Minutes of the MiniTOP on the 2011-07-26

Setting

The MiniTOP will be held via telco 22:00 CEST

Attendees: dirk, uli, michael, alex, ted

Topics

(skip to agenda)

Action items from last meeting Meeting Action Items

Agenda

  1. strategy plans ... next: strategy for "New Roots & Escrow"

    1. idea: using indirect crl's ?
      • 2 crl's needed, one valid, one invalid crl server
      • more infos available ? who ?
        1. build testserver with special certs
        2. Magu, Michael to send instructions for test deployment
      • meetings ago we've defined Testing requirements and a potential testszenario
      • to remind every meeting
    2. policy group: define requirements
      • multimember escrow method ?
        • needs risk analyze
        • potential candidates ?
          • Marcus to contacted Benedikt, will contact Thomas K
          • Next step(s)
    3. how does debian work ?
      • defered to Froscon (end of Aug), CCCcamp (around Aug 10th)

  2. AGM reports 2010-2011

    • Software-Assessment project team report finished, plz review
  3. Documentation Bugs.cacert.org Review
    • discussion about states to define, redefine

    • bugs documentation I (bugs handbook)

    • bugs documentation II (to incorporate into the Software-Update-Cycle procedure/documentation)

    • Review, Update
  4. CI (Update)
  5. Workshop - The List of open / running / unhandled bugs

    1. x1 Arbitration case a20110312.1 Weak keys bug #918 / bug #954

      • mail to ted to continue with arb case, adding to thread on arb case

      • Next: script to bulk revoke weak keys, new bug #954

      • on mailing the $reason had not been added into the mail, nor the specified wiki links, that were created for this mailing (see https://lists.cacert.org/wws/arc/cacert-support/2011-06/msg00072.html)

      • Remove Weak Certs is under deployment, testing
      • Weak Certs script testing
      • out of chroot, vulnkey out of chroot
      • set delete date to 1970.. triggers cert revoke routine in client.pl

      • needs review bug #954

      • infos from critical team
      • Current state:
        • mailing sent
        • keys revocation script not started
        • Weak keys article not yet published

        • weak keys: problems with cryptostick (to test at Froscon with Juergen ?)

    2. x2 Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy 

      •     * in testing
    * problems in counting found, missing points
    * new commit by dirk, forwarded by NEO
    * 80 pts counted, 100 countable ... problem
    * new commit by dirk, forwarded by NEO
    * pts problem seems to be solved, assurer challenge needed seems now to be ok
    * Under testing: update
    * Marc: thawte patch problem found 2147483647 assurance pts entered, 15.php displays 2147483647 pts
     * Arbitration: exists values in points? limit 0-150 pts ? or no arbitration ?  (discussion)
    * problem fixed under bug 959
    * Next step(s) ?
     * current state on production system? table points: count(id) > 150 points ?
     * fix points < 0 and points > 150 in bug 827 ?

    3. x3 Bug #637: Weak Passwords - 2nd Review + deploy 

      •     * Pwd text removed, but reject pwd doesn't work, pwd can be set to weak pwd
    * problem #1 at login, plz change, use old pwd works - fail
    * problem #2 at join
    * to include in ? checkpassword() in includes(general.php) ... add addtl. requirements there ?
    * current: clear password in source code
    * checkpassword() needs rewrite, but this is another issue, first we have to take care about the Fred pwd
    * dictionary is still active grep current-pwd share/userdict
     1. Fred... to add into checkpassword()
     1. checkpassword() to add into login procedure
    * pwd cannot be changed - new [[https://bugs.cacert.org/view.php?id=953|Bug# 953]] "After change of password change on account.php?id=14 does not meet requirements wrong redirect"
    * SE reset pwd procedure doesn't take care about weak pwd
    * Under testing: update
    * Overall result: Please evaluate if the session problem can be fixed!
    4. VBscript, Weak Keys script - awaiting dirks deployment

    5. Dirk reminder (from last meeting) assure someone patches (checkboxes)

      • Dirk

        DEV: bug #894 problems with check-boxes on website forms (Assure someone) -> a20091118.3

        {0}

    6. Review 1: review, add to cacert-devel, transfer to testserver
    7. Review bugs under testing (finished testing?) (Review 2?)

