• Software
• Assessment
• 20111122-S-A-MiniTOP

• To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting

Minutes of the MiniTOP on the 2011-11-22

2011-11-23 Continued

Setting

The MiniTOP will be held via telco 22:00 CET

Attendees: magu, dirk, uli, marcus, michael

Topics

(skip to agenda)

Action items from last meeting Meeting Action Items

Agenda

1. bug #976 - database restructure preperation

   •   * raw transcript from meeting results: [[https://bugs.cacert.org/file_download.php?file_id=245&type=bug|sql structure modifications as discussed within meeting]]
       * New table to add: high potential domains to secure (mozilla blue print) 
       * proposed testserver deployment - when ?
       * results from meeting 2011-10-18
        * deletedwhen - to rename to deleted type datetime
        * from - to rename to creatorid
        * enum - or not enum for cca method
        * add table "mozilla blue print" domains
         * proposal michael: to add this as file, also to deploy to signer
        * sql update? or php script?
         * adding versioning number ?  table verno, when type datetime
       * results from meeting 2011-10-25
        * email addresses + domains verification on cert renewal: last verified (type datetime) 
        * info from dirk regarding CCA table structure. structure defined in [[https://lists.cacert.org/wws/arc/cacert-devel/2009-06/msg00004.html]]. Current definition to compare with structure definition from mid 2009
        * detailed discussion regarding CCA table
         * comment field to name as method?
         * type -> boolan
        * adding version table
        * latin-1 is db standard
        * sql script will be prepared by Michael
       * Update
        1. script built by Michael
        1. script reviewed by dirk
        1. script tested localy, with one bug found (Org Client Cert - View doesn't work)
        1. fix for Org Client Cert - View added to testserver, needs 2nd review
        1. needs testing regarding notary table functions
         * notary table 0-150 pts variations tested manual and TMS assurances [[https://bugs.cacert.org/view.php?id=976#c2682|Report #c2682]]
        1. state 2011-11-15:
         * added to testserver, migration script works
         * problem with org client certs view (org table) identified fixed.
         * further tests with notary table revealed no more problems
         * accounts/18.php needs review
         * instructions for running the script is written in bug #976 docu

   • current state summary:
     • transfered to critical system, patch has been applied
     • outstanding: database upgrade, scheduled for Wed Nov 23rd

2. bug #827 - New Points calculation / Thawte patch

   1. The patch

      • Dirk, Michael

        bug #827 and bug #959 Thawte patch/Points-Count-Order-Change project

        related bug 959: needs 1 more test, needs 2nd review / 2nd review: also check -x / tests done, needs 2nd review 959 reviewed, deployed 827 reviewed, deployment in 2 steps deployed, report from Wytze

      • state 2011-11-15

        1. review #827 + #882 fix-date 2006-09-01 -> dirk

           • reviews done, needs transfer to critical team
      • next steps:

        1. mailing script not yet prepared -> dirk

           • ascending user id's with high watermark file
           • dirks work-queue: agm/sgn minutes

             • uli picksup agm/sgm minutes, dirk writes patch - deal => finished

   2. PR work - Update?

      1. newsletter mailing: ok from board m20111016.2 and m20111023.2

      2. newsletter and translations reviewed: English revision PR/News/NewPointsCalculation

      3. script sql query to prepare based on events/oa mailing
         • request for statement by critical team
         • proposal by critical team:
           1. to pace the email sending out a bit, e.g. by doing a chunk of 1000, then waiting 19 minutes (by a programmatic sleep) before starting the next chunk of 1000 etc
           2. pushing out the whole mailing will take somewhere between one and two full days
           3. reduce Postfix' maximal_queue_lifetime from the default 5 days to say 2 days

           4. Basically a20100309.1 already gives permission for this mailing, except that it outlines a somewhat different technical implementation of such mailings. But policy-wise there doesn't seem to be a difference to me with what we are proposing here, so why bother with addtl arbitration?

