 80 pts counted, 100 countable ... problem
* new commit by dirk, forwarded by NEO
* pts problem seems to be solved, assurer challenge needed seems now to be ok
* Under testing: update
* Marc: thawte patch problem found 2147483647 assurance pts entered, 15.php displays 2147483647 pts
* Arbitration: exists values in points? limit 0-150 pts ? or no arbitration ? (discussion)
* problem fixed under bug 959
* Next step(s) ?
* current state on production system? table points: count(id) > 150 points ?
* fix points < 0 and points > 150 in bug 827 ?
}}}
1. x^3^ [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Weak Passwords - 2nd Review + deploy
{{{
* Pwd text removed, but reject pwd doesn't work, pwd can be set to weak pwd
* problem #1 at login, plz change, use old pwd works - fail
* problem #2 at join
* to include in ? checkpassword() in includes(general.php) ... add addtl. requirements there ?
* current: clear password in source code
* checkpassword() needs rewrite, but this is another issue, first we have to take care about the Fred pwd
* dictionary is still active grep current-pwd share/userdict
1. Fred... to add into checkpassword()
1. checkpassword() to add into login procedure
* pwd cannot be changed - new [[https://bugs.cacert.org/view.php?id=953|Bug# 953]] "After change of password change on account.php?id=14 does not meet requirements wrong redirect"
* SE reset pwd procedure doesn't take care about weak pwd
* Under testing: update
* Overall result: Please evaluate if the session problem can be fixed!
}}}
1. VBscript, Weak Keys script - awaiting dirks deployment
|| dirk || DEV: [[Arbitrations/a20110312.1|a20110312.1]] [[https://bugs.cacert.org/view.php?id=918|bug#918]] Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' || {-} ||
* vbscript needs to be improved with select box key size and lower limit to 2048 (based on [[https://wiki.mozilla.org/CA:MD5and1024]])
* Api CertEnroll (MS crypto provider)
1. Dirk '''reminder''' (from last meeting) assure someone patches (checkboxes)
|| Dirk || DEV: [[https://bugs.cacert.org/view.php?id=894|bug #894]] problems with check-boxes on website forms (Assure someone) -> [[Arbitrations/a20091118.3|a20091118.3]] || {0} ||
1. Review 1: review, add to cacert-devel, transfer to testserver
|| ? || [[https://bugs.cacert.org/view.php?id=955|bug #955]] Possibilty to change the sorting order for the organisation overview || {0} ||
|| ? || [[https://bugs.cacert.org/view.php?id=957|bug #957]] Resize the comment field on [[https://secure.cacert.org/account.php?id=27]] so more information is visible || {0} ||
1. Review bugs under testing (finished testing?) (Review 2?)
|| x^1^ [[https://bugs.cacert.org/view.php?id=918|bug #918]] and [[https://bugs.cacert.org/view.php?id=954|bug #954]] Weak keys || revoke keys deployment || {0} ||
|| x^2^ [[https://bugs.cacert.org/view.php?id=827|bug #827]] "Thawte" patch (still running)<
>related [[https://bugs.cacert.org/view.php?id=959|bug #959]] || needs 1 more test, needs 2nd review<
>2nd review: also check -x<
>tests done, 2nd review outstanding || {0} ||
|| x^3 [[https://bugs.cacert.org/view.php?id=637|bug #637]] weak password || needs 2nd review, not Micha -> Ted, done<
>Overall result: Please evaluate if the session problem can be fixed! || {o} ||
|| [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver) || asssigned to Ted, set to needs work, CATS to install on ca-mgr1 || {0} ||
|| [[https://bugs.cacert.org/view.php?id=942|bug #942]] CATS import (2) || complete re-test as of code changes<
>fully re-tested by 2 testers || {0} ||
|| [[https://bugs.cacert.org/view.php?id=943|bug #943]] change OA admin/assurer text || needs 2nd test -> Fabian, Marc, Alex<
>needs 2nd review -> Ted, rejected || {-} ||
|| [[https://bugs.cacert.org/view.php?id=911|bug #911]] || gpg keys expires 1970<
>tests started last week || {0} ||
1. to bundle, to deploy
