• Software
• Assessment
• 20110809-S-A-MiniTOP

• To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting

Minutes of the MiniTOP on the 2011-08-09

Setting

The MiniTOP will be held via telco 22:00 CEST

Attendees: dirk, Marcus, Uli, (Fabian), Michael

Topics

(skip to agenda)

Action items from last meeting Meeting Action Items

Agenda

1. Workshop - The List of open / running / unhandled bugs - Part I
   • Working Session - Action Items to start

     1. x⁴ bug #841 Problems on cert login

        • needs 2nd review - Ted, done
          needs bundling, done

        • NEO: did restructuring (sql query to subroutine), (Update 2011-07-26), re-tested, reviewed
        • needs bundling
     2. annoying gpg bug #911

        • bug #911 gpg bug

          gpg keys expires 1970 tests started 2 weeks ago needs review, deploy

2. Needs development, deployment, discussion
   1. Advertising

      • bug #958

        ADS Challenge, Advertising

      • CAcertInc/LogosForSale/Rules wiki link exist

      • "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logo

        • 

      • "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logos 40px

        • 

      • "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logos 60px

        • 

      • https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/bid.png

      • https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/BuyMe.png

      • https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/LogoForSale.png

      • https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/MonthlyAuction.png

      • https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/bid40.png

      • https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/BuyMe40.png

      • https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/LogoForSale40.png

      • https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/MonthlyAuction40.png

      • https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/bid60.png

      • https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/BuyMe60.png

      • https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/LogoForSale60.png

      • https://svn.cacert.org/CAcert/Events/Public/pics/ADS/default/MonthlyAuction60.png

      • wiki links

        • ads1 ADS1

        • ads2 ADS2

        • ads3 ADS3

        • ads4 ADS4

   2. VBscript for Vista/Win7 (select keysize >= 1024)

      • x1 Dirk, new bug#964 DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV

        current state: test /account/4.php added to testserver Marcus will do detailed tests on Wed some references added to bug#964

      • as part of

      • x¹ Arbitration case a20110312.1 Weak keys bug #918 / bug #954 / bug#964

      • Current state:

        • 	pre mailing sent
          	keys revocation script to bulk revoke weak keys, new bug #954, finished
          	dirk: DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024) Api CertEnroll (MS crypto provider) new bug#964 current state: test /account/4.php added to testserver Marcus will do detailed tests on Wed some references added to bug#964
          	Weak keys blog post, published
          	Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30)
          	weak keys: problems with cryptostick (to test at Froscon with Juergen ?)

      • cert enroll infos under bug#964

      • vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation

        • http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx

3. AGM reports 2010-2011

   • Software-Assessment project team report finished, plz review
   • Weak keys / Weak passwords missing
   • Sections added:
     • Weak Keys / Weak Passwords Arbitration cases
     • The Software-Testteam
     • Software-Assessment Documentation
     • Statistics
     • Summary
4. Thawte Patch - PR strategy

   1. x² Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy

      • bug #959 deployed

      • bug #827 awaiting response from critical team

      • next steps:
        • preparing PR, support
5. Documentation Bugs.cacert.org Review
   • discussion about states to define, redefine

   • bugs documentation I (bugs handbook)

   • bugs documentation II (to incorporate into the Software-Update-Cycle procedure/documentation)

   • Review, Update
   • svg pictures have cuted text under some browsers
     • u60: cant get it scaled
     • Neo: added png files
     • u60: problem persists

Unhandled Agenda Items from last meeting

1. PRO

   • question from board -> PR officer

   • request to Alex
   • support from all
   • Board meeting was 2011-08-07, but no PR officer nominated/appointed
2. Workshop - The List of open / running / unhandled bugs

   1. Dirk reminder (from last meeting) assure someone patches (checkboxes)

      • Dirk

        DEV: bug #894 problems with check-boxes on website forms (Assure someone) -> a20091118.3

   2. Bugs under testing:

      • Dirk, Michael, Ted	bug #957 Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible
        Dirk, Michael, Ted	bug #965 0000965: Outsource / fix Webdb text pages id=12, 13

   3. Review bugs under testing (finished testing?) (Review 2?)

      • bug #910 Outsource board member list	from Webdb to wiki (id=8) (Part II)
        bug #955 change sort order Orga list	Possibilty to change the sorting order for the organisation overview

   4. (review), to bundle, to deploy

      • bug #940 help* to wiki

        Outsource Webdb text pages help.php?id=0..9 to wiki needs review, deploy

   5. Needs review, transfer to Critical team

      1. x⁴ bug #841 Problems on cert login

         • needs 2nd review - Ted, done
           needs bundling, done

         • NEO: did restructuring (sql query to subroutine), (Update 2011-07-26)
         • needs re-tested
         • needs 2nd review, bundling

           • => Ted on Wed, not done

         x4 NEO: bug #841 Problems on cert login

         needs 2nd review - Ted, done needs bundled NEO will check to get sql query extracted needs pushing pushed to testserver Needs Review & testing

   6. Needs development, deployment, discussion

      1. bug #835 Assurer challenge (on testserver)

         bug #835 Assurer challenge (on testserver)

         asssigned to Ted, set to needs work, CATS to install on ca-mgr1

      2. bug #943 change OA admin/assurer text

         • bug #943 change OA admin/assurer text

           -> Ted, rejected, needs comment from OAO

         • webdb names OrgAdmins as OrgAssurers and names OrgAssurers as OrgAdmins.

         • patch takes account about this issue
         • problem with menu link Org Admin .. is Org Assurers menu
           • but this menu includes one addtl. link "View" that is available for Org Admins
             • and Org Admins with master flag to add new admins

           • master flag is not described in OAP

           • addtl master flag to revoke ?
           • rename to "Org Administration"

           • don't show menu to OrgAdmins

      3. bug #966

         • tests ok, but the question is, is OrgAdmin allowed to remove other admins ? yes or no?

