Minutes of the MiniTOP on the 2011-11-29

Setting

The MiniTOP will be held via telco 22:00 CET

Attendees: dirk, marcus, magu, uli, werner, michael

Topics

(skip to agenda)

Action items from last meeting Meeting Action Items

Agenda

  1. bug #976 - database restructure preperation

    • current state summary:
      • transfered to critical system, patch has been applied
      • database upgrade, scheduled for Wed Nov 23rd, successfully finished

  2. bug #827 - New Points calculation / Thawte patch

    1. The patch

      • Dirk, Michael

        bug #827 and bug #959 Thawte patch/Points-Count-Order-Change project

        related bug 959: needs 1 more test, needs 2nd review / 2nd review: also check -x / tests done, needs 2nd review
        959 {g} reviewed, deployed
        827 {g} reviewed, deployment in 2 steps
        deployed, report from Wytze

        {g}
        {0}

      • state 2011-11-27
        1. The patch
          • patch 10.php added
        2. PR work
          • mailing script running/sent
        3. "Special case" - handling of 0:0 cases under arbitration

          • Arbitration case a20111001.1 still running

          • review of Support/Handbook/NewPointsCalculation instructions for SE's

            • 3 potential scenarios possible:
              1. orig email is identical to email addr on CAP form
              2. orig email is secondary email in account, assuree can set email addr from assurance to primary email
              3. orig email from assurance is no longer valid, assurer has to contact support
                • addtl. documentation required
                • new email addr to write onto assurers cap form, with ticket id, old assurance id, new assurance id
                • addtl. documentation old id + ticket id to add in locations field
        4. Questions from last 10 meetings:
          • dirk: when will 827 goes to production?
          • date fixed: 2011-11-27
  3. Testers workqueue

    1. Translingo bug #985

      • https://translations.cacert.org (http://translations.cacert.org/) (replacement for translingo)

      • the translingo.cacert.org had been in operation far longer, so I think it is possible that some users migrated to translingo.cacert.org, without telling us.
      • I would suggest to mass-mail the email addresses of the translation-project leaders in the translingo database, to inform them, and to ask them to speak up if they still need it
      • last foreign uploads 2008 on about 13 + cacert projects
      • whohas translingo server console access?
        • mario
      • req for console access for michael to contact project leaders, Updates?
      • Transfer In, Transfer Out problems
      • Update from new deployment ?
      • opened for: create an account can now be started
      • Michael current state:
        • import and export routine works
        • script to incorporate updates needs fixed
      • next: complete language handling needs to be updated
      • accept lang handler needs fix
        • FF de, de_de
        • IE 6 de, 8,9 de_de
      • working session within last meeting: michael, marcus
        • infos from meeting 2011-10-18
          • pdf code needs rewrite (uni code library, move to external server (outsourcing))
          • message cert notification - uses perl code, text source not avail (get bind-text-domain)
      • current state?
      • Marcus sent mailing to translators, no response so far, no tests so far (week 3)
        • Morten NO
        • Emanuel IT
      • current state:
        • create test system accounts dutch@test, espania@test and so on, let users do their tests
        • Magu, Marcus will give it a try
        • a couple of testers has started testing and reporting within the last 7 days
        • results: de, fr, en, pl, es, pl

    2. bug#894 "Haeckchen bug" - review done, changes needs reviewed again

      • 3

        Dirk

        bug#894 assure someone patches (checkbox)

        (incl wot.php changes)
        tested by 2, needs 2nd review, deploy
        new test round

        {0}

        ? / u1 / m1

      • review by dirk in session, review ok
      • current state:
        • needs testing
        • Magu, Marcus will pickup the task
        • one and last test and report done 2011-11-19 (week 4)

  4. bug#540 No key usage attribute in cacert org certs anymore?