|| [[https://bugs.cacert.org/view.php?id=921|bug #921]] Privacy Policy cleanup || Marcus: 2nd test, finished<
>Dirk, Ted: 2nd review, finished<
>needs bundling to CT || {0} ||
|| [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login || needs 2nd review - Ted, done<
>needs bundled || {0} ||
1. On hold
|| [[https://bugs.cacert.org/view.php?id=958|bug #958]] || ADS Challenge, awaiting response from board ||
1. Deployed, Finished
|| [[https://bugs.cacert.org/view.php?id=897|bug #897]] transfer text pages to wiki (points system) || Michael: to bundle to critical team<
>deployed, finished || {g} ||
|| [[https://bugs.cacert.org/view.php?id=948|bug #948]] SMTP protocol bug and fix || wait for 3rd tester ? or deploy?<
>removed space, no function destroyed<
>ready to deploy -> Micha<
>deployed, finished || {g} ||
1. next meeting: Tuesday, August 2, 2011 22:00
== Minutes ==
1. Sysadmin reset procedure - some discussion
1. [[AGM/TeamReports/2011#Software-Assessment-Project|AGM reports 2010-2011]]
* Software-Assessment project team report finished, plz review
* Weak keys / Weak passwords missing
1. Documentation Bugs.cacert.org Review
* discussion about states to define, redefine
* bugs documentation I ([[Software/Assessment/Documentation/bugs|bugs handbook]])
* bugs documentation II (to incorporate into the [[Software/Assessment/Documentation|Software-Update-Cycle]] procedure/documentation)
* Review, Update
* svg pictures have cuted text under some browsers
1. CI (Update)
* [[http://live.eclipse.org/node/1031|description to eclipse testpage]], [[http://adobedev.adobe.acrobat.com/p4101brizwr/|Webinar]]
* deployment scenario:
1. create testusers
1. testing
1. delete testusers
* regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
1. Workshop - The List of open / running / unhandled bugs
1. x^1^ Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] / [[https://bugs.cacert.org/view.php?id=954|bug #954]]
* script needs 2nd review
* Ted code added
* NEO has made two changes, needs review (whitespaces, license code)
1. [[http://git-cacert.it-sls.de/cgi-bin/gitweb.cgi?p=cacert-devel.git;a=commitdiff;=f0db9d78a5e3b22ec7aa1cbc86d6d8836bf3566f]]
1. [[http://git-cacert.it-sls.de/cgi-bin/gitweb.cgi?p=cacert-devel.git;a=commitdiff;=900d6e061e04c38ef72bbe73ac53d3f083eda01a]]
* next bundle package, transfer to critical team, Ted, but don't know how to
* instructions given by NEO, will be handled by Ted within the next upcoming days
1. || [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login || needs 2nd review - Ted, done<
>needs bundled || {0} ||
* root certs req into join ?
* view / controller
* export complete sql statement ?
* function serial + issuer, returns id of email cert (advance server cert, org email, org server cert)
* next? NEO will check to get this updated
* update added to testserver, needs review, needs testing
1. x^2^ [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
* Next step(s) ?
* current state on production system? table points: count(id) > 150 points ?
* fix points < 0 and points > 150 in bug 827 ?
* missing: #959 2nd review
* [[https://bugs.cacert.org/view.php?id=959|bug #959]] - Diff [[http://git-cacert.it-sls.de/cgi-bin/gitweb.cgi?p=cacert-devel.git;a=blobdiff;f=www/wot.php;h=7fa572f6ce5cced08fa04fabd28b40a26ca09c9c;hb=f5cca0215ef95189fd24966e3260948605df0e5e;hpb=b24134a0a06df0855652457a28d8077e24a7a354]]
* + } elseif (intval($_POST['points']) < 0) {
* + $awarded = $newpoints = 0;
* yet included
* dirk to add note in bugtracker
* todo:
1. NEO: 2nd review of [[https://bugs.cacert.org/view.php?id=827|Bug# 827]]
1. NEO: bundling [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] to critical team
1. x^3^ [[https://bugs.cacert.org/view.php?id=637|Bug #637]] and [[https://bugs.cacert.org/view.php?id=963|bug #963]] : Weak Passwords - 2nd Review + deploy
* Overall result: Please evaluate if the session problem can be fixed!
