To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting
Minutes of the MiniTOP on the 2011-08-23
Setting
The MiniTOP will be held via telco 22:00 CEST
Attendees: dirk, uli, ted, Michael, Marcus, Marc, Magu, Alex
Topics
(skip to agenda)
Action items from last meeting Meeting Action Items
Agenda
- Workshop - The List of open / running / unhandled bugs - Part I
- Working Session - Action Items to start
x4 bug #841 Problems on cert login
needs 2nd review - Ted, done
needs bundling, done- NEO: did restructuring (sql query to subroutine), (Update 2011-07-26), re-tested, reviewed
- needs 2nd review, bundling
=> Ted on Wed, not done
x4 NEO: bug #841 Problems on cert login
needs 2nd review - Ted, done
needs bundled
NEO will check to get sql query extracted
needs pushing
pushed to testserver
Needs Review & testing
- Working Session - Action Items to start
- Froscon is over, whats with the 2 open action items?
dirk, Michael
3. next: strategy for "New Roots & Escrow" - how does debian work?
to contact, defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
Michael
weak keys: problems with cryptostick to test at Froscon with Juergen ?
- Workshop - The List of open / running / unhandled bugs - Part II
VBscript for Vista/Win7 (select keysize >= 1024)
x1 Dirk, new bug#964
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEVcurrent state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964 - as part of
x1 Arbitration case a20110312.1 Weak keys bug #918 / bug #954 / bug#964
- Current state:
pre mailing sent
keys revocation script to bulk revoke weak keys, new bug #954, finished
dirk: DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV
vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024)
Api CertEnroll (MS crypto provider)
new bug#964
current state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964 Weak keys blog post, published
Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30)
weak keys: problems with cryptostick (to test at Froscon with Juergen ?)
cert enroll infos under bug#964
vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation
http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx
Marcus: added notes for Win7 https://bugs.cacert.org/view.php?id=964#c2249
- Advertising
Advertising, ADS Challenge
CAcertInc/LogosForSale/Rules wiki link exist
- "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logo
- Logos and Links exist, needs deployment to testserver
- google ads, nobody knows about
http://google.de/adsense/ - needs google account
- ad client id: pab.*9860, email adress is needed
- board member to write email request to Robert, Philipp, Philpp, Teus, ernie
- contact google?
- account recovery?
- Thawte Patch - PR strategy
x2 Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
needs 1 more test, needs 2nd review
2nd review: also check -x
tests done, 2nd review outstanding
bug #959 deployed
bug #827 awaiting response from critical team
- next steps:
- preparing PR, support
- report from Wytze, Hans: review, rebundle
- if the patch goes active, this needs support
- wiki faq (existing page? thawte topic?)
blog (-> alex)
- mailing list
- press release? probably not at this state
- Support: could be better, but is ok
- Triage: where to forward Thawte patch requests?
- add to Support team meeting agenda
- patch review
- 10.php / 15.php ranking differs
- 15.php experience points links to assurer account
- patch applied to testserver, patch to transfer to critical system
- alex to prepare blog post
Dirk reminder (from last meeting) assure someone patches (checkboxes)
Dirk
DEV: bug #894 problems with check-boxes on website forms (Assure someone) -> a20091118.3
- Bugs to Review #1, transfer to testserver
Dirk
Advertising (from last board meeting), bug #958
add changes as discussed in last meeting to testserver
uli
bug #968 error logging cleanup (splitted bug #909)
split 0000909: too many error messages logged - part II - general.php
uli
Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer
uli
display Assurance when field in list of assurances received, assurances given by a user in admin console interface
uli
bug #846 Join Form restructure, help link
Better guidance of bonafide members in Join Form about Suffixes they doesn't have in their ID doxs (a20100207.2)
uli
visibility over certificates for sysadm in account administration
Ted, uli
bug #957 Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible
new fix avail 2011-08-19
- Bugs under testing:
Dirk, Michael, Ted
bug #965 0000965: Outsource / fix Webdb text pages id=12, 13
one more testing
- Review bugs under testing (finished testing?) (Review 2?)
tests ok, but the question is, is OrgAdmin allowed to remove other admins ? yes or no?