         • . Software-Assessors / developers to prepare a sql-query that can handle above requirements, also to handle localy translateded text
           • script to use from events + OA mailing, SA's to build a sql query, sending to critical team
           • dirk: script not yet deployed, will do till last weekend, Sunday: not yet written
           • see top 2.1
   3. "Special case" - handling of 0:0 cases under arbitration
      • New proposal: scripted mailing for 0:0 F2F cases with detailed instructions
      • get information how many 0:0 cass we have ?

        • info from last years arbitration a20100822.1 ? (documentation is not yet avail)

        • Lambert as Arbitrator, Martin as Case Manager and dirk in role as SA as Claimant should know the answer
      • is it possible to update 15.php script to signal the 0:0 F2F assurance cases ?!? eg by color blue or background color light yellow ?
        • dirk: 15.php can be easily upgraded - not only color also italic
      • to prepare an arbitration process for a scripted mailing announcement
        1. to the assuree's who may loose points caused by 0:0 cases
        2. to the assurers, who can re-apply their assurance over assuree's with the 0:0 problem
      • arbitration initiated

      • wiki faq created: FAQ/NewPointsCount#YellowLines

      • No CM/A picked up this case yet
   4. Questions from last 9 meetings:
      • dirk: when will 827 goes to production ?

3. bug #968 documentation, action required?

   • bug #968 refers to bug #909 as parent

   • bug #909 refers to 3 bugs (!):

     • bug #963	Logout Session not completely reset	solved
       bug #968	too many error messages logged, general.php	solved
       bug #908	Session unregister when logging out seems to contain bugs	still open

   • is 908 solved by 963 ?
4. Testers workqueue

   1. Translingo bug #985

      • https://translations.cacert.org (http://translations.cacert.org/) (replacement for translingo)

      • the translingo.cacert.org had been in operation far longer, so I think it is possible that some users migrated to translingo.cacert.org, without telling us.
      • I would suggest to mass-mail the email addresses of the translation-project leaders in the translingo database, to inform them, and to ask them to speak up if they still need it
      • last foreign uploads 2008 on about 13 + cacert projects
      • whohas translingo server console access?
        • mario
      • req for console access for michael to contact project leaders, Updates?
      • Transfer In, Transfer Out problems
      • Update from new deployment ?
      • opened for: create an account can now be started
      • Michael current state:
        • import and export routine works
        • script to incorporate updates needs fixed
      • next: complete language handling needs to be updated
      • accept lang handler needs fix
        • FF de, de_de
        • IE 6 de, 8,9 de_de
      • working session within last meeting: michael, marcus
        • infos from meeting 2011-10-18
          • pdf code needs rewrite (uni code library, move to external server (outsourcing))
          • message cert notification - uses perl code, text source not avail (get bind-text-domain)
      • current state?
      • Marcus sent mailing to translators, no response so far, no tests so far (week 3)
        • Morten NO
        • Emanuel IT
      • current state:
        • create test system accounts dutch@test, espania@test and so on, let users do their tests
        • Magu, Marcus will give it a try
        • a couple of testers has started testing and reporting within the last 7 days

   2. bug#894 "Haeckchen bug" - review done, changes needs reviewed again

      • 3

        Dirk

        bug#894 assure someone patches (checkbox)

        (incl wot.php changes) tested by 2, needs 2nd review, deploy new test round

        ? / u1 / m1

      • review by dirk in session, review ok
      • current state:
        • needs testing
        • Magu, Marcus will pickup the task
        • one test and report done this week (in week 3)

5. Policy group discussion - Extended key usage -> p20111113 started, extended for 1 week

   • new related topics
     • ios5 bug

     • Baseline Requirements

6. OCSP server - timeout 10 min too short, 3 days to long, recommendation is 24-48 hours max, verisign: 7 days, startssl: 2d
   • who has been informed, contacted?
   • Michael will inform Wytze
7. Build + Document Emergency Patches Path

   • Build + Document Emergency Patches Path

     Andreas, Uli, Wytze

   • Software/Assessment/Documentation/EmergencyPatches

   • Documentation written, reviewed by Wytze, Marcus

   • Michael: reminder for review Software/Assessment/Documentation/EmergencyPatches

   • other reviews done ?
8. Michaels workqueue
   1. New function to TMS - edit notary table record