* if password changed, cached info - reminder plz change pwd
* session reset and error messages in system log
* new [[https://bugs.cacert.org/view.php?id=963|bug #963]]
* /includes/loggedin.php line 140 ff. to fix
* Ted: checked-in cacert-devel, added to testserver
* needs review, re-testing
1. VBscript, Weak Keys script - awaiting dirks deployment
|| dirk || DEV: [[Arbitrations/a20110312.1|a20110312.1]] [[https://bugs.cacert.org/view.php?id=918|bug#918]] Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' || {-} ||
* vbscript needs to be improved with select box key size and lower limit to 2048 (based on [[https://wiki.mozilla.org/CA:MD5and1024]])
* Api CertEnroll (MS crypto provider)
* new [[https://bugs.cacert.org/view.php?id=964|bug#964]]
* current state: test /account/4.php added to testserver
* Marcus will do detailed tests on Wed
1. Review bugs under testing (finished testing?) (Review 2?)
|| x^3 [[https://bugs.cacert.org/view.php?id=637|bug #637]] and [[https://bugs.cacert.org/view.php?id=963|bug #963]] weak password || needs 2nd review, not Micha -> Ted, done<
>Overall result: Please evaluate if the session problem can be fixed! (new [[https://bugs.cacert.org/view.php?id=963|bug #963]]) || {0} ||
|| [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver) || asssigned to Ted, set to needs work, CATS to install on ca-mgr1 || {0} ||
|| [[https://bugs.cacert.org/view.php?id=942|bug #942]] CATS import (2) || complete re-test as of code changes<
>fully re-tested by 2 testers || {0} ||
|| [[https://bugs.cacert.org/view.php?id=943|bug #943]] change OA admin/assurer text || needs 2nd test -> Fabian, Marc, Alex<
>needs 2nd review -> Ted, rejected || {-} ||
|| [[https://bugs.cacert.org/view.php?id=911|bug #911]] || gpg keys expires 1970<
>tests started last week || {0} ||
|| NEO: [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login || needs 2nd review - Ted, done<
>needs bundled<
>NEO will check to get sql query extracted<
>needs pushing<
>pushed to testserver<
>Needs Review & testing || {0} ||
1. to bundle, to deploy
|| NEO: [[https://bugs.cacert.org/view.php?id=921|bug #921]] Privacy Policy cleanup || Marcus: 2nd test, finished<
>Dirk, Ted: 2nd review, finished<
>needs bundling to CT || {g} ||
|| x^2^ [[https://bugs.cacert.org/view.php?id=827|bug #827]] "Thawte" patch (still running)<
>related [[https://bugs.cacert.org/view.php?id=959|bug #959]] || needs 1 more test, needs 2nd review<
>2nd review: also check -x<
>tests done, 2nd review outstanding<
>dirk to add note in bugtracker || {b} ||
|| Ted: x^1^ [[https://bugs.cacert.org/view.php?id=918|bug #918]] and [[https://bugs.cacert.org/view.php?id=954|bug #954]] Weak keys || revoke keys deployment<
>next bundle package, transfer to critical team, Ted, but don't know how to || {b} ||
* git pull
* git diff origin/release...origin/bug-921>bug921.patch
* send to critical team by email (with template)
* link to bug, who reviewed, people to cc
1. Review 1: review, add to cacert-devel, transfer to testserver
|| ? || [[https://bugs.cacert.org/view.php?id=955|bug #955]] Possibilty to change the sorting order for the organisation overview || {0} ||
|| ? || [[https://bugs.cacert.org/view.php?id=957|bug #957]] Resize the comment field on [[https://secure.cacert.org/account.php?id=27]] so more information is visible || {0} ||
|| ? || [[https://bugs.cacert.org/view.php?id=963|bug #963]] session reset || {g} ||
==== Fixed Action Items since last or within meeting ====
===== Awaiting Response from Critical Team =====
|| Michael || [[https://bugs.cacert.org/view.php?id=948|bug #948]] SMTP protocol bug and fix (T) || wait for 3rd tester ? or deploy? / removed space, no function destroyed / ready to deploy -> Micha || {g} ||
|| Michael || [[https://bugs.cacert.org/view.php?id=897|bug #897]] transfer text pages to wiki (points system) (T) || Michael: to bundle to critical team || {g} ||
----
==== Action Items New ====
Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
<>
----
. CategorySoftwareAssessment