To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting

Minutes of the MiniTOP on the 2011-12-13

Setting

The MiniTOP will be held via telco 22:00 CET

Attendees: magu, uli, dirk, michael (late)

Topics

(skip to agenda)

Action items from last meeting Meeting Action Items

Agenda

1. bug#794 Display certs in admin console

bug#794 display certs in admin console

bug #827 mailing results in around 36 new "delete account cases" moved into disputes queue

Time and action needed per case		total
0,5 hour	to move from disputes into arbitration queue (iCM)	18 hours
2 hours	pickup and handling by an arbitrator	72 hours
20 min	handling by an SE	12 hours
Total:		102 (12) hours

The problem:
- Arbitration is slow (don't wonder why)
- Delete Account cases can be handled by Support-Engineers, once Arbitrator has an option to rule a precedent case, that SE can check that 0 certs are used by the user, w/o hijacking an account
- so this will free the disputes queue of about > 90% of all "delete account" cases
- summary: 12 hours work by an SE with a software fix, + (10% of 90 hours = ) 9 hours by arbitration = 21 hours in total instead of 102 hours without a software fix
from within last meeting: bug#794 Display certs in admin console
- assigned to michael, checked in to cacert-devel
- 1. review by michael
- 2 tests done
- 2nd review dirk and go
- working session: michael / dirk - git for beginners and runaways

2. bug #827 - New Points calculation / Thawte patch

bug #827
"Special case" - handling of 0:0 cases under arbitration
- Arbitration case a20111001.1 still running
- review of Support/Handbook/NewPointsCalculation instructions for SE's
  - 3 potential scenarios possible:
    1. orig email is identical to email addr on CAP form
    2. orig email is secondary email in account, assuree can set email addr from assurance to primary email
    3. orig email from assurance is no longer valid, assurer has to contact support
      - addtl. documentation required
      - new email addr to write onto assurers cap form, with ticket id, old assurance id, new assurance id
      - addtl. documentation old id + ticket id to add in locations field
  - mailing script / sql query
bug#827 + bug#882 to merge
- close bug#882
- wot.inc.php + notary.inc.php to merge
- continue with bug#827
- pojam bug to fix

3. Patches queue

Translingo bug #985
- https://translations.cacert.org (http://translations.cacert.org/) (replacement for translingo)
- the translingo.cacert.org had been in operation far longer, so I think it is possible that some users migrated to translingo.cacert.org, without telling us.
- I would suggest to mass-mail the email addresses of the translation-project leaders in the translingo database, to inform them, and to ask them to speak up if they still need it
- last foreign uploads 2008 on about 13 + cacert projects
- whohas translingo server console access?
  - mario
- req for console access for michael to contact project leaders, Updates?
- Transfer In, Transfer Out problems
- Update from new deployment ?
- opened for: create an account can now be started
- Michael current state:
  - import and export routine works
  - script to incorporate updates needs fixed
- next: complete language handling needs to be updated
- accept lang handler needs fix
  - FF de, de_de
  - IE 6 de, 8,9 de_de
- working session within last meeting: michael, marcus
  - infos from meeting 2011-10-18
    - pdf code needs rewrite (uni code library, move to external server (outsourcing))
    - message cert notification - uses perl code, text source not avail (get bind-text-domain)
- current state?
- Marcus sent mailing to translators, no response so far, no tests so far (week 3)
  - Morten NO
  - Emanuel IT
- current state:
  - create test system accounts dutch@test, espania@test and so on, let users do their tests
  - Magu, Marcus will give it a try
  - a couple of testers has started testing and reporting within the last 7 days
  - results: de, fr, en, pl, es, pl
- last meeting: working session bug#985 translingo transfer
  - Michael: needs 2nd review
bug#540 No key usage attribute in cacert org certs anymore?
- also: bug#905
- Policy group discussion - Extended key usage -> p20111113, motion CARRIED
- deployment
  1. prepare fixes -> Michael to prepare diffs, against svn
  2. sending to testserver
  3. transfer to critical system
Marcus: working session bug#789 OA field extension
- magu to test
Marcus: working session bug#859 Activity on Account
- Michael: needs 1st review + transfer to testserver

