. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110823-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110906-S-A-MiniTOP|next meeting]]'''

----

= Minutes of the MiniTOP on the 2011-08-30 =

== Setting ==
The MiniTOP will be held via telco  22:00 CEST

Attendees: dirk, magu, uli, Marcus, Michael

== Topics ==

(skip to agenda)

Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''


== Agenda ==
 1. Workshop - The List of open / running / unhandled bugs - Part I
  1. Working Session - Action Items to start
   1. x^4^ [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login
    * needs 2nd review - Ted, done<<BR>>needs bundling, done
    * NEO: did restructuring (sql query to subroutine), (Update 2011-07-26), re-tested, reviewed
    * needs 2nd review, bundling
     * => Ted on Wed, not done
   || x^4^ NEO: [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login || needs 2nd review - Ted, done<<BR>>needs bundled<<BR>>NEO will check to get sql query extracted<<BR>>needs pushing<<BR>>pushed to testserver<<BR>>Needs 2nd Review & deploy by Dirk or Ted || {-} ||
     * started last meeting, not yet finished

 1. Class3 Re-sign - responses - The "Bjoern" case

 1. Jubula Test-Tool (by Michael)

 1. PR work
  1. thawte patch - blog post
  1. newsletter mailings
   1. thawte patch, Security campaign, Newsletters
    a. thawte patch, check new points count
    a. Security campaign
     1. weak passwords   (bug 637)
     1. password reset w/ Assurance replaces pwd reset thru paypal
     1. cert login security fix  (bug 841)
     1. weak keys disabled       (bug 918)
     1. class3 re-sign with sha256
    a. check your CAcert account
     1. create a client cert for client cert login (also needed for CATS)
     1. check your secret questions
     1. check your password
     1. check your notification settings
     1. check your location settings
   1. thawte patch detailed (1 month later)
    1. infos about thawte points removal
    1. infos about points counting

 1. Workshop - The List of open / running / unhandled bugs - Part II
  1. VBscript for Vista/Win7 (select keysize >= 1024) - '''reminder''' to dirk
   || x^1^ Dirk, new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<<BR>>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/..  4.php, 17.php  to combine ? (/includes/keygen.php) '''DEV''' || current state: test /account/4.php added to testserver<<BR>>Marcus will do detailed tests on Wed<<BR>>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] || {-} ||
   * as part of
   * x^1^ Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] / [[https://bugs.cacert.org/view.php?id=954|bug #954]] / [[https://bugs.cacert.org/view.php?id=964|bug#964]]
   * Current state:
    || {g} || pre mailing sent ||
    || {g} || keys revocation script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]], finished ||
    || {-} || dirk: DEV: [[Arbitrations/a20110312.1|a20110312.1]] [[https://bugs.cacert.org/view.php?id=918|bug#918]] Weak keys: /pages/account/..  4.php, 17.php  to combine ? (/includes/keygen.php) '''DEV''' <<BR>>vbscript needs to be improved with select box key size and lower limit to 2048 (based on [[https://wiki.mozilla.org/CA:MD5and1024]])<<BR>>Api CertEnroll (MS crypto provider)<<BR>>new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<<BR>>current state: test /account/4.php added to testserver<<BR>>Marcus will do detailed tests on Wed<<BR>>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] ||
    || {g} || Weak keys blog post, published ||
    || {g} || Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30) ||
    || {b} || weak keys: problems with cryptostick (to test at [[events/FrOSCon2011|Froscon]] with Juergen ?) ||

   * cert enroll infos under [[https://bugs.cacert.org/view.php?id=964|bug#964]]
   * vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation
    * [[http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx]]
    * Marcus: added notes for Win7 [[https://bugs.cacert.org/view.php?id=964#c2249]]

  1. Advertising
   1. Prepare Advertising fix for testserver - '''reminder''' to dirk
    || Dirk || Advertising (from last board meeting), [[https://bugs.cacert.org/view.php?id=958|bug #958]] || add changes as discussed in last meeting to testserver || {0} ||

    * [[CAcertInc/LogosForSale/Rules]] wiki link exist
    * "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logo
    * Logos and Links exist, needs deployment to testserver

   1. google ads, nobody knows about
    * [[http://google.de/adsense/]] - needs google account
     * ad client id: pab.*9860, email adress is needed
     * board member to write email request to Robert, Philipp, Philpp, Teus, ernie
     * contact google?
     * account recovery?