- current scenario doesn't allow removal of other admin
- NEO: reset testserver state to fix state before bugfix
- NEO: re-add bug 966 to testserver
- bug needs more work, selection currently clashes with language setting (Delete != Löschen)
- general problem in /pages/account.php with process variable, transfer of "cancel" pushes any action
- potential workaround to fix all "Cancel" requests available
- Needs review, transfer to Critical team, to bundle, to deploy
bug #940 help* to wiki
Outsource Webdb text pages help.php?id=0..9 to wiki
needs review, deploy
- Needs development, deployment, discussion
bug #835 Assurer challenge (on testserver)
bug #835 Assurer challenge (on testserver)
asssigned to Ted, set to needs work, CATS to install on ca-mgr1
bug #943 change OA admin/assurer text
bug #943 change OA admin/assurer text
-> Ted, rejected, needs comment from OAO
webdb names OrgAdmins as OrgAssurers and names OrgAssurers as OrgAdmins.
- patch takes account about this issue
- problem with menu link Org Admin .. is Org Assurers menu
- but this menu includes one addtl. link "View" that is available for Org Admins
- and Org Admins with master flag to add new admins
master flag is not described in OAP
- addtl master flag to revoke ?
- rename to "Org Administration"
don't show menu to OrgAdmins
- but this menu includes one addtl. link "View" that is available for Org Admins
- Still awaiting response from Critical team
strategy plans ... next: strategy for "New Roots & Escrow"
- idea: using indirect crl's ?
- 2 crl's needed, one valid, one invalid crl server
- more infos available ? who ?
- build testserver with special certs
- Magu, Michael to send instructions for test deployment
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5)
- meetings ago we've defined Testing requirements and a potential testszenario
- to remind every meeting
- policy group: define requirements
- multimember escrow method ?
- needs risk analyze
- potential candidates ?
- Marcus to contacted Benedikt, will contact Thomas K
- Next step(s)
- multimember escrow method ?
- how does debian work ?
- defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
- The Bjoern report
- idea: using indirect crl's ?
- CI (Update)
- deployment scenario:
- create testusers
- testing
- delete testusers
- regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
- reminder
- next meeting: Tuesday, August 30, 2011 22:00
Minutes
x2 Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
needs 1 more test, needs 2nd review
2nd review: also check -x
tests done, 2nd review outstanding
bug #959 deployed
bug #827 awaiting response from critical team
- next steps:
- preparing PR, support
- report from Wytze, Hans: review, rebundle
- if the patch goes active, this needs support
- wiki faq (existing page? thawte topic?)
blog (-> alex)
- mailing list
- press release? probably not at this state
- Support: could be better, but is ok
- Triage: where to forward Thawte patch requests?
- add to Support team meeting agenda
- patch review
- 10.php / 15.php ranking differs
- 15.php experience points links to assurer account
- patch applied to testserver, patch to transfer to critical system
- alex to prepare blog post
- 15.php to push, 10.php ? to set active ? or not?
- mailing to people: Ted, Florian F, PG, Wytze, Carsten L, Jeff F, Frank K (ask Marcus) 120 pts, Sebastian K
bug #835 Assurer challenge (on testserver)
bug #835 Assurer challenge (on testserver)
asssigned to Ted, set to needs work, CATS to install on ca-mgr1
- Ted needs access informations, configuration of IP
- Dirk - development
- Dirk - 2nd review
x4 NEO: bug #841 Problems on cert login
needs 2nd review - Ted, done
needs bundled
NEO will check to get sql query extracted
needs pushing
pushed to testserver
Needs Review & testing - not started? not finished
- Michael - 2nd review
on bug #827
- Ted - reviewed
uli, ted
display Assurance when field in list of assurances received, assurances given by a user in admin console interface
uli, ted
visibility over certificates for sysadm in account administration
Ted, uli
bug #957 Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible
new fix avail 2011-08-19
bug #835 Assurer challenge (on testserver)
bug #835 Assurer challenge (on testserver)
asssigned to Ted, set to needs work, CATS to install on ca-mgr1
- Ted needs an IP address
- Uli to request dns entry for cats1.it-sls.de by Andreas
- Froscon is over, whats with the 2 open action items?