4. Michaels workqueue

OCSP server - timeout 10 min too short, 3 days to long, recommendation is 24-48 hours max, verisign: 7 days, startssl: 2d
- who has been informed, contacted?
- Michael will inform Wytze
- not yet written
  - thread relates to https://lists.cacert.org/wws/arc/cacert-board/2011-11/msg00021.html
Build + Document Emergency Patches Path
- Build + Document Emergency Patches Path
  
  Andreas, Uli, Wytze
- Software/Assessment/Documentation/EmergencyPatches
- Documentation written, reviewed by Wytze, Marcus
- Michael: reminder for review Software/Assessment/Documentation/EmergencyPatches
- other reviews done ?
New function to TMS - edit notary table record
- bug #980
- infos from last meeting
- testers needs editing individual notary records: fields "method", "awarded", "points"
- easier to create notary records with testserver (add F2F), and edit existing record, doesn't need to check for assurer-from, assuree-to and so on
- Update?
- Michael (2011-11-15): after some other bug reviews

5. Dirks workqueue - The List of open / running / unhandled bugs

VBscript for Vista/Win7 (select keysize >= 1024) - reminder to dirk

x¹ Dirk, new bug#964
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV

current state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964

as part of
x¹ Arbitration case a20110312.1 Weak keys bug #918 / bug #954 / bug#964

Current state:

	pre mailing sent
	keys revocation script to bulk revoke weak keys, new bug #954, finished
	dirk: DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024) Api CertEnroll (MS crypto provider) new bug#964 current state: test /account/4.php added to testserver Marcus will do detailed tests on Wed some references added to bug#964 - codename "BlackJack"
	Weak keys blog post, published
	Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30)
	weak keys: problems with cryptostick (to test at Froscon with Juergen ?)

cert enroll infos under bug#964
vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation
- http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx
- Marcus: added notes for Win7 https://bugs.cacert.org/view.php?id=964#c2249
dirk: has not started the virtual machine
Question from Marcus: did someone contacted illuminat?
- No, Marcus: to contact illuminat
- illuminat will give it a try, first needs download of testserver image
Update?
- marcus: illuminat not yet seen last time
- baseline requirement - keyssize >= 2048 to fix till end of 2011
- how to proceed?
- dirk: 1st step, to bring win test server localy online
- marcus: to contact illuminat
- Do we have other developers who may pick up this project?
Marcus -> dirk: announcement of vbscript bug to developers mailing list
- change keysize
- merge 2 scripts to one
- fix on script 1 needs fix in 2nd script too, solutions: include, one file, or comment fix script 2 too
interrupt: bug#964 -> codename "BlackJack"
- relates to IE8 problem, that certs cannot be created
- is there a security issue with available fix? also bug#918
- related 927, 901, 847
- a patch is online on testserver, but cannot found
- related patch files, /pages/account/ 3,4,16,17; /include/account.php
- there are other vbscript pages: ../account/ 6 + 19

6. General Bugs List Overview

Bugs to Review #1, transfer to testserver - Currently 4

uli	bug #977 admin console text fix	admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue
uli	bug #967 OA isassurer check	Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer
uli	bug #859 admin console interface	feature request: show activity on an account in the admin interface, new update $/!\$
inopiae	bug #981 OA overview (dupe of bug #943)	New layout of view for Organisation Administraors in account/id35

Bugs under testing: - Currently 2

	inopiae	bug #920 Join - single name only (eg Indonesian)	details under bug number present to Policy Group ?
	uli	bug #855 admin console interface "unknown" + "empty" assurance method fields, needed for correct testing on testserver	admin console lists "empty" and "Unknown" assurance types on listing given Assurances