         • current scenario doesn't allow removal of other admin
         • NEO: reset testserver state to fix state before bugfix
         • NEO: re-add bug 966 to testserver
         • bug needs more work, selection currently clashes with language setting (Delete != Löschen)
         • general problem in /pages/account.php with process variable, transfer of "cancel" pushes any action
         • potential workaround to fix all "Cancel" requests available

           • read https://bugs.cacert.org/view.php?id=966#c2287

   7. Still awaiting response from Critical team

      • x2 bug #827 "Thawte" patch (still running) related bug #959

        needs 1 more test, needs 2nd review 2nd review: also check -x tests done, 2nd review outstanding

      • x² Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy

      • todo:

        1. NEO: 2nd review of Bug# 827

        2. NEO: bundling Bug# 827 and bug #959 to critical team

      • bug #959 deployed

      • 2nd review and bundling by Ted
        • bundling instruction to critical team, deploy 15.php, and 7 days later 10.php
      • awaiting response from critical team

3. strategy plans ... next: strategy for "New Roots & Escrow"

   1. idea: using indirect crl's ?
      • 2 crl's needed, one valid, one invalid crl server
      • more infos available ? who ?
        1. build testserver with special certs
        2. Magu, Michael to send instructions for test deployment

           • indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5)

      • meetings ago we've defined Testing requirements and a potential testszenario
      • to remind every meeting
   2. policy group: define requirements
      • multimember escrow method ?
        • needs risk analyze
        • potential candidates ?
          • Marcus to contacted Benedikt, will contact Thomas K
          • Next step(s)
   3. how does debian work ?
      • defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
4. CI (Update)

   • description to eclipse testpage, Webinar

   • deployment scenario:
     1. create testusers
     2. testing
     3. delete testusers
   • regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
   • reminder
5. next meeting: Tuesday, August 16, 2011 22:00

Minutes

1. Working session
   • Dirk: to handle bug #911 ?
   • has no working environment to handle transfers to critical team
2. Advertising
   • current 3 (4) places
     1. top, right CAcert logo
     2. right, below menu (text advertisement)
     3. menu footer (Bit, Tunix)
     4. google ads, nobody knows about
        • google new ads program with challenge

        • http://www.cocomore.de/das-neue-google-adwords-zertifikat-%E2%80%93-wir-haben-es

        • http://adwords.google.com/

        • http://google.de/adsense/ - needs google account

          • ad client id: pab.*9860, email adress is needed
          • addtl. pin number ?
          • board member to write email request to Robert, Philipp, Philpp, Teus, ernie
          • contact google?
          • account recovery?
   • logo height max 62 px
     • u60: added logos 40px + 60px

     • add new wiki pages ads1 .. ads4

     • add new wiki page ads5 with refresh parameter for external url redirect

       • source: http://moinmo.in/HelpOnProcessingInstructions

       • but currently not working, needs wiki admin: edit moinmoin config to enable external redirection

   • addtl logos series B under CAcertInc/LogosForSale

3. VBscript for Vista/Win7 (select keysize >= 1024)

   • x1 Dirk, new bug#964 DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV

     current state: test /account/4.php added to testserver Marcus will do detailed tests on Wed some references added to bug#964

     • Marcus: added notes for Win7 https://bugs.cacert.org/view.php?id=964#c2249

4. AGM team report

   • new items
     1. Weak Keys / Weak Passwords Arbitration cases
     2. The Software-Testteam
     3. Software-Assessment Documentation
     4. Statistics
     5. Summary
   • so far so good
5. Thawte Patch - PR strategy

   1. x² Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy

      • bug #959 deployed

      • bug #827 awaiting response from critical team

      • next steps:
        • preparing PR, support
   2. if the patch goes active, this needs support
      • wiki faq (existing page? thawte topic?)

      • blog (-> alex)

        • mailing list
        • press release? probably not at this state
      • Support: could be better, but is ok
        • Triage: where to forward Thawte patch requests?
        • add to Support team meeting agenda
6. Documentation Bugs.cacert.org Review

   • bugs documentation I (bugs handbook)

   • bugs documentation II (to incorporate into the Software-Update-Cycle procedure/documentation)

   • svg pictures have cuted text under some browsers
     • u60: cant get it scaled
     • Neo: added png files
     • u60: problem persists
     • u60 + Neo, both using Inkscape, cuted text cannot be corrected with Inkscape
     • u60 will try other solutions
     • still on the action items list, but not to put on the agenda again

Fixed Action Items since last or within meeting

• Michael	bug #942 CATS import (2)	complete re-test as of code changes, tested
  Michael	bug #953 from bundle: bug #637 and bug #963 weak password and bug #953 failure on pwd change redirect	needs 2nd review, not Micha -> Ted, done Overall result: Please evaluate if the session problem can be fixed! (new bug #963) session problem seems to be fixed
  Michael	bug #963 from bundle: bug #637 and bug #963 weak password and bug #953 failure on pwd change redirect	needs 2nd review, not Micha -> Ted, done Overall result: Please evaluate if the session problem can be fixed! (new bug #963) session problem seems to be fixed

Action Items New

• uli

  bug #966 bug needs more work, selection currently clashes with language setting (Delete != Löschen) general problem in /pages/account.php with process variable, transfer of "cancel" pushes any action potential workaround to fix all "Cancel" requests available read https://bugs.cacert.org/view.php?id=966#c2287 and attached fix

Action items: Meeting Action Items

• CategorySoftwareAssessment