      • x1 bug #918 and bug #954 Weak keys

        revoke keys deployment

        {0}

        x2 bug #827 "Thawte" patch (still running)
        related bug #959

        needs 1 more test, needs 2nd review
        2nd review: also check -x
        tests done, 2nd review outstanding

        {0}

        x^3 bug #637 weak password

        needs 2nd review, not Micha -> Ted, done
        Overall result: Please evaluate if the session problem can be fixed!

        {o}

        bug #835 Assurer challenge (on testserver)

        asssigned to Ted, set to needs work, CATS to install on ca-mgr1

        {0}

        bug #942 CATS import (2)

        complete re-test as of code changes
        fully re-tested by 2 testers

        {0}

        bug #943 change OA admin/assurer text

        needs 2nd test -> Fabian, Marc, Alex
        needs 2nd review -> Ted, rejected

        {-}

        bug #911

        gpg keys expires 1970
        tests started last week

        {0}

    8. to bundle, to deploy

      • bug #921 Privacy Policy cleanup

        Marcus: 2nd test, finished
        Dirk, Ted: 2nd review, finished
        needs bundling to CT

        {0}

        bug #841 Problems on cert login

        needs 2nd review - Ted, done
        needs bundled

        {0}

    9. On hold

      • bug #958

        ADS Challenge, awaiting response from board

    10. Deployed, Finished

      • bug #897 transfer text pages to wiki (points system)

        Michael: to bundle to critical team
        deployed, finished

        {g}

        bug #948 SMTP protocol bug and fix

        wait for 3rd tester ? or deploy?
        removed space, no function destroyed
        ready to deploy -> Micha
        deployed, finished

        {g}

  6. next meeting: Tuesday, August 2, 2011 22:00

Minutes

  1. Sysadmin reset procedure - some discussion

  2. AGM reports 2010-2011

    • Software-Assessment project team report finished, plz review
    • Weak keys / Weak passwords missing
  3. Documentation Bugs.cacert.org Review
    • discussion about states to define, redefine

    • bugs documentation I (bugs handbook)

    • bugs documentation II (to incorporate into the Software-Update-Cycle procedure/documentation)

    • Review, Update
    • svg pictures have cuted text under some browsers
  4. CI (Update)

    • description to eclipse testpage, Webinar

    • deployment scenario:
      1. create testusers
      2. testing
      3. delete testusers
    • regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
  5. Workshop - The List of open / running / unhandled bugs

    1. x1 Arbitration case a20110312.1 Weak keys bug #918 / bug #954

    2. ||

      bug #841 Problems on cert login || needs 2nd review - Ted, done
      needs bundled || {0} ||

      • root certs req into join ?
      • view / controller
      • export complete sql statement ?
      • function serial + issuer, returns id of email cert (advance server cert, org email, org server cert)
      • next? NEO will check to get this updated
      • update added to testserver, needs review, needs testing

    3. x2 Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy

    4. x3 Bug #637 and bug #963 : Weak Passwords - 2nd Review + deploy

      • Overall result: Please evaluate if the session problem can be fixed!
      • if password changed, cached info - reminder plz change pwd
      • session reset and error messages in system log

      • new bug #963

        • /includes/loggedin.php line 140 ff. to fix
        • Ted: checked-in cacert-devel, added to testserver
        • needs review, re-testing
    5. VBscript, Weak Keys script - awaiting dirks deployment

      • dirk

        DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV

        {-}

      • vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024)

      • Api CertEnroll (MS crypto provider)

      • new bug#964

        • current state: test /account/4.php added to testserver
        • Marcus will do detailed tests on Wed
    6. Review bugs under testing (finished testing?) (Review 2?)