      • bug #980

      • infos from last meeting
      • testers needs editing individual notary records: fields "method", "awarded", "points"
      • easier to create notary records with testserver (add F2F), and edit existing record, doesn't need to check for assurer-from, assuree-to and so on
      • Update?
      • Michael (2011-11-15): after some other bug reviews
9. Dirks workqueue - The List of open / running / unhandled bugs

   1. VBscript for Vista/Win7 (select keysize >= 1024) - reminder to dirk

      • x1 Dirk, new bug#964 DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV

        current state: test /account/4.php added to testserver Marcus will do detailed tests on Wed some references added to bug#964

      • as part of

      • x¹ Arbitration case a20110312.1 Weak keys bug #918 / bug #954 / bug#964

      • Current state:

        • 	pre mailing sent
          	keys revocation script to bulk revoke weak keys, new bug #954, finished
          	dirk: DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024) Api CertEnroll (MS crypto provider) new bug#964 current state: test /account/4.php added to testserver Marcus will do detailed tests on Wed some references added to bug#964
          	Weak keys blog post, published
          	Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30)
          	weak keys: problems with cryptostick (to test at Froscon with Juergen ?)

      • cert enroll infos under bug#964

      • vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation

        • http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx

        • Marcus: added notes for Win7 https://bugs.cacert.org/view.php?id=964#c2249

      • dirk: has not started the virtual machine
      • Question from Marcus: did someone contacted illuminat?
        • No, Marcus: to contact illuminat
        • illuminat will give it a try, first needs download of testserver image
      • Update?

10. Bugs to Review #1, transfer to testserver - Currently 4

    • uli	bug #977 admin console text fix	admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue
      uli	bug #967 OA isassurer check	Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer
      uli	bug #859 admin console interface	feature request: show activity on an account in the admin interface, new update
      inopiae	bug #981 OA overview (dupe of bug #943)	New layout of view for Organisation Administraors in account/id35

11. Bugs under testing: - Currently 5

    • 	neo	bug #985 move translingo to translations	check language settings under testserver
      	inopiae	bug #920 Join - single name only (eg Indonesian)	details under bug number present to Policy Group ?
      	uli	bug #855 admin console interface "unknown" + "empty" assurance method fields, needed for correct testing on testserver	admin console lists "empty" and "Unknown" assurance types on listing given Assurances
      3	Dirk	bug#894 assure someone patches (checkbox)	(incl wot.php changes) tested by 2, needs 2nd review, deploy new test round		? / u1 / m1
      7	uli, ted	bug #789 OA edit domain fix	Editing domain for organisations does not work new update 2011-09-26 more fixes, more testing * testcase scenario * open org, edit 1st domain in new window, edit 2nd domain in new window * results in: change made in window 2, written to record in window 2 * needs cross checking		? / u7 / m7

12. Needs 2nd review + transfer to Critical team, to bundle, to deploy - Currently 2

    • define priority eg. 10,2, and so on, proposed order: from 1 to 10

      8	Ted, uli	bug #957 Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible	last update 2011-08-19 tested 3 times ready to deploy?		? / u8 / m8
      10	uli, Ted	bug #965 0000965: Outsource / fix Webdb text pages id=12, 13	addtl. id=37, id=38, new update 2011-09-25		? / u10 / m10

13. Needs development, deployment, discussion, reminder

    1. bug #835 Migrate CATS onto testserver

       • bug #835 Assurer challenge (on testserver)

         asssigned to Ted, CATS to install on ca-mgr1, awaiting deployment

14. strategy plans ... next: strategy for "New Roots & Escrow"

    1. idea: using indirect crl's ?
       • 2 crl's needed, one valid, one invalid crl server
       • more infos available ? who ?
         1. build testserver with special certs
         2. Magu, Michael to send instructions for test deployment

            • indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5)

       • meetings ago we've defined Testing requirements and a potential testszenario
       • to remind every meeting
       • Michael: testserver environment deployment
       • Michael will review after Certs extension policy group vote
    2. policy group: define requirements
       • multimember escrow method ?
         • needs risk analyze
         • potential candidates ?
           • Marcus to contacted Benedikt, will contact Thomas K
           • Next step(s)
15. CI (Update)

    1. description to eclipse testpage, Webinar

       • deployment scenario:
         1. create testusers
         2. testing
         3. delete testusers
       • regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
       • reminder
    2. Jubula Test-Tool (by Michael) - update?