Needs 2nd review + transfer to Critical team, to bundle, to deploy - Currently 4

define priority eg. 10,2, and so on, proposed order: from 1 to 10

8	Ted, uli	bug #957 Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible	last update 2011-08-19 tested 3 times ready to deploy?	? / u8 / m8
1	uli, michael	bug#794 display certs in admin console	last update 2011-12-06 tested by 2 2nd review + transfer	1
7	uli, ted	bug #789 OA edit domain fix	Editing domain for organisations does not work new update 2011-09-26 more fixes, more testing * testcase scenario * open org, edit 1st domain in new window, edit 2nd domain in new window * results in: change made in window 2, written to record in window 2 * needs cross checking	? / u7 / m7
2	neo	bug #985 move translingo to translations	check language settings under testserver	2

Needs development, deployment, discussion, reminder
1. bug #835 Migrate CATS onto testserver
  - bug #835 Assurer challenge (on testserver)
    
    asssigned to Ted, CATS to install on ca-mgr1, awaiting deployment

7. Long term projects

strategy plans ... next: strategy for "New Roots & Escrow"
1. idea: using indirect crl's ?
  - 2 crl's needed, one valid, one invalid crl server
  - more infos available ? who ?
    1. build testserver with special certs
    2. Magu, Michael to send instructions for test deployment
      - indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5)
  - meetings ago we've defined Testing requirements and a potential testszenario
  - to remind every meeting
  - Michael: testserver environment deployment
  - Michael will review after Certs extension policy group vote
2. policy group: define requirements
  - multimember escrow method ?
    - needs risk analyze
    - potential candidates ?
      - Marcus to contacted Benedikt, will contact Thomas K
      - Next step(s)
CI (Update)
1. description to eclipse testpage, Webinar
  - deployment scenario:
    1. create testusers
    2. testing
    3. delete testusers
  - regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
  - reminder
2. Jubula Test-Tool (by Michael) - update?
  - http://www.eclipse.org/jubula/download.php
  - instructions see under Minutes meeting 2011-08-30
  - test deployment needs to be continued by software testers
  - Jubula documentation started: Software/Jubula
3. new proposal by Sven: Webdriver with Maven and Jenkins-CI
  1. Jubula vs. Webdriver
  2. testserver variants
    1. testserver for manual tests
    2. testserver of OS and application upgrades
    3. testserver for CI
  3. test methods
    1. unit test
      - test single modules, exceptions
    2. integration tests
      - test interaction of modules
    3. system tests
      - complete system test, with database interactions, module interactions and much more
  4. sven did some work regarding frontendtest (Webdriver with Maven and Jenkins-CI)
    - Michael did some review: probably needs some seperation
Infrastructure seperation
- contacting secure-u, oophaga started?
  - Frank, Mario, Ted, Uli, Sebastian ?
- 2011-12-01: Vienna response
Helping CAcert
- How does recruitment work?
- Newsletters, recuring notifications
- Fosdem -> focus on Nucleus events
- Recruitment on events?
- Recruitment page eg events/Recruitment, HelpingCAcert, Jobs
- Flyers?
- re-design main page:
  - dirk: 3 news, upcoming events
  - michael: *
  - rss-feed script modification is simple
  - main page cms page, login to secure area
    - public: www.cacert.org
      - secure1: www.cacert.org
      - secure2: secure.cacert.org

8. next meeting: Tuesday, December 20, 2011 22:00

Minutes

bug#794 display certs in admin console
- not reviewed yet
bug #827
- dirk: 0:0 addtl. mailing questionable
Ad hoc sql queries regarding system flag settings
- running arbitrations: a20110221.1 and a20110118.1
Translingo bug #985
- needs 2nd review by dirk or ted
bug#540 No key usage attribute in cacert org certs anymore?
- approx 2 weeks to write the fix
- approx 2 months to go
bug 978 (weak keys) (bug 918)
- invalid key format, no regular error message, something wrong, error code # identified
- debugging infos from user + infos from critical team with error code #
- was spkac routine
2nd reviews
- bug #978
- bug #855
Discovery II a20110118.1 discussion
- who should receive infos? list of appropiate recipients listed in discovery II table
- possible software solutions:
  1. triggered info mailing eg board-private mailing list + support
  2. view page with current results (like hidden stats page?)