    • also: bug#905

    • Policy group discussion - Extended key usage -> p20111113 started, extended for 1 week

    • new related topics
      • ios5 bug
        • tested, works and fixes the ios5 bug

      • Baseline Requirements

        • quick review doesn't cover any clashes with our proposal
    • Motion CARRIED with strong consensus

    • blog post added

    • next steps:
      • prepare fixes
      • testing?
      • transfer to critical system
  5. OCSP server - timeout 10 min too short, 3 days to long, recommendation is 24-48 hours max, verisign: 7 days, startssl: 2d
    • who has been informed, contacted?
    • Michael will inform Wytze
  6. Build + Document Emergency Patches Path
  7. Michaels workqueue
    1. New function to TMS - edit notary table record

      • bug #980

      • infos from last meeting
      • testers needs editing individual notary records: fields "method", "awarded", "points"
      • easier to create notary records with testserver (add F2F), and edit existing record, doesn't need to check for assurer-from, assuree-to and so on
      • Update?
      • Michael (2011-11-15): after some other bug reviews
  8. Dirks workqueue - The List of open / running / unhandled bugs

    1. VBscript for Vista/Win7 (select keysize >= 1024) - reminder to dirk

      • x1 Dirk, new bug#964
        DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV

        current state: test /account/4.php added to testserver
        Marcus will do detailed tests on Wed
        some references added to bug#964

        {-}

      • as part of

      • x1 Arbitration case a20110312.1 Weak keys bug #918 / bug #954 / bug#964

      • Current state:

        • {g}

          pre mailing sent

          {g}

          keys revocation script to bulk revoke weak keys, new bug #954, finished

          {-}

          dirk: DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV
          vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024)
          Api CertEnroll (MS crypto provider)
          new bug#964
          current state: test /account/4.php added to testserver
          Marcus will do detailed tests on Wed
          some references added to bug#964

          {g}

          Weak keys blog post, published

          {g}

          Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30)

          {b}

          weak keys: problems with cryptostick (to test at Froscon with Juergen ?)

      • cert enroll infos under bug#964

      • vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation

      • dirk: has not started the virtual machine
      • Question from Marcus: did someone contacted illuminat?
        • No, Marcus: to contact illuminat
        • illuminat will give it a try, first needs download of testserver image
      • Update?
        • marcus: illuminat not yet seen last time

        • baseline requirement - keyssize >= 2048 to fix till end of 2011

        • how to proceed?
        • dirk: 1st step, to bring win test server localy online
        • marcus: to contact illuminat

  9. Bugs to Review #1, transfer to testserver - Currently 4

    • uli

      bug #977 admin console text fix

      admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue

      {0}

      uli

      bug #967 OA isassurer check

      Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer

      {0}

      uli

      bug #859 admin console interface

      feature request: show activity on an account in the admin interface, new update /!\

      {0}

      inopiae

      bug #981 OA overview (dupe of bug #943)

      New layout of view for Organisation Administraors in account/id35

      {0}

  10. Bugs under testing: - Currently 5

    • neo

      bug #985 move translingo to translations

      check language settings under testserver

      {0}

      inopiae

      bug #920 Join - single name only (eg Indonesian)

      details under bug number
      present to Policy Group ?

      {0}

      uli

      bug #855 admin console interface "unknown" + "empty" assurance method fields, needed for correct testing on testserver

      admin console lists "empty" and "Unknown" assurance types on listing given Assurances

      {0}

      3

      Dirk

      bug#894 assure someone patches (checkbox)

      (incl wot.php changes)
      tested by 2, needs 2nd review, deploy
      new test round

      {0}

      ? / u1 / m1

      7

      uli, ted

      bug #789 OA edit domain fix

      Editing domain for organisations does not work
      new update 2011-09-26
      more fixes, more testing
      * testcase scenario
      * open org, edit 1st domain in new window, edit 2nd domain in new window
      * results in: change made in window 2, written to record in window 2
      * needs cross checking

      {0}

      ? / u7 / m7

  11. Needs 2nd review + transfer to Critical team, to bundle, to deploy - Currently 1

    • define priority eg. 10,2, and so on, proposed order: from 1 to 10

      8

      Ted, uli

      bug #957 Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible

      last update 2011-08-19
      tested 3 times
      ready to deploy?