       • http://www.eclipse.org/jubula/download.php

       • instructions see under Minutes meeting 2011-08-30

       • test deployment needs to be continued by software testers

       • Jubula documentation started: Software/Jubula

    3. new proposal by Sven: Webdriver with Maven and Jenkins-CI
       1. Jubula vs. Webdriver
       2. testserver variants
          1. testserver for manual tests
          2. testserver of OS and application upgrades
          3. testserver for CI
       3. test methods
          1. unit test
             • test single modules, exceptions
          2. integration tests
             • test interaction of modules
          3. system tests
             • complete system test, with database interactions, module interactions and much more
       4. sven did some work regarding frontendtest (Webdriver with Maven and Jenkins-CI)
          • Michael did some review: probably needs some seperation
16. Infrastructure seperation
    • contacting secure-u, oophaga started?
      • Frank, Mario, Ted, Uli, Sebastian ?
17. next meeting: Tuesday, November 29, 2011 22:00

Minutes

1. dirk: votebot for agm active?
   • source is in svn
   • votebot running on irc

2. bug #976 - database restructure preperation

   • current state summary:
     • transfered to critical system, patch has been applied
     • outstanding: database upgrade, scheduled for Wed Nov 23rd

3. bug #827 - New Points calculation / Thawte patch

   • next steps:

     1. mailing script not yet prepared -> dirk

        • ascending user id's with high watermark file
        • dirks work-queue: agm/sgn minutes

          • uli picksup agm/sgm minutes, dirk writes patch - deal => finished

        • plain test works, but mysql reports errors
          • scripts needs to be uploaded
        • uploaded to testserver
          • hot deployment / testing on testserver
          • first tests: lang splitting doesn't work, adding some fixes
        • text coding ... utf8 ?
          • mysql.php - extra parameter to send iso-8859-1
        • utf8 doesn't work as expected, RU results in garbage, FR and DE halfway gargabled
   • PR
     • dirk: note from alex: german translation should have an error

4. bug #968 documentation, action required?

   • bug #968 refers to bug #909 as parent

   • bug #909 refers to 3 bugs (!):

     • bug #963	Logout Session not completely reset	solved
       bug #968	too many error messages logged, general.php	solved
       bug #908	Session unregister when logging out seems to contain bugs	still open

   • is 908 solved by 963 ?
     • Michael: yes
5. Testers workqueue

   1. Translingo bug #985

      • https://translations.cacert.org (http://translations.cacert.org/) (replacement for translingo)

      • the translingo.cacert.org had been in operation far longer, so I think it is possible that some users migrated to translingo.cacert.org, without telling us.
      • I would suggest to mass-mail the email addresses of the translation-project leaders in the translingo database, to inform them, and to ask them to speak up if they still need it
      • last foreign uploads 2008 on about 13 + cacert projects
      • whohas translingo server console access?
        • mario
      • req for console access for michael to contact project leaders, Updates?
      • Transfer In, Transfer Out problems
      • Update from new deployment ?
      • opened for: create an account can now be started
      • Michael current state:
        • import and export routine works
        • script to incorporate updates needs fixed
      • next: complete language handling needs to be updated
      • accept lang handler needs fix
        • FF de, de_de
        • IE 6 de, 8,9 de_de
      • working session within last meeting: michael, marcus
        • infos from meeting 2011-10-18
          • pdf code needs rewrite (uni code library, move to external server (outsourcing))
          • message cert notification - uses perl code, text source not avail (get bind-text-domain)
      • current state?
      • Marcus sent mailing to translators, no response so far, no tests so far (week 3)
        • Morten NO
        • Emanuel IT
      • current state:
        • create test system accounts dutch@test, espania@test and so on, let users do their tests
        • Magu, Marcus will give it a try
        • a couple of testers has started testing and reporting within the last 7 days
        • results: de, fr, en, pl, es
          • pl: open question with special chars

