. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20111213-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20111227-S-A-MiniTOP|next meeting]]''' ---- = Minutes of the MiniTOP on the 2011-12-20 = == Setting == The MiniTOP will be held via telco 22:00 CET Attendees: Magu, Marcus, Michael, uli, dirk, alex == Topics == (skip to [[#AGENDA|agenda]]) Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]''' <> == Agenda == === 1. bug#794 Display certs in admin console === * [[https://bugs.cacert.org/view.php?id=794|bug#794]] display certs in admin console * [[https://bugs.cacert.org/view.php?id=827|bug #827]] mailing results in around 36 new "delete account cases" moved into disputes queue ||<-2> Time and action needed per case || total || || 0,5 hour || to move from disputes into arbitration queue (iCM) || 18 hours || || 2 hours || pickup and handling by an arbitrator || 72 hours || || 20 min || handling by an SE || 12 hours || ||<-2> Total: || 102 (12) hours || * The problem: * Arbitration is slow (don't wonder why) * Delete Account cases can be handled by Support-Engineers, once Arbitrator has an option to rule a precedent case, that SE can check that 0 certs are used by the user, w/o hijacking an account * so this will free the disputes queue of about > 90% of all "delete account" cases * summary: 12 hours work by an SE with a software fix, + (10% of 90 hours = ) 9 hours by arbitration = 21 hours in total instead of 102 hours without a software fix * from within last meeting: [[https://bugs.cacert.org/view.php?id=794|bug#794]] Display certs in admin console * assigned to michael, checked in to cacert-devel * 1. review by michael * 2 tests done * 2nd review dirk and go * working session: michael / dirk - git for beginners and runaways * '''2nd Review''' by dirk (week 2) === 2. bug #827 - New Points calculation / Thawte patch === . [[https://bugs.cacert.org/view.php?id=827|bug #827]] 1. bug#827 + bug#882 to merge * close bug#882 * wot.inc.php + notary.inc.php to merge * continue with bug#827 * pojam bug to fix === 3. Patches queue === 1. Translingo [[https://bugs.cacert.org/view.php?id=985|bug #985]] . [[https://translations.cacert.org]] ([[http://translations.cacert.org/]]) (replacement for translingo) . the translingo.cacert.org had been in operation far longer, so I think it is possible that some users migrated to translingo.cacert.org, without telling us. . I would suggest to mass-mail the email addresses of the translation-project leaders in the translingo database, to inform them, and to ask them to speak up if they still need it * last foreign uploads 2008 on about 13 + cacert projects * whohas translingo server console access? * mario * req for console access for michael to contact project leaders, Updates? * Transfer In, Transfer Out problems * Update from new deployment ? * opened for: create an account can now be started * Michael current state: * import and export routine works * script to incorporate updates needs fixed * next: complete language handling needs to be updated * accept lang handler needs fix * FF de, de_de * IE 6 de, 8,9 de_de * working session within last meeting: michael, marcus * infos from meeting 2011-10-18 * pdf code needs rewrite (uni code library, move to external server (outsourcing)) * message cert notification - uses perl code, text source not avail (get bind-text-domain) * current state? * Marcus sent mailing to translators, no response so far, no tests so far (week 3) * Morten NO * Emanuel IT * current state: * create test system accounts dutch@test, espania@test and so on, let users do their tests * Magu, Marcus will give it a try * a couple of testers has started testing and reporting within the last 7 days * results: de, fr, en, pl, es, pl * last meeting: working session [[https://bugs.cacert.org/view.php?id=985|bug#985]] translingo transfer * Michael: needs 2nd review * '''needs 2nd review by dirk or ted''' 1. [[https://bugs.cacert.org/view.php?id=540|bug#540]] No key usage attribute in cacert org certs anymore? * also: [[https://bugs.cacert.org/view.php?id=905|bug#905]] * Policy group discussion - Extended key usage -> [[PolicyDecisions#p20111113|p20111113]], motion CARRIED * deployment 1. prepare fixes -> Michael to prepare diffs, against svn 1. sending to testserver 1. transfer to critical system * (2011-12-13) approx 2 weeks to write the fix, approx 2 months to go 1. Marcus: working session [[https://bugs.cacert.org/view.php?id=789|bug#789]] OA field extension * magu to test 1. Marcus: working session [[https://bugs.cacert.org/view.php?id=859|bug#859]] Activity on Account * Michael: needs 1st review + transfer to testserver 1. [[https://bugs.cacert.org/view.php?id=920|bug #920]] Join - single name only (eg Indonesian) * details under bug number * presented to Policy Group * first results from policy group? === 4. Michaels workqueue === 1. OCSP server - timeout 10 min too short, 3 days to long, recommendation is 24-48 hours max, verisign: 7 days, startssl: 2d * who has been informed, contacted? * Michael will inform Wytze * not yet written * thread relates to [[https://lists.cacert.org/wws/arc/cacert-board/2011-11/msg00021.html]] 1. Build + Document Emergency Patches Path || Build + Document Emergency Patches Path || Andreas, Uli, Wytze || {0} || * [[Software/Assessment/Documentation/EmergencyPatches]] * Documentation written, reviewed by Wytze, Marcus * Michael: reminder for review [[Software/Assessment/Documentation/EmergencyPatches]] * other reviews done ? 