To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting
Minutes of the MiniTOP on the 2011-08-16
Setting
The MiniTOP will be held via telco 22:00 CEST
Attendees: dirk, magu, uli, alex, Michael
Topics
(skip to agenda)
Action items from last meeting Meeting Action Items
Software/Assessment/ActionItems
Marcus
cap.php review different languages, from meeting 2012-04-24, contact translators
uli
Experience points for ATE attendance
check board motions and/or trigger if not yet passed
uli
Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18
current state: see Funding Landing Page All
1. next: strategy for "New Roots & Escrow" - using indirect crl's ?
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment dirk, Michael
3. next: strategy for "New Roots & Escrow" - how does debian work?
to contact, deferred to next events (?)
Uli, Michael
Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png
Development, Deployment, Discussion
dirk Brian
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php)
new bug#964
current state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964 done.
proposal patch from Brian rcvd OAO, Ted
bug #943 change OA admin/assurer text
needs 2nd test -> Fabian, Marc, Alex?
/ needs 2nd review -> Ted, rejected 
uli, Ted
bug #824 Org User cert fix Case study
Organisation User Certificates: Need UI improvement for proper production usage
uli
bug #988 TTP cap form deployment Case study
sneak preview
for local testserver deployment only uli, ted
bug #823 email address removal fix
No warning when removing e-mail address from account that certificates will be revoked
checked by 4, needs 2nd review, deploy
rejected inopiae
bug #920 Join - single name only (eg Indonesian)
details under bug number
uli
bug #859 admin console interface
feature request: show activity on an account in the admin interface
rejected, certs login doesn't modify "modified" field All
bug #1034 files to remove from webdb
eg wot/14
Software Assessors: Review 1 / add to cacert-devel, add to testserver
Software-Assessors task
uli
bug #977 admin console text fix
admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue
Testing
Testers task
gagern
bug #440 Problem with subjectAltName (CSR, renew certs)
There seems to be a problem with the subjectAltName. Dupes, missing entries, and more
neo
bug #922 CAcert application code problem causing missing "certificate about to expire" messages
Ted
bug #835 Assurer challenge (on testserver)
needs testing
Michael
bug #1003 Provide a possibility to regularly review the permissions in the system
also bug #1038 Provide a script for board/tverify reset flags by arbitration a20110118.1
neo
bug #1025 Domain Dispute issue
disputes rc and rc2 var prob
Software Assessors: 2nd Review, Bundle Package to Critical Team
Software-Assessors task
uli, ted
bug #789 OA edit domain fix
Editing domain for organisations does not work
new update 2011-09-26
2 tests, needs 2nd review, deploy
more fixes, more testing6
uli
bug #967 OA isassurer check
Give an OA the opportunity to check if a designated Organisation Administrator is a CAcert assurer
neo
bug #978 Invalid SPKAC requests are not properly validated
recheck full certs signing procedures
duplicate report to bug#540 Michael
p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
uli, marcus: needs full cert create tests
duplicate report to bug#978 neo
bug #1024 Assurer flag is not set correctly on updatesort.php run
tested by 4, ok
dirk
bug #1023 Consolidate changes into the Assure Someone page
6.php global re-design project
assurance, wot area (Thawte points removal effective) inopiae
New layout of view for Organisation Administrators in account/id35
Software Assessors: Bundle Package to Critical Team
Software-Assessors task
Awaiting Response from Critical Team
Agenda
- Workshop - The List of open / running / unhandled bugs - Part I
- Working Session - Action Items to start
VBscript for Vista/Win7 (select keysize >= 1024)
x1 Dirk, new bug#964
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEVcurrent state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964 - as part of
x1 Arbitration case a20110312.1 Weak keys bug #918 / bug #954 / bug#964
- Current state:
-
pre mailing sent
keys revocation script to bulk revoke weak keys, new bug #954, finished
dirk: DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV
vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024)
Api CertEnroll (MS crypto provider)
new bug#964
current state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964 Weak keys blog post, published
Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30)
weak keys: problems with cryptostick (to test at Froscon with Juergen ?)
cert enroll infos under bug#964
vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation
http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx
Marcus: added notes for Win7 https://bugs.cacert.org/view.php?id=964#c2249
- Needs development, deployment, discussion
- Advertising
ADS Challenge, Advertising
CAcertInc/LogosForSale/Rules wiki link exist
- "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logo
- Logos and Links exist, needs deployment to testserver
- google ads, nobody knows about
http://google.de/adsense/ - needs google account
- ad client id: pab.*9860, email adress is needed
- board member to write email request to Robert, Philipp, Philpp, Teus, ernie
- contact google?
- account recovery?
- Advertising
- Thawte Patch - PR strategy
x2 Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
bug #959 deployed
bug #827 awaiting response from critical team
- next steps:
- preparing PR, support
- report from Wytze, Hans: review, rebundle
- if the patch goes active, this needs support
- wiki faq (existing page? thawte topic?)
blog (-> alex)
- mailing list
- press release? probably not at this state
- Support: could be better, but is ok
- Triage: where to forward Thawte patch requests?