      {0}

      ? / u8 / m8

  12. Needs development, deployment, discussion, reminder

    1. bug #835 Migrate CATS onto testserver

      • bug #835 Assurer challenge (on testserver)

        asssigned to Ted, CATS to install on ca-mgr1, awaiting deployment

        {0}

  13. strategy plans ... next: strategy for "New Roots & Escrow"

    1. idea: using indirect crl's ?
      • 2 crl's needed, one valid, one invalid crl server
      • more infos available ? who ?
        1. build testserver with special certs
        2. Magu, Michael to send instructions for test deployment
      • meetings ago we've defined Testing requirements and a potential testszenario
      • to remind every meeting
      • Michael: testserver environment deployment
      • Michael will review after Certs extension policy group vote
    2. policy group: define requirements
      • multimember escrow method ?
        • needs risk analyze
        • potential candidates ?
          • Marcus to contacted Benedikt, will contact Thomas K
          • Next step(s)
  14. CI (Update)

    1. description to eclipse testpage, Webinar

      • deployment scenario:
        1. create testusers
        2. testing
        3. delete testusers
      • regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
      • reminder
    2. Jubula Test-Tool (by Michael) - update?
    3. new proposal by Sven: Webdriver with Maven and Jenkins-CI
      1. Jubula vs. Webdriver
      2. testserver variants
        1. testserver for manual tests
        2. testserver of OS and application upgrades
        3. testserver for CI
      3. test methods
        1. unit test
          • test single modules, exceptions
        2. integration tests
          • test interaction of modules
        3. system tests
          • complete system test, with database interactions, module interactions and much more
      4. sven did some work regarding frontendtest (Webdriver with Maven and Jenkins-CI)
        • Michael did some review: probably needs some seperation
  15. Infrastructure seperation
    • contacting secure-u, oophaga started?
      • Frank, Mario, Ted, Uli, Sebastian ?
  16. next meeting: Tuesday, December 6, 2011 22:00

Minutes

  1. Several discussions regarding mailing
    • increased support tickets, disputes
    • mailing state: 146.000 Tue 15:00
    • about 2800 mails/hour
    • returns: approx 4%

  2. bug#894 "Haeckchen bug" - review done, changes needs reviewed again

    • 3

      Dirk

      bug#894 assure someone patches (checkbox)

      (incl wot.php changes)
      tested by 2, needs 2nd review, deploy
      new test round

      {0}

      ? / u1 / m1

    • review by dirk in session, review ok
    • current state:
      • needs testing
      • Magu, Marcus will pickup the task
      • one and last test and report done 2011-11-19 (week 4)

    • running arbitration a20111001.1 prob

      • checkbox on AP, "Haeckchen bug" helps to pass the "old" assurance
      • alternates: adding comment field if checkbox is not set
    • current patch: check on AP to disable
      • patch transfered to cacert-devel
    • first test: first two checkboxes set, ok
      • pojam case potential problem

      • < 18 years -> 10 pts, < 14 years -> 0 pts

        • 2011-11-01 -> 10.php: 0 pts, 15.php -> 10 pts

      • 14 years limit started with pojam, limit given by pojam reached, issue upto 10 pts

        • 0 checkbox

          error missing checks

          only 1st checkbox

          error missing checks

          only 2nd checkbox

          error missing checks

          1+2 set

          ok

          1+2+3 set

          ok

  3. Marcus: working session bug#794 Display certs in admin console

    • assigned to michael

  4. Marcus: working session bug#789 OA field extension

    • magu to test

  5. Marcus: working session bug#985 translingo transfer

    • Michael: needs 2nd review

  6. Marcus: working session bug#859 Activity on Account

    • Michael: needs 1st review + transfer to testserver

  7. bug #976 - database restructure preperation

    • current state summary:
      • transfered to critical system, patch has been applied
      • database upgrade, scheduled for Wed Nov 23rd, successfully finished
    • downtime was about 5 min
    • cacert user has all permissions
      • Michael: proposal to limit permissions, eg remove, drop, index, references
      • magu: problem, can we expect that all works as before?
        • uli: if there are permission problems, this will be logged and logs the source

  8. bug #827 - New Points calculation / Thawte patch

    1. The patch

      • Dirk, Michael

        bug #827 and bug #959 Thawte patch/Points-Count-Order-Change project

        related bug 959: needs 1 more test, needs 2nd review / 2nd review: also check -x / tests done, needs 2nd review
        959 {g} reviewed, deployed
        827 {g} reviewed, deployment in 2 steps
        deployed, report from Wytze

        {g}
        {g}

      • mailing is running
      • arbitration picked up
    2. Questions from last 10 meetings:
      • dirk: when will 827 goes to production?
      • date fixed: 2011-11-27
  9. bug#827 + bug#882 to merge
    • close bug#882
    • wot.inc.php + notary.inc.php to merge
    • continue with bug#827
    • pojam bug to fix

  10. bug#540 No key usage attribute in cacert org certs anymore?