dirk, Michael
3. next: strategy for "New Roots & Escrow" - how does debian work?
to contact, defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
- no success, people not avail at Froscon
Michael
weak keys: problems with cryptostick to test at Froscon with Juergen ?
- Magu has a stick, to meet with Michael
Fixed Action Items since last or within meeting
Action Items New
Uli
to request dns entry for cats1.it-sls.de by Andreas (for bug #835)
Action items: Meeting Action Items
Software/Assessment/ActionItems
Marcus
cap.php review different languages, from meeting 2012-04-24, contact translators
uli
Experience points for ATE attendance
check board motions and/or trigger if not yet passed uli
Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18
current state: see Funding Landing Page All
1. next: strategy for "New Roots & Escrow" - using indirect crl's ?
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment dirk, Michael
3. next: strategy for "New Roots & Escrow" - how does debian work?
to contact, deferred to next events (?) Uli, Michael
Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png
Development, Deployment, Discussion
dirk Brian
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php)
new bug#964
current state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964 done.
proposal patch from Brian rcvd OAO, Ted
bug #943 change OA admin/assurer text
needs 2nd test -> Fabian, Marc, Alex?
/ needs 2nd review -> Ted, rejected uli, Ted
bug #824 Org User cert fix Case study
Organisation User Certificates: Need UI improvement for proper production usage
uli
bug #988 TTP cap form deployment Case study
sneak preview
for local testserver deployment only uli, ted
bug #823 email address removal fix
No warning when removing e-mail address from account that certificates will be revoked
checked by 4, needs 2nd review, deploy
rejected inopiae
bug #920 Join - single name only (eg Indonesian)
details under bug number
uli
bug #859 admin console interface
feature request: show activity on an account in the admin interface
rejected, certs login doesn't modify "modified" field All
bug #1034 files to remove from webdb
eg wot/14
Software Assessors: Review 1 / add to cacert-devel, add to testserver
Software-Assessors task
uli
bug #977 admin console text fix
admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue
Testing
Testers task
gagern
bug #440 Problem with subjectAltName (CSR, renew certs)
There seems to be a problem with the subjectAltName. Dupes, missing entries, and more
neo
bug #922 CAcert application code problem causing missing "certificate about to expire" messages
Ted
bug #835 Assurer challenge (on testserver)
needs testing
Michael
bug #1003 Provide a possibility to regularly review the permissions in the system
also bug #1038 Provide a script for board/tverify reset flags by arbitration a20110118.1
neo
bug #1025 Domain Dispute issue
disputes rc and rc2 var prob
Software Assessors: 2nd Review, Bundle Package to Critical Team
Software-Assessors task
uli, ted
bug #789 OA edit domain fix
Editing domain for organisations does not work
new update 2011-09-26
2 tests, needs 2nd review, deploy
more fixes, more testing6
uli
bug #967 OA isassurer check
Give an OA the opportunity to check if a designated Organisation Administrator is a CAcert assurer
neo
bug #978 Invalid SPKAC requests are not properly validated
recheck full certs signing procedures
duplicate report to bug#540 Michael
p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
uli, marcus: needs full cert create tests
duplicate report to bug#978 neo
bug #1024 Assurer flag is not set correctly on updatesort.php run
tested by 4, ok
dirk
bug #1023 Consolidate changes into the Assure Someone page
6.php global re-design project
assurance, wot area (Thawte points removal effective) inopiae
New layout of view for Organisation Administrators in account/id35
Software Assessors: Bundle Package to Critical Team
Software-Assessors task
Awaiting Response from Critical Team