- add to Support team meeting agenda
- PRO
question from board -> PR officer
- request to Alex
- support from all
- Board meeting was 2011-08-07, but no PR officer nominated/appointed
- Workshop - The List of open / running / unhandled bugs - Part II
Dirk reminder (from last meeting) assure someone patches (checkboxes)
Dirk
DEV: bug #894 problems with check-boxes on website forms (Assure someone) -> a20091118.3
- Bugs under testing:
Dirk, Michael, Ted
bug #957 Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible
Dirk, Michael, Ted
bug #965 0000965: Outsource / fix Webdb text pages id=12, 13
- Review bugs under testing (finished testing?) (Review 2?)
- (review), to bundle, to deploy
bug #940 help* to wiki
Outsource Webdb text pages help.php?id=0..9 to wiki
needs review, deploy
- Needs review, transfer to Critical team
x4 bug #841 Problems on cert login
needs 2nd review - Ted, done
needs bundling, done- NEO: did restructuring (sql query to subroutine), (Update 2011-07-26)
- needs re-tested
- needs 2nd review, bundling
=> Ted on Wed, not done
x4 NEO: bug #841 Problems on cert login
needs 2nd review - Ted, done
needs bundled
NEO will check to get sql query extracted
needs pushing
pushed to testserver
Needs Review & testing
- Needs development, deployment, discussion
bug #835 Assurer challenge (on testserver)
bug #835 Assurer challenge (on testserver)
asssigned to Ted, set to needs work, CATS to install on ca-mgr1
bug #943 change OA admin/assurer text
bug #943 change OA admin/assurer text
-> Ted, rejected, needs comment from OAO
webdb names OrgAdmins as OrgAssurers and names OrgAssurers as OrgAdmins.
- patch takes account about this issue
- problem with menu link Org Admin .. is Org Assurers menu
- but this menu includes one addtl. link "View" that is available for Org Admins
- and Org Admins with master flag to add new admins
master flag is not described in OAP
- addtl master flag to revoke ?
- rename to "Org Administration"
don't show menu to OrgAdmins
- but this menu includes one addtl. link "View" that is available for Org Admins
tests ok, but the question is, is OrgAdmin allowed to remove other admins ? yes or no?
- current scenario doesn't allow removal of other admin
- NEO: reset testserver state to fix state before bugfix
- NEO: re-add bug 966 to testserver
- bug needs more work, selection currently clashes with language setting (Delete != Löschen)
- general problem in /pages/account.php with process variable, transfer of "cancel" pushes any action
- potential workaround to fix all "Cancel" requests available
- Still awaiting response from Critical team
strategy plans ... next: strategy for "New Roots & Escrow"
- idea: using indirect crl's ?
- 2 crl's needed, one valid, one invalid crl server
- more infos available ? who ?
- build testserver with special certs
- Magu, Michael to send instructions for test deployment
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5)
- meetings ago we've defined Testing requirements and a potential testszenario
- to remind every meeting
- policy group: define requirements
- multimember escrow method ?
- needs risk analyze
- potential candidates ?
- Marcus to contacted Benedikt, will contact Thomas K
- Next step(s)
- multimember escrow method ?
- how does debian work ?
- defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
- The Bjoern report
- idea: using indirect crl's ?
- CI (Update)
- deployment scenario:
- create testusers
- testing
- delete testusers
- regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
- reminder
- next meeting: Tuesday, August 23, 2011 22:00
Minutes
- Froscon planning
- PRO
question from board -> PR officer
- request to Alex
- support from all
- Board meeting was 2011-08-07, but no PR officer nominated/appointed
- Uli to write nomination to board mailing list cc alex
- Thawte Patch - PR strategy
x2 Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
bug #959 deployed
bug #827 awaiting response from critical team
- next steps:
- preparing PR, support
- report from Wytze, Hans: review, rebundle
- if the patch goes active, this needs support
- wiki faq (existing page? thawte topic?)
blog (-> alex)
- mailing list
- press release? probably not at this state
- Support: could be better, but is ok
- Triage: where to forward Thawte patch requests?
- add to Support team meeting agenda
- patch review
- 10.php / 15.php ranking differs
- 15.php experience points links to assurer account
- alex to prepare blog post
- language translations - rethink to disable?
- Working sesson
bug 827 - needs fix -> dirk
bug 841 - needs 2nd review -> dirk +
bug 911 - needs 2nd review -> dirk +
bug 966 - new fix -> Michael
- use dev mailinglist for communication
Fixed Action Items since last or within meeting
All
AGM team report review
Action Items New
- PRO
- Uli to write nomination to board mailing list cc alex
- thawte patch 827
- alex to prepare blog post
- use dev mailinglist for communication
Action items: Meeting Action Items