Minutes of the MiniTOP on the 2011-08-30

Setting

The MiniTOP will be held via telco 22:00 CEST

Attendees: dirk, magu, uli, Marcus, Michael

Topics

(skip to agenda)

Action items from last meeting Meeting Action Items

Agenda

  1. Workshop - The List of open / running / unhandled bugs - Part I
    1. Working Session - Action Items to start

      1. x4 bug #841 Problems on cert login

        • needs 2nd review - Ted, done
          needs bundling, done

        • NEO: did restructuring (sql query to subroutine), (Update 2011-07-26), re-tested, reviewed
        • needs 2nd review, bundling

          • => Ted on Wed, not done

        x4 NEO: bug #841 Problems on cert login

        needs 2nd review - Ted, done
        needs bundled
        NEO will check to get sql query extracted
        needs pushing
        pushed to testserver
        Needs 2nd Review & deploy by Dirk or Ted

        {-}

        • started last meeting, not yet finished
  2. Class3 Re-sign - responses - The "Bjoern" case
  3. Jubula Test-Tool (by Michael)
  4. PR work
    1. thawte patch - blog post
    2. newsletter mailings
      1. thawte patch, Security campaign, Newsletters
        1. thawte patch, check new points count
        2. Security campaign
          1. weak passwords (bug 637)
          2. password reset w/ Assurance replaces pwd reset thru paypal
          3. cert login security fix (bug 841)
          4. weak keys disabled (bug 918)
          5. class3 re-sign with sha256
        3. check your CAcert account
          1. create a client cert for client cert login (also needed for CATS)
          2. check your secret questions
          3. check your password
          4. check your notification settings
          5. check your location settings
      2. thawte patch detailed (1 month later)
        1. infos about thawte points removal
        2. infos about points counting
  5. Workshop - The List of open / running / unhandled bugs - Part II

    1. VBscript for Vista/Win7 (select keysize >= 1024) - reminder to dirk

    2. Advertising

      1. Prepare Advertising fix for testserver - reminder to dirk

        • Dirk

          Advertising (from last board meeting), bug #958

          add changes as discussed in last meeting to testserver

          {0}

        • CAcertInc/LogosForSale/Rules wiki link exist

        • "buy me" logo / "Logo For Sale" logo / "Monthly Auction on Logos" logo
        • Logos and Links exist, needs deployment to testserver
      2. google ads, nobody knows about

        • http://google.de/adsense/ - needs google account

          • ad client id: pab.*9860, email adress is needed
          • board member to write email request to Robert, Philipp, Philpp, Teus, ernie
          • contact google?
          • account recovery?
    3. Thawte Patch - PR strategy

      1. x2 Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy

        x2 bug #827 "Thawte" patch (still running)
        related bug #959

        needs 1 more test, needs 2nd review
        2nd review: also check -x
        tests done, 2nd review outstanding

        {0}
        {g}

        • bug #959 deployed

        • bug #827 awaiting response from critical team

        • next steps:
          1. preparing PR, support
          2. report from Wytze, Hans: review, rebundle
        • if the patch goes active, this needs support
          • wiki faq (existing page? thawte topic?)

          • blog (-> alex)

            • mailing list
            • press release? probably not at this state
          • Support: could be better, but is ok
            • Triage: where to forward Thawte patch requests?
            • add to Support team meeting agenda
          • patch review
            • 10.php / 15.php ranking differs
            • 15.php experience points links to assurer account
            • patch applied to testserver, patch to transfer to critical system
          • alex to prepare blog post
        • 15.php to push, 10.php ? to set active ? or not?
        • mailing to people: Ted, Florian F, PG, Wytze, Carsten L, Jeff F, Frank K (ask Marcus) 120 pts, Sebastian K

    4. Dirk reminder (from last meeting) assure someone patches (checkboxes)

      • Dirk

        DEV: bug #894 problems with check-boxes on website forms (Assure someone) -> a20091118.3

        {0}

    5. Bugs to Review #1, transfer to testserver

      • uli

        bug #968 error logging cleanup (splitted bug #909)

        split 0000909: too many error messages logged - part II - general.php

        {0}

        uli

        bug #967

        Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer

        {0}

        uli

        bug #859 admin console interface

        feature request: show activity on an account in the admin interface, new update /!\

        {0}

        uli

        bug #975 admin console interface (2)

        report potential database inconsistency in SE console (debug infos), new update /!\

        {0}

        uli, ted

        bug #882

        display Assurance when field in list of assurances received, assurances given by a user in admin console interface, new update /!\

        {0}

        uli, ted

        bug #794

        visibility over certificates for sysadm in account administration, new update /!\

        {0}

        uli

        bug #966 cancel doesn't cancel but processes instead

        bug needs more work, selection currently clashes with language setting (Delete != Löschen)
        general problem in /pages/account.php with process variable, transfer of "cancel" pushes any action
        potential workaround to fix all "Cancel" requests available
        read https://bugs.cacert.org/view.php?id=966#c2287 and attached fix
        badly fixed 31.php, new update fix avail /!\