  1. Thawte Patch - PR strategy
   1. x^2^ [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
   || x^2^ [[https://bugs.cacert.org/view.php?id=827|bug #827]] "Thawte" patch (still running)<<BR>>related [[https://bugs.cacert.org/view.php?id=959|bug #959]] || needs 1 more test, needs 2nd review<<BR>>2nd review: also check -x<<BR>>tests done, 2nd review outstanding || {0} <<BR>> {g} ||
    * [[https://bugs.cacert.org/view.php?id=959|bug #959]] deployed
    * [[https://bugs.cacert.org/view.php?id=827|bug #827]] awaiting response from critical team
    * next steps:
     1. preparing PR, support
     1. report from Wytze, Hans: review, rebundle
    * if the patch goes active, this needs support
     * wiki faq (existing page? thawte topic?)
     * blog (-> alex)
      * mailing list
      * press release? probably not at this state
     * Support: could be better, but is ok
      * Triage: where to forward Thawte patch requests?
      * add to Support team meeting agenda 
     * patch review
      * 10.php / 15.php ranking differs
      * 15.php  experience points links to assurer account
      * patch applied to testserver, patch to transfer to critical system
     * alex to prepare blog post
    * 15.php to push, 10.php ? to set active ? or not?
    * mailing to people: Ted, Florian F, PG, Wytze, Carsten L, Jeff F, Frank K (ask Marcus) 120 pts, Sebastian K

  1. Dirk '''reminder''' (from last meeting) assure someone patches (checkboxes)
   || Dirk || DEV: [[https://bugs.cacert.org/view.php?id=894|bug #894]] problems with check-boxes on website forms (Assure someone) -> [[Arbitrations/a20091118.3|a20091118.3]] || {0} ||

  1. Bugs to Review #1, transfer to testserver
   || uli || [[https://bugs.cacert.org/view.php?id=968|bug #968]] error logging cleanup (splitted bug #909) || split 0000909: too many error messages logged - part II - general.php || {0} ||
   || uli || [[https://bugs.cacert.org/view.php?id=967|bug #967]] || Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer || {0} ||
   || uli || [[https://bugs.cacert.org/view.php?id=859|bug #859]] admin console interface || feature request: show activity on an account in the admin interface, new update /!\ || {0} ||
   || uli || [[https://bugs.cacert.org/view.php?id=975|bug #975]] admin console interface (2) || report potential database inconsistency in SE console (debug infos), new update /!\ || {0} ||
   || uli, ted || [[https://bugs.cacert.org/view.php?id=882|bug #882]] || display Assurance when field in list of assurances received, assurances given by a user in admin console interface, new update /!\ || {0} ||
   || uli, ted || [[https://bugs.cacert.org/view.php?id=794|bug #794]] || visibility over certificates for sysadm in account administration, new update /!\ || {0} ||
   || uli || [[https://bugs.cacert.org/view.php?id=966|bug #966]] cancel doesn't cancel but processes instead || bug needs more work, selection currently clashes with language setting (Delete != Löschen)<<BR>>general problem in /pages/account.php with process variable, transfer of "cancel" pushes any action<<BR>>potential workaround to fix all "Cancel" requests available<<BR>>read [[https://bugs.cacert.org/view.php?id=966#c2287]] and attached fix<<BR>>badly fixed 31.php, new update fix avail /!\ || {0} ||

  1. Bugs under testing:
   || Dirk, Michael || [[https://bugs.cacert.org/view.php?id=827|bug #827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] Thawte patch/Points-Count-Order-Change project || related bug 959: needs 1 more test, needs 2nd review / 2nd review: also check -x / tests done, needs 2nd review<<BR>>959 {g} reviewed, deployed <<BR>>827 {g} reviewed, deployment in 2 steps<<BR>>new fixes, reviewed, needs testing || {0} <<BR>> {0} ||
   || Ted || [[https://bugs.cacert.org/view.php?id=965|bug #965]] 0000965: Outsource / fix Webdb text pages id=12, 13 || one more testing || {0} ||
   || Ted, uli || [[https://bugs.cacert.org/view.php?id=957|bug #957]] Resize the comment field on [[https://secure.cacert.org/account.php?id=27]] so more information is visible || new fix avail 2011-08-19 || {0} ||
   || Ted, uli || [[https://bugs.cacert.org/view.php?id=846|bug #846]] Join Form restructure, help link || Better guidance of bonafide members in Join Form about Suffixes they doesn't have in their ID doxs (a20100207.2) || {0} ||