Fixed Action Items since last or within meeting

Dirk	bug#894 assure someone patches (checkbox)	(incl wot.php changes) tested by 2, needs 2nd review, deploy rejected re-fixed, tested, transfered	1
Michael/Wytze	bug #976 - database restructure preperation	post patches permissions update

Action Items New

Action items: Meeting Action Items

Software/Assessment/ActionItems

Marcus	cap.php review different languages, from meeting 2012-04-24, contact translators
uli	Experience points for ATE attendance check board motions and/or trigger if not yet passed
uli	Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18 current state: see Funding Landing Page
All	1. next: strategy for "New Roots & Escrow" - using indirect crl's ? indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment
dirk, Michael	3. next: strategy for "New Roots & Escrow" - how does debian work? to contact, deferred to next events (?)
Uli, Michael	Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png

Development, Deployment, Discussion

dirk Brian	DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php)	new bug#964 current state: test /account/4.php added to testserver Marcus will do detailed tests on Wed some references added to bug#964 done. proposal patch from Brian rcvd
OAO, Ted	bug #943 change OA admin/assurer text	needs 2nd test -> Fabian, Marc, Alex? / needs 2nd review -> Ted, rejected
uli, Ted	bug #824 Org User cert fix Case study	Organisation User Certificates: Need UI improvement for proper production usage
uli	bug #988 TTP cap form deployment Case study	sneak preview for local testserver deployment only
uli, ted	bug #823 email address removal fix	No warning when removing e-mail address from account that certificates will be revoked checked by 4, needs 2nd review, deploy rejected
inopiae	bug #920 Join - single name only (eg Indonesian)	details under bug number
uli	bug #859 admin console interface	feature request: show activity on an account in the admin interface rejected, certs login doesn't modify "modified" field
All	bug #1034 files to remove from webdb	eg wot/14

Software Assessors: Review 1 / add to cacert-devel, add to testserver

Software-Assessors task

uli

bug #977 admin console text fix

admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue

Testing

Testers task

gagern	bug #440 Problem with subjectAltName (CSR, renew certs)	There seems to be a problem with the subjectAltName. Dupes, missing entries, and more
neo	bug #922 CAcert application code problem causing missing "certificate about to expire" messages
Ted	bug #835 Assurer challenge (on testserver)	needs testing
Michael	bug #1003 Provide a possibility to regularly review the permissions in the system	also bug #1038 Provide a script for board/tverify reset flags by arbitration a20110118.1
neo	bug #1025 Domain Dispute issue	disputes rc and rc2 var prob

Software Assessors: 2nd Review, Bundle Package to Critical Team

Software-Assessors task

uli, ted	bug #789 OA edit domain fix	Editing domain for organisations does not work new update 2011-09-26 2 tests, needs 2nd review, deploy more fixes, more testing	6
uli	bug #967 OA isassurer check	Give an OA the opportunity to check if a designated Organisation Administrator is a CAcert assurer
neo	bug #978 Invalid SPKAC requests are not properly validated	recheck full certs signing procedures duplicate report to bug#540
Michael	bug #540	p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing uli, marcus: needs full cert create tests duplicate report to bug#978
neo	bug #1024 Assurer flag is not set correctly on updatesort.php run	tested by 4, ok
dirk	bug #1023 Consolidate changes into the Assure Someone page	6.php global re-design project assurance, wot area (Thawte points removal effective)
inopiae	bug #981 OA overview (dupe of bug #943)	New layout of view for Organisation Administrators in account/id35

Software Assessors: Bundle Package to Critical Team

Software-Assessors task

Awaiting Response from Critical Team

CategorySoftwareAssessment

CategorySoftwareAssessment

Software/Assessment/20111213-S-A-MiniTOP (last edited 2011-12-20 01:19:34 by UlrichSchroeter)