      • x^3 bug #637 and bug #963 weak password

        needs 2nd review, not Micha -> Ted, done
        Overall result: Please evaluate if the session problem can be fixed! (new bug #963)

        {0}

        bug #835 Assurer challenge (on testserver)

        asssigned to Ted, set to needs work, CATS to install on ca-mgr1

        {0}

        bug #942 CATS import (2)

        complete re-test as of code changes
        fully re-tested by 2 testers

        {0}

        bug #943 change OA admin/assurer text

        needs 2nd test -> Fabian, Marc, Alex
        needs 2nd review -> Ted, rejected

        {-}

        bug #911

        gpg keys expires 1970
        tests started last week

        {0}

        NEO: bug #841 Problems on cert login

        needs 2nd review - Ted, done
        needs bundled
        NEO will check to get sql query extracted
        needs pushing
        pushed to testserver
        Needs Review & testing

        {0}

    7. to bundle, to deploy

      • NEO: bug #921 Privacy Policy cleanup

        Marcus: 2nd test, finished
        Dirk, Ted: 2nd review, finished
        needs bundling to CT

        {g}

        x2 bug #827 "Thawte" patch (still running)
        related bug #959

        needs 1 more test, needs 2nd review
        2nd review: also check -x
        tests done, 2nd review outstanding
        dirk to add note in bugtracker

        {b}

        Ted: x1 bug #918 and bug #954 Weak keys

        revoke keys deployment
        next bundle package, transfer to critical team, Ted, but don't know how to

        {b}

        • git pull

        • git diff origin/release...origin/bug-921>bug921.patch

        • send to critical team by email (with template)
        • link to bug, who reviewed, people to cc
    8. Review 1: review, add to cacert-devel, transfer to testserver

Fixed Action Items since last or within meeting

Awaiting Response from Critical Team

Action Items New

Action items: Meeting Action Items

Software/Assessment/ActionItems

Development, Deployment, Discussion

  • OAO, Ted

    bug #943 change OA admin/assurer text

    needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected

    {-}

    uli, Ted

    bug #824 Org User cert fix Case study

    Organisation User Certificates: Need UI improvement for proper production usage

    {0}

    uli, ted

    bug #823 email address removal fix

    No warning when removing e-mail address from account that certificates will be revoked
    checked by 4, needs 2nd review, deploy
    rejected

    {-}

    inopiae

    bug #920 Join - single name only (eg Indonesian)

    details under bug number

    {0}

    uli

    bug #859 admin console interface

    feature request: show activity on an account in the admin interface
    rejected, certs login doesn't modify "modified" field

    {r}

    Michael

    bug #540

    p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
    uli, marcus: needs full cert create tests
    duplicate report to bug#978
    tested by 3, 2nd review done, transfered
    Ken reported: still has problems, bug kept open

    {0}

    gagern, NEO

    bug #440 Problem with subjectAltName (CSR, renew certs)

    There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development

    {r}

    neo

    bug #1025 Domain Dispute issue

    disputes rc and rc2 var prob
    needs work

    {r}

    dirk

    bug #1054 0001054: Review the code regarding the new point calculation

    Thawte patch part II
    needs further work

    {r}

Software Assessors: Review 1 / add to cacert-devel, add to testserver

  • Software-Assessors task

Testing

  • Testers task

    neo

    bug #1004 Stats page improvement

    tested by 2, needs 2nd review

    {0}

    neo

    Bugs #1159 it might be possible to execute commands on the signing server

    {0}

    inopiae

    bug #1065 Wrong wording when sending mails during the assurance process

    {0}

    inopiae

    bug #1162 calcutate (the passwords) hash in php instead of in mysql

    create test scenarios for the software testers /!\
    Full testing /!\

    {0}

    inopiae

    bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails

    {0}

    inopiae

    bug #988 TTP cap form deployment

    {0}

Software Assessors: 2nd Review, Bundle Package to Critical Team

  • Software-Assessors task

    Ted

    bug #500 Get contact mail adress after resolving test

    tested by 3, requires review

    {0}

    Ted

    bug #1140 Show if a test is passed in learnprogress

    tested by 3, requires review

    {0}

    magu

    bug #1131 Rename _all_ Policies from .php to .html and fix all links

    global policy directory maintenance and update

    {0}

    inopiae

    bug #1010 Reorder the view on organisation certificates

    tested by 3

    {0}

Software Assessors: Bundle Package to Critical Team

  • Software-Assessors task

    inopiae

    bug #1139 Add new fields to the database

    tests through #500 and #1140, 2nd review done, requires transfer

    {0}

Awaiting Response from Critical Team

  • inopiae

    bug #411 Wrong text is made into link

    {g}

Software/Assessment/20110726-S-A-MiniTOP (last edited 2011-09-23 00:01:07 by UlrichSchroeter)