  1. Needs review, transfer to Critical team, to bundle, to deploy
   || [[https://bugs.cacert.org/view.php?id=940|bug #940]] help* to wiki || Outsource Webdb text pages help.php?id=0..9 to wiki<<BR>>needs review, deploy || {0} ||
   || [[https://bugs.cacert.org/view.php?id=910|bug #910]] Outsource board member list || from Webdb to wiki (id=8) (Part II) || {0} ||
   || [[https://bugs.cacert.org/view.php?id=955|bug #955]] change sort order Orga list || Possibilty to change the sorting order for the organisation overview || {0} ||

  1. Needs development, deployment, discussion

   1. [[https://bugs.cacert.org/view.php?id=835|bug #835]] Migrate CATS onto testserver
   || [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver) || asssigned to Ted, CATS to install on ca-mgr1, awaiting deployment || {0} ||

   1. [[https://bugs.cacert.org/view.php?id=943|bug #943]] change OA admin/assurer text
    || [[https://bugs.cacert.org/view.php?id=943|bug #943]] change OA admin/assurer text || -> Ted, rejected, needs comment from OAO || {-} ||
    * webdb names OrgAdmins as OrgAssurers and names OrgAssurers as OrgAdmins.
    * patch takes account about this issue
    * problem with menu link Org Admin .. is Org Assurers menu
     * but this menu includes one addtl. link "View" that is available for Org Admins
      * and Org Admins with master flag to add new admins
     * master flag is not described in OAP (!)
     * addtl master flag to revoke ?
     * rename to "Org Administration"
     * don't show menu to OrgAdmins

  1. Still awaiting response from Critical team

 1. strategy plans ... next: strategy for "New Roots & Escrow"
  1. idea: using indirect crl's ?
   * 2 crl's needed, one valid, one invalid crl server
   * more infos available ? who ?
    1. build testserver with special certs
    1. Magu, Michael to send instructions for test deployment
     * indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5)
   * meetings ago we've defined Testing requirements and a potential testszenario
   * to remind every meeting
  1. policy group: define requirements
   * multimember escrow method ?
    * needs risk analyze
    * potential candidates ?
     * Marcus to contacted Benedikt, will contact Thomas K
     * Next step(s)
  1. how does debian work ?
   * defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
  1. The Bjoern report
   * [[https://blog.cacert.org/2011/06/518.html#comments|New signatures for CAcert-Class 3-Subroot-certificate - Comments]]

 1. CI (Update)
  * [[http://live.eclipse.org/node/1031|description to eclipse testpage]], [[http://adobedev.adobe.acrobat.com/p4101brizwr/|Webinar]]
  * deployment scenario:
   1. create testusers
   1. testing
   1. delete testusers
  * regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
  * reminder

 1. next meeting: Tuesday, September 6, 2011 22:00

== Minutes ==
 1. Class3 Re-sign - responses - The "Bjoern" case
  * responded to user
  * user ignores request for help
  * to keep an eye on
  * ssl prob: mail to infrastructure team

 1. PR work
  1. thawte patch - blog post
  1. newsletter mailings
   1. thawte patch, Security campaign, Newsletters
    a. thawte patch, check new points count  - should be removed from 1st patch
    a. Security campaign
     1. weak passwords   (bug 637)
     1. password reset w/ Assurance replaces pwd reset thru paypal
     1. cert login security fix  (bug 841)
     1. weak keys disabled       (bug 918)
     1. class3 re-sign with sha256
    a. check your CAcert account
     1. create a client cert for client cert login (also needed for CATS)
     1. check your secret questions
     1. check your password
     1. check your notification settings
     1. check your location settings
   1. thawte patch detailed (1 month later, 6-8 weeks later)
    1. infos about thawte points removal
    1. infos about points counting