        {0}

    6. Bugs under testing:

      • Dirk, Michael

        bug #827 and bug #959 Thawte patch/Points-Count-Order-Change project

        related bug 959: needs 1 more test, needs 2nd review / 2nd review: also check -x / tests done, needs 2nd review
        959 {g} reviewed, deployed
        827 {g} reviewed, deployment in 2 steps
        new fixes, reviewed, needs testing

        {0}
        {0}

        Ted

        bug #965 0000965: Outsource / fix Webdb text pages id=12, 13

        one more testing

        {0}

        Ted, uli

        bug #957 Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible

        new fix avail 2011-08-19

        {0}

        Ted, uli

        bug #846 Join Form restructure, help link

        Better guidance of bonafide members in Join Form about Suffixes they doesn't have in their ID doxs (a20100207.2)

        {0}

    7. Needs review, transfer to Critical team, to bundle, to deploy

      • bug #940 help* to wiki

        Outsource Webdb text pages help.php?id=0..9 to wiki
        needs review, deploy

        {0}

        bug #910 Outsource board member list

        from Webdb to wiki (id=8) (Part II)

        {0}

        bug #955 change sort order Orga list

        Possibilty to change the sorting order for the organisation overview

        {0}

    8. Needs development, deployment, discussion

      1. bug #835 Migrate CATS onto testserver

        bug #835 Assurer challenge (on testserver)

        asssigned to Ted, CATS to install on ca-mgr1, awaiting deployment

        {0}

      2. bug #943 change OA admin/assurer text

        • bug #943 change OA admin/assurer text

          -> Ted, rejected, needs comment from OAO

          {-}

        • webdb names OrgAdmins as OrgAssurers and names OrgAssurers as OrgAdmins.

        • patch takes account about this issue
        • problem with menu link Org Admin .. is Org Assurers menu
          • but this menu includes one addtl. link "View" that is available for Org Admins
            • and Org Admins with master flag to add new admins

          • master flag is not described in OAP (!)

          • addtl master flag to revoke ?
          • rename to "Org Administration"

          • don't show menu to OrgAdmins

    9. Still awaiting response from Critical team

  6. strategy plans ... next: strategy for "New Roots & Escrow"

    1. idea: using indirect crl's ?
      • 2 crl's needed, one valid, one invalid crl server
      • more infos available ? who ?
        1. build testserver with special certs
        2. Magu, Michael to send instructions for test deployment
      • meetings ago we've defined Testing requirements and a potential testszenario
      • to remind every meeting
    2. policy group: define requirements
      • multimember escrow method ?
        • needs risk analyze
        • potential candidates ?
          • Marcus to contacted Benedikt, will contact Thomas K
          • Next step(s)
    3. how does debian work ?
      • defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
    4. The Bjoern report
  7. CI (Update)

    • description to eclipse testpage, Webinar

    • deployment scenario:
      1. create testusers
      2. testing
      3. delete testusers
    • regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
    • reminder
  8. next meeting: Tuesday, September 6, 2011 22:00

Minutes

  1. Class3 Re-sign - responses - The "Bjoern" case
    • responded to user
    • user ignores request for help
    • to keep an eye on
    • ssl prob: mail to infrastructure team
  2. PR work
    1. thawte patch - blog post
    2. newsletter mailings
      1. thawte patch, Security campaign, Newsletters
        1. thawte patch, check new points count - should be removed from 1st patch
        2. Security campaign
          1. weak passwords (bug 637)
          2. password reset w/ Assurance replaces pwd reset thru paypal
          3. cert login security fix (bug 841)
          4. weak keys disabled (bug 918)
          5. class3 re-sign with sha256
        3. check your CAcert account
          1. create a client cert for client cert login (also needed for CATS)
          2. check your secret questions
          3. check your password
          4. check your notification settings
          5. check your location settings
      2. thawte patch detailed (1 month later, 6-8 weeks later)
        1. infos about thawte points removal
        2. infos about points counting
  3. Jubula Test-Tool (by Michael)

    • http://www.eclipse.org/jubula/download.php

    • with FF 3.5 ftp://ftp.mozilla.org/pub/firefox/releases/

    • start aut agent (under win as service)
    • start jubula (also on 64 machine)
    • window preferences
    • test
      • database connections
        • add
          • ca-mgr1
          • type: mysql
          • host: ca-mgr1.it-sls.de
          • OK
        • OK
      • Test - open
        • host: ca-mgr1.it-sls.de
        • user: jubula
        • pwd: (request from Software-Assessors, Testteam)

          • -> CAcert version 1.0

          • OK

      • left upper corner -> test cases

      • test suite browser
        • standard task

      • connect to AUT (green button) -> connect

      • Start AUT "cacert1 (cacert1) : cacert1"
      • Test - Properties - AUTS - select cacert1 - edit - ok - ok
      • Start AUT "cacert1 (cacert1_ie) : cacert1" + "cacert1 (cacert1_ff_neo) : cacert1"
        • click "cacert1 (cacert1_ie) : cacert1"
        • Remote control opens
        • switch to jubula
        • test suite browser
          • right top corner - green selection - start exec cacert1_ie
          • test exec relevance