1. New function to TMS - edit notary table record * [[https://bugs.cacert.org/view.php?id=980|bug #980]] * infos from last meeting * testers needs editing individual notary records: fields "method", "awarded", "points" * easier to create notary records with testserver (add F2F), and edit existing record, doesn't need to check for assurer-from, assuree-to and so on * Update? * Michael (2011-11-15): after some other bug reviews === 5. Dirks workqueue - The List of open / running / unhandled bugs === 1. VBscript for Vista/Win7 (select keysize >= 1024) - '''reminder''' to dirk || x^1^ Dirk, new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' || current state: test /account/4.php added to testserver<
>Marcus will do detailed tests on Wed<
>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] || {0} || * as part of * x^1^ Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] / [[https://bugs.cacert.org/view.php?id=954|bug #954]] / [[https://bugs.cacert.org/view.php?id=964|bug#964]] * Current state: || {g} || pre mailing sent || || {g} || keys revocation script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]], finished || || {-} || dirk: DEV: [[Arbitrations/a20110312.1|a20110312.1]] [[https://bugs.cacert.org/view.php?id=918|bug#918]] Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' <
>vbscript needs to be improved with select box key size and lower limit to 2048 (based on [[https://wiki.mozilla.org/CA:MD5and1024]])<
>Api CertEnroll (MS crypto provider)<
>new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>current state: test /account/4.php added to testserver<
>Marcus will do detailed tests on Wed<
>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] - codename "BlackJack" || || {g} || Weak keys blog post, published || || {g} || Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30) || || {b} || weak keys: problems with cryptostick (to test at [[events/FrOSCon2011|Froscon]] with Juergen ?) || * cert enroll infos under [[https://bugs.cacert.org/view.php?id=964|bug#964]] * vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation * [[http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx]] * Marcus: added notes for Win7 [[https://bugs.cacert.org/view.php?id=964#c2249]] * dirk: has not started the virtual machine * Question from Marcus: did someone contacted illuminat? * No, Marcus: to contact illuminat * illuminat will give it a try, first needs download of testserver image * Update? * marcus: illuminat not yet seen last time * baseline requirement - keyssize >= 2048 to fix till end of 2011 * how to proceed? * dirk: 1st step, to bring win test server localy online * marcus: to contact illuminat * Do we have other developers who may pick up this project? * Marcus -> dirk: announcement of vbscript bug to developers mailing list * change keysize * merge 2 scripts to one * fix on script 1 needs fix in 2nd script too, solutions: include, one file, or comment fix script 2 too * interrupt: [[https://bugs.cacert.org/view.php?id=964|bug#964]] -> codename "BlackJack" * relates to IE8 problem, that certs cannot be created * is there a security issue with available fix? also [[https://bugs.cacert.org/view.php?id=918|bug#918]] * related 927, 901, 847 * a patch is online on testserver, but cannot found * related patch files, /pages/account/ 3,4,16,17; /include/account.php * there are other vbscript pages: ../account/ 6 + 19 === 6. General Bugs List Overview === 1. Bugs to Review #1, transfer to testserver - Currently '''4''' || uli || [[https://bugs.cacert.org/view.php?id=977|bug #977]] admin console text fix || admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue || {0} || || uli || [[https://bugs.cacert.org/view.php?id=967|bug #967]] OA isassurer check || Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer || {0} || || uli || [[https://bugs.cacert.org/view.php?id=859|bug #859]] admin console interface || feature request: show activity on an account in the admin interface, new update /!\ || {0} || || inopiae || [[https://bugs.cacert.org/view.php?id=981|bug #981]] OA overview (dupe of [[https://bugs.cacert.org/view.php?id=943|bug #943]]) || New layout of view for Organisation Administraors in account/id35 || {0} || || Brian || new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' || some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>current state: first review, add to testserver || {0} || 1. Bugs under testing: - Currently '''3''' || || uli || [[https://bugs.cacert.org/view.php?id=855|bug #855]] admin console interface "unknown" + "empty" assurance method fields, needed for correct testing on testserver || admin console lists "empty" and "Unknown" assurance types on listing given Assurances || {0} || || || || Michael || [[https://bugs.cacert.org/view.php?id=978|bug #978]] bug 978 (weak keys) (bug 918) || invalid key format, no regular error message, something wrong, error code # identified<