 1. Jubula Test-Tool (by Michael)
  * [[http://www.eclipse.org/jubula/download.php]]
  * with FF 3.5 [[ftp://ftp.mozilla.org/pub/firefox/releases/]]
  * start aut agent (under win as service)
  * start jubula (also on 64 machine)
  * window preferences
  * test
   * database connections
    * add
     * ca-mgr1
     * type: mysql
     * host: ca-mgr1.it-sls.de
     * OK
    * OK
   * Test - open
    * host: ca-mgr1.it-sls.de
    * user: jubula
    * pwd:  (request from Software-Assessors, Testteam)
     * -> CAcert  version 1.0
     * OK
   * left upper corner -> test cases
   * test suite browser
    * standard task
   * connect to AUT (green button) -> connect
   * Start AUT  "cacert1 (cacert1) : cacert1"
   * Test - Properties - AUTS - select cacert1 - edit - ok - ok
   * Start AUT  "cacert1 (cacert1_ie) : cacert1"  + "cacert1 (cacert1_ff_neo) : cacert1"
    * click "cacert1 (cacert1_ie) : cacert1"
    * Remote control opens
    * switch to jubula
    * test suite browser
     * right top corner - green selection - start exec cacert1_ie
     * test exec relevance
      * remember my decision  -> yes -> yes
      * change perspective -> yes -> yes
      * program executes

 1. new database tables and fields
  * add new bug number with list of tables/fields for updates
  * [[https://bugs.cacert.org/view.php?id=976]]

 1. Bug 966, addtl. fix doesn't work 30.php, 31.php
   || uli || [[https://bugs.cacert.org/view.php?id=966|bug #966]] cancel doesn't cancel but processes instead || bug needs more work, selection currently clashes with language setting (Delete != Löschen)<<BR>>general problem in /pages/account.php with process variable, transfer of "cancel" pushes any action<<BR>>potential workaround to fix all "Cancel" requests available<<BR>>read [[https://bugs.cacert.org/view.php?id=966#c2287]] and attached fix<<BR>>badly fixed 31.php, new update fix avail /!\ || {0} ||

 1. x^2^ [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] and [[https://bugs.cacert.org/view.php?id=959|bug #959]] "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy
  || x^2^ [[https://bugs.cacert.org/view.php?id=827|bug #827]] "Thawte" patch (still running)<<BR>>related [[https://bugs.cacert.org/view.php?id=959|bug #959]] || needs 1 more test, needs 2nd review<<BR>>2nd review: also check -x<<BR>>tests done, 2nd review outstanding || {0} <<BR>> {g} ||
  * request by Joost for variable fields

 1. x^4^ [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login
  * needs 2nd review - Ted, done<<BR>>needs bundling, done
  * NEO: did restructuring (sql query to subroutine), (Update 2011-07-26), re-tested, reviewed
  * needs 2nd review, bundling
   * => Ted on Wed, not done
   || x^4^ NEO: [[https://bugs.cacert.org/view.php?id=841|bug #841]] Problems on cert login || needs 2nd review - Ted, done<<BR>>needs bundled<<BR>>NEO will check to get sql query extracted<<BR>>needs pushing<<BR>>pushed to testserver<<BR>>Needs 2nd Review & deploy by Dirk or Ted || {-} ||
   * started last meeting, not yet finished
   * 2 sql queries
   * dirk will do some rewrite later
   * review ok

 1. info from critical team (thru Michael)
  * upgrade of chroot environment on webdb by end of this week

 1. google ads, nobody knows about
  * [[http://google.de/adsense/]] - needs google account
   * ad client id: pab.*9860, email adress is needed
   * board member to write email request to Robert, Philipp, Philpp, Teus, ernie
   * contact google?
   * account recovery?
   * dirk: to write mail to treasurer (address from invoice)

 1. Michael - action items
  1. bug 827
  1. bug 841
  1. bug 846
   * and others in the queue

==== Fixed Action Items since last or within meeting ====
 || Uli || open fw rule port 3306 on ca-mgr1 (req by Michael) || {g} ||
 || Uli || to request dns entry for cats1.it-sls.de by Andreas (for bug #835) || {g} ||

----

==== Action Items New ====
 || dirk || google ads account - to write mail to treasurer (address from invoice) || {0} ||


Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
<<Include(Software/Assessment/ActionItems)>>  

----
 . CategorySoftwareAssessment