            • remember my decision -> yes -> yes

            • change perspective -> yes -> yes

            • program executes
  4. new database tables and fields
  5. Bug 966, addtl. fix doesn't work 30.php, 31.php

    • uli

      bug #966 cancel doesn't cancel but processes instead

      bug needs more work, selection currently clashes with language setting (Delete != Löschen)
      general problem in /pages/account.php with process variable, transfer of "cancel" pushes any action
      potential workaround to fix all "Cancel" requests available
      read https://bugs.cacert.org/view.php?id=966#c2287 and attached fix
      badly fixed 31.php, new update fix avail /!\

      {0}

  6. x2 Bug# 827 and bug #959 "Thawte" patch - Points-Count-Order-Change project - 2nd Review + deploy

    • x2 bug #827 "Thawte" patch (still running)
      related bug #959

      needs 1 more test, needs 2nd review
      2nd review: also check -x
      tests done, 2nd review outstanding

      {0}
      {g}

    • request by Joost for variable fields

  7. x4 bug #841 Problems on cert login

    • needs 2nd review - Ted, done
      needs bundling, done

    • NEO: did restructuring (sql query to subroutine), (Update 2011-07-26), re-tested, reviewed
    • needs 2nd review, bundling

      • => Ted on Wed, not done

        x4 NEO: bug #841 Problems on cert login

        needs 2nd review - Ted, done
        needs bundled
        NEO will check to get sql query extracted
        needs pushing
        pushed to testserver
        Needs 2nd Review & deploy by Dirk or Ted

        {-}

      • started last meeting, not yet finished
      • 2 sql queries
      • dirk will do some rewrite later
      • review ok
  8. info from critical team (thru Michael)
    • upgrade of chroot environment on webdb by end of this week
  9. google ads, nobody knows about

    • http://google.de/adsense/ - needs google account

      • ad client id: pab.*9860, email adress is needed
      • board member to write email request to Robert, Philipp, Philpp, Teus, ernie
      • contact google?
      • account recovery?
      • dirk: to write mail to treasurer (address from invoice)
  10. Michael - action items
    1. bug 827
    2. bug 841
    3. bug 846
      • and others in the queue

Fixed Action Items since last or within meeting

Action Items New

Action items: Meeting Action Items

Software/Assessment/ActionItems

Development, Deployment, Discussion

  • OAO, Ted

    bug #943 change OA admin/assurer text

    needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected

    {-}

    uli, Ted

    bug #824 Org User cert fix Case study

    Organisation User Certificates: Need UI improvement for proper production usage

    {0}

    uli, ted

    bug #823 email address removal fix

    No warning when removing e-mail address from account that certificates will be revoked
    checked by 4, needs 2nd review, deploy
    rejected

    {-}

    inopiae

    bug #920 Join - single name only (eg Indonesian)

    details under bug number

    {0}

    uli

    bug #859 admin console interface

    feature request: show activity on an account in the admin interface
    rejected, certs login doesn't modify "modified" field

    {r}

    Michael

    bug #540

    p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
    uli, marcus: needs full cert create tests
    duplicate report to bug#978
    tested by 3, 2nd review done, transfered
    Ken reported: still has problems, bug kept open

    {0}

    gagern, NEO

    bug #440 Problem with subjectAltName (CSR, renew certs)

    There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development

    {r}

    neo

    bug #1025 Domain Dispute issue

    disputes rc and rc2 var prob
    needs work

    {r}

    dirk

    bug #1054 0001054: Review the code regarding the new point calculation

    Thawte patch part II
    needs further work

    {r}

Software Assessors: Review 1 / add to cacert-devel, add to testserver

  • Software-Assessors task

Testing

  • Testers task

    neo

    bug #1004 Stats page improvement

    tested by 2, needs 2nd review

    {0}

    neo

    Bugs #1159 it might be possible to execute commands on the signing server

    {0}

    inopiae

    bug #1065 Wrong wording when sending mails during the assurance process

    {0}

    inopiae

    bug #1162 calcutate (the passwords) hash in php instead of in mysql

    create test scenarios for the software testers /!\
    Full testing /!\

    {0}

    inopiae

    bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails

    {0}

    inopiae

    bug #988 TTP cap form deployment

    {0}

Software Assessors: 2nd Review, Bundle Package to Critical Team

  • Software-Assessors task

    Ted

    bug #500 Get contact mail adress after resolving test

    tested by 3, requires review

    {0}

    Ted

    bug #1140 Show if a test is passed in learnprogress

    tested by 3, requires review

    {0}

    magu

    bug #1131 Rename _all_ Policies from .php to .html and fix all links

    global policy directory maintenance and update

    {0}

    inopiae

    bug #1010 Reorder the view on organisation certificates

    tested by 3

    {0}

Software Assessors: Bundle Package to Critical Team

  • Software-Assessors task

    inopiae

    bug #1139 Add new fields to the database

    tests through #500 and #1140, 2nd review done, requires transfer

    {0}

Awaiting Response from Critical Team

  • inopiae

    bug #411 Wrong text is made into link

    {g}

Software/Assessment/20110830-S-A-MiniTOP (last edited 2011-09-22 23:57:37 by UlrichSchroeter)