>debugging infos from user + infos from critical team with error code # <
>was spkac routine || {0} || 1. Needs 2nd review + transfer to Critical team, to bundle, to deploy - Currently '''4''' * define priority eg. 10,2, and so on, proposed order: from 1 to 10 || 8 || Ted, uli || [[https://bugs.cacert.org/view.php?id=957|bug #957]] Resize the comment field on [[https://secure.cacert.org/account.php?id=27]] so more information is visible || last update 2011-08-19<
>tested 3 times<
>ready to deploy? || {0} || ? / u8 / m8 || || 1 || uli, michael || [[https://bugs.cacert.org/view.php?id=794|bug#794]] display certs in admin console || last update 2011-12-06<
>tested by 2<
>2nd review + transfer || {0} || 1 || || 7 || uli, ted || [[https://bugs.cacert.org/view.php?id=789|bug #789]] OA edit domain fix || Editing domain for organisations does not work<
>new update 2011-09-26<
>more fixes, more testing<
> * testcase scenario<
> * open org, edit 1st domain in new window, edit 2nd domain in new window<
> * results in: change made in window 2, written to record in window 2<
> * needs cross checking || {0} || ? / u7 / m7|| || 2 || neo || [[https://bugs.cacert.org/view.php?id=985|bug #985]] move translingo to translations || check language settings under testserver || {0} || 2 || 1. Needs development, deployment, discussion, reminder 1. [[https://bugs.cacert.org/view.php?id=835|bug #835]] Migrate CATS onto testserver || [[https://bugs.cacert.org/view.php?id=835|bug #835]] Assurer challenge (on testserver) || asssigned to Ted, CATS to install on ca-mgr1, awaiting deployment || {0} || === 7. Long term projects === 1. strategy plans ... next: strategy for "New Roots & Escrow" 1. idea: using indirect crl's ? * 2 crl's needed, one valid, one invalid crl server * more infos available ? who ? 1. build testserver with special certs 1. Magu, Michael to send instructions for test deployment * indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5) * meetings ago we've defined Testing requirements and a potential testszenario * to remind every meeting * Michael: testserver environment deployment * Michael will review after Certs extension policy group vote 1. policy group: define requirements * multimember escrow method ? * needs risk analyze * potential candidates ? * Marcus to contacted Benedikt, will contact Thomas K * Next step(s) 1. CI (Update) 1. [[http://live.eclipse.org/node/1031|description to eclipse testpage]], [[http://adobedev.adobe.acrobat.com/p4101brizwr/|Webinar]] * deployment scenario: 1. create testusers 1. testing 1. delete testusers * regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed * reminder 1. Jubula Test-Tool (by Michael) - update? * [[http://www.eclipse.org/jubula/download.php]] * instructions see under [[Software/Assessment/20110830-S-A-MiniTOP#Minutes|Minutes meeting 2011-08-30]] * test deployment needs to be continued by software testers * Jubula documentation started: [[Software/Jubula]] 1. new proposal by Sven: Webdriver with Maven and Jenkins-CI 1. Jubula vs. Webdriver 1. testserver variants 1. testserver for manual tests 1. testserver of OS and application upgrades 1. testserver for CI 1. test methods 1. unit test * test single modules, exceptions 1. integration tests * test interaction of modules 1. system tests * complete system test, with database interactions, module interactions and much more 1. sven did some work regarding frontendtest (Webdriver with Maven and Jenkins-CI) * Michael did some review: probably needs some seperation 1. Infrastructure seperation 1. CAcert Inc statement - received 1. Hosting/Housing Provider * 2011-12-01: Vienna response * questions answered 1. contacting secure-u, oophaga started? * Frank, Mario, Ted, Uli, Sebastian ? * started 2011-12-19, awaiting response 1. Hardware * alternate solutions 1. Helping CAcert * How does recruitment work? * Newsletters, recuring notifications * Fosdem -> focus on Nucleus events * Recruitment on events? * Recruitment page eg [[events/Recruitment]], [[HelpingCAcert]], Jobs * Flyers? * re-design main page: * dirk: 3 news, upcoming events * michael: * * rss-feed script modification is simple * main page cms page, login to secure area * public: www.cacert.org * secure1: www.cacert.org * secure2: secure.cacert.org 1. Discovery II [[Arbitrations/a20110118.1|a20110118.1]] discussion * who should receive infos? list of appropiate recipients listed in discovery II table * possible software solutions: a. triggered info mailing eg board-private mailing list + support a. view page with current results (like hidden stats page?) * create bug# ? === 8. next meeting === * Tuesday, December 27, 2011 22:00 * Tuesday, January 3, 2012 22:00 * Tuesday, January 10, 2012 22:00 == Minutes == 1. bug#794 Display certs in admin