    • also: bug#905

    • Policy group discussion - Extended key usage -> p20111113 started, extended for 1 week

    • new related topics
      • ios5 bug
        • tested, works and fixes the ios5 bug

      • Baseline Requirements

        • quick review doesn't cover any clashes with our proposal
    • Motion CARRIED with strong consensus

    • blog post added

    • next steps:

      • prepare fixes -> Michael to prepare diffs, against svn

      • sending to testserver
      • transfer to critical system
  11. OCSP server - timeout 10 min too short, 3 days to long, recommendation is 24-48 hours max, verisign: 7 days, startssl: 2d
  12. Build + Document Emergency Patches Path
  13. Infrastructure seperation
    • contacting secure-u, oophaga started?
      • Frank, Mario, Ted, Uli, Sebastian ?
    • not yet contacted
  14. next meeting: Tuesday, December 6, 2011 22:00
    • dirk at 13th away

Fixed Action Items since last or within meeting

Action Items New

Action items: Meeting Action Items

Software/Assessment/ActionItems

Development, Deployment, Discussion

  • OAO, Ted

    bug #943 change OA admin/assurer text

    needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected

    {-}

    uli, Ted

    bug #824 Org User cert fix Case study

    Organisation User Certificates: Need UI improvement for proper production usage

    {0}

    uli, ted

    bug #823 email address removal fix

    No warning when removing e-mail address from account that certificates will be revoked
    checked by 4, needs 2nd review, deploy
    rejected

    {-}

    inopiae

    bug #920 Join - single name only (eg Indonesian)

    details under bug number

    {0}

    uli

    bug #859 admin console interface

    feature request: show activity on an account in the admin interface
    rejected, certs login doesn't modify "modified" field

    {r}

    Michael

    bug #540

    p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
    uli, marcus: needs full cert create tests
    duplicate report to bug#978
    tested by 3, 2nd review done, transfered
    Ken reported: still has problems, bug kept open

    {0}

    gagern, NEO

    bug #440 Problem with subjectAltName (CSR, renew certs)

    There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development

    {r}

    neo

    bug #1025 Domain Dispute issue

    disputes rc and rc2 var prob
    needs work

    {r}

    dirk

    bug #1054 0001054: Review the code regarding the new point calculation

    Thawte patch part II
    needs further work

    {r}

Software Assessors: Review 1 / add to cacert-devel, add to testserver

  • Software-Assessors task

Testing

  • Testers task

    neo

    bug #1004 Stats page improvement

    tested by 2, needs 2nd review

    {0}

    neo

    Bugs #1159 it might be possible to execute commands on the signing server

    {0}

    inopiae

    bug #1065 Wrong wording when sending mails during the assurance process

    {0}

    inopiae

    bug #1162 calcutate (the passwords) hash in php instead of in mysql

    create test scenarios for the software testers /!\
    Full testing /!\

    {0}

    inopiae

    bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails

    {0}

    inopiae

    bug #988 TTP cap form deployment

    {0}

Software Assessors: 2nd Review, Bundle Package to Critical Team

  • Software-Assessors task

    Ted

    bug #500 Get contact mail adress after resolving test

    tested by 3, requires review

    {0}

    Ted

    bug #1140 Show if a test is passed in learnprogress

    tested by 3, requires review

    {0}

    magu

    bug #1131 Rename _all_ Policies from .php to .html and fix all links

    global policy directory maintenance and update

    {0}

    inopiae

    bug #1010 Reorder the view on organisation certificates

    tested by 3

    {0}

Software Assessors: Bundle Package to Critical Team

  • Software-Assessors task

    inopiae

    bug #1139 Add new fields to the database

    tests through #500 and #1140, 2nd review done, requires transfer

    {0}

Awaiting Response from Critical Team

  • inopiae

    bug #411 Wrong text is made into link

    {g}

Software/Assessment/20111129-S-A-MiniTOP (last edited 2011-11-30 01:43:07 by UlrichSchroeter)