   2. bug#894 "Haeckchen bug" - review done, changes needs reviewed again

      • 3

        Dirk

        bug#894 assure someone patches (checkbox)

        (incl wot.php changes) tested by 2, needs 2nd review, deploy new test round

        ? / u1 / m1

      • review by dirk in session, review ok
      • current state:
        • needs testing
        • Magu, Marcus will pickup the task
        • one test and report done this week (in week 3)
   3. 965 outsource webdb pages
      • needs retesting
   4. uli to ping testers

6. Policy group discussion - Extended key usage -> p20111113 started, extended for 1 week

   • new related topics
     • ios5 bug
       • all sources regarding ios5 says: keyusage must be present
       • so its likely that cps fix fixes ios5 bug too

     • Baseline Requirements

       • keysize
       • keyusage is also referenced
         • similiar to CAcert's new proposal
7. OCSP server - timeout 10 min too short, 3 days to long, recommendation is 24-48 hours max, verisign: 7 days, startssl: 2d
   • who has been informed, contacted?
   • Michael will inform Wytze
   • mail not yet written
8. Build + Document Emergency Patches Path

   • Build + Document Emergency Patches Path

     Andreas, Uli, Wytze

   • Software/Assessment/Documentation/EmergencyPatches

   • Documentation written, reviewed by Wytze, Marcus

   • Michael: reminder for review Software/Assessment/Documentation/EmergencyPatches

   • Michael: not reviewed yet

9. VBscript for Vista/Win7 (select keysize >= 1024) - reminder

   • marcus: illuminat not yet seen last time

   • baseline requirement - keyssize >= 2048 to fix till end of 2011

   • how to proceed?
     • dirk: 1st step, to bring win test server localy online
     • marcus: to contact illuminat

10. strategy plans ... next: strategy for "New Roots & Escrow"

    • no update
11. CI (Update)
    • no update
12. Infrastructure seperation
    • no update
13. next meeting: Tuesday, November 29, 2011 22:00
14. Working session: mailing script

    • problem with revoke assurance - proposal for SE's: Support/Handbook/NewPointsCalculation

    • [0:50] while working on the mailing script .... working session meeting adjourned to Wed 20:00 UTC (21 CET)

Minutes 2011-11-23 (Cont.)

• Meeting starts at 21:00 CET
• Attendees: Magu, Marcus, Dirk, Michael, Uli
• Text output from test run is ok also with special and utf chars
• Counter missing
  • discussion if counter or not
  • dirk: no spare time to add counter to the script

• review of Support/Handbook/NewPointsCalculation instructions for SE's

  • Mail from Support to Assurer
  • Name and Email should be send in info mail
    • 3 potential scenarios possible:
      1. orig email is identical to email addr on CAP form
      2. orig email is secondary email in account, assuree can set email addr from assurance to primary email
      3. orig email from assurance is no longer valid, assurer has to contact support
         • addtl. documentation required
           • new email addr to write onto assurers cap form, with ticket id, old assurance id, new assurance id
           • addtl. documentation old id + ticket id to add in locations field
  • review finished

Fixed Action Items since last or within meeting

• Michael	bug #968 error logging cleanup (splitted bug #909) split 0000909: too many error messages logged - part II - general.php create certs,certs,certs 2 sessions: 2011-09-21 + 2011-09-25 more tests needed create certs,certs,certs,certs create client, server, gpg keys, org client and server certs logs reviewed, ok Michael to contact Ted for 2nd review
  Michael	bug #540 Policy group discussion - Extended key usage -> p20111113 started, addtl. mail to policy group with some more explanations, especialy which flags are for the Adobe bug, why this CPS update is neccessary
  uli	to pick up dirks working items: agm/sgm minutes, so dirk can write the mailing script
  Magu, Marcus	Translingo bug #985 prepare lang test accounts dutch@test, espania@test and so on, mail users doing some tests
  dirk	mailing script for New points count project newsletter mailing
  uli	to close bug #968, bug #909, bug #963 and bug #908

Action Items New

Action items: Meeting Action Items

• CategorySoftwareAssessment