console === * [[https://bugs.cacert.org/view.php?id=794|bug#794]] display certs in admin console * request from SE: iCM's to transfer disputes from disputes queue to arbitration queue * if 2 weeks open 2nd review on bug #794 will be transfered to critical, all delete account cases (approx 40) can be moved to SE queue for review and working under precedent 1. request move forward regarding shirts project * discussion: 1. CAcert Inc's task 1. risk regarding total account 1. shirts are expensive, 25-30 Euro + shipping costs 1. risk can be minimalized by planned income projects 1. (new portal) (Benedikt, Karsten working on it) 1. affilates program 1. VBscript for Vista/Win7 (select keysize >= 1024) || x^1^ Dirk, new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' || current state: test /account/4.php added to testserver<
>Marcus will do detailed tests on Wed<
>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] || {0} || * code from Brian needs some corrections, corrections to do, 4 + 17 inclusions, checkin * notification to Brian 1. Translingo [[https://bugs.cacert.org/view.php?id=985|bug #985]] . [[https://translations.cacert.org]] ([[http://translations.cacert.org/]]) (replacement for translingo) * '''needs 2nd review by dirk or ted''' 1. [[https://bugs.cacert.org/view.php?id=540|bug#540]] No key usage attribute in cacert org certs anymore? * also: [[https://bugs.cacert.org/view.php?id=905|bug#905]] * Policy group discussion - Extended key usage -> [[PolicyDecisions#p20111113|p20111113]], motion CARRIED * deployment 1. prepare fixes -> Michael to prepare diffs, against svn 1. sending to testserver 1. transfer to critical system * (2011-12-13) approx 2 weeks to write the fix, approx 2 months to go * Michael will work on this in last week this year 1. next meeting ? * Tuesday, December 27, 2011 22:00 * trying 27th 1. [[https://bugs.cacert.org/view.php?id=920|bug #920]] Join - single name only (eg Indonesian) * details under bug number * presented to Policy Group * first results from policy group? * dirk has made some changes in 6.php last year * there are 4 possible choices: 1. givenname 1. lastname (as current fix) 1. givenname or lastname 1. brians proposal, mononym + checkbox * dirks proposal: * make name handling more AP conform (1 line names, multiple names) * 2 possible paths: 1. allow multiple names (dirks proposal) is massive change (long term change) 1. "simple" solution (short term change) * discussion about CAP form a) current form b) teus form * contract between member and CAcert Inc * critical / non-critical systems * non-critical portal - with login link to critical secure.cacert.org * cms system: own user base? * critical system userid includes @, cms userid does not include @ * cms login adding userid from critical system may result in security leak that account data can be collected (MITM) * tasks of CAcert Inc * running the critical systems * running cacert.org * be the juristical contact partner on behalf of CAcert Community * transfer task of non-critical, country related services to community 1. Translations * problems that relates to blocks translations * changes into translations database * contact NEO to transfer manualy to testserver * [[https://bugs.cacert.org/view.php?id=985|bug #985]] needs 2nd review, so update script can run also on critical system 1. Events Manchester, Blacksburg, Stockholm 1. affiliate link to each event (template) 1. addtl. link under main ads ? 1. right near paypal links? 1. VBscript for Vista/Win7 (select keysize >= 1024) * Brian [[https://bugs.cacert.org/view.php?id=964|bug#964]] * Michael: Marcus to test with IE * IE select provider only 1. Xing entry as company CAcert Inc * defines clerks * companys aren't associations ==== Fixed Action Items since last or within meeting ==== || --(dirk)-- uli || announcement of vbscript bug ([[https://bugs.cacert.org/view.php?id=964|bug#964]], [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]]) to developers mailing list || {g} || || uli || [[https://bugs.cacert.org/view.php?id=920|bug #920]] Join - single name only (eg Indonesian), details under bug number, forward to policy group for discussion regarding givenname/surname handling || {g} || || Michael || OCSP server - timeout 10 min too short, 3 days to long, recommendation is 24-48 hours max, verisign: 7 days, startssl: 2d. <
>Michael to inform Wytze about meeting 2011-11-08 recommendations || {g} || || Marcus || VBscript for Vista/Win7 (select keysize >= 1024), new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) '''DEV''' <
>current state: test /account/4.php added to testserver<
>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]]<
>Marcus to contact illuminat<
>proposal by Brian rcvd || {g} || || Dirk || [[https://bugs.cacert.org/view.php?id=894|bug#894]] assure someone patches (checkbox)<
>(incl wot.php changes)<
>tested by 2, needs 2nd review, deploy<
>rejected<
>re-fixed || 1 {g} || ---- ==== Action Items New ==== Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]''' <> ---- . CategorySoftwareAssessment