Minutes of the MiniTOP on the 2012-04-03

Setting

The MiniTOP will be held via telco 22:00 CEST

Attendees: magu, Marcus, uli, dirk, alex, Michael

Topics

(skip to agenda)

Action items from last meeting Meeting Action Items

Software/Assessment/ActionItems

Development, Deployment, Discussion

  • OAO, Ted

    bug #943 change OA admin/assurer text

    needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected

    {-}

    uli, Ted

    bug #824 Org User cert fix Case study

    Organisation User Certificates: Need UI improvement for proper production usage

    {0}

    uli, ted

    bug #823 email address removal fix

    No warning when removing e-mail address from account that certificates will be revoked
    checked by 4, needs 2nd review, deploy
    rejected

    {-}

    inopiae

    bug #920 Join - single name only (eg Indonesian)

    details under bug number

    {0}

    uli

    bug #859 admin console interface

    feature request: show activity on an account in the admin interface
    rejected, certs login doesn't modify "modified" field

    {r}

    Michael

    bug #540

    p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
    uli, marcus: needs full cert create tests
    duplicate report to bug#978
    tested by 3, 2nd review done, transfered
    Ken reported: still has problems, bug kept open

    {0}

    gagern, NEO

    bug #440 Problem with subjectAltName (CSR, renew certs)

    There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development

    {r}

    neo

    bug #1025 Domain Dispute issue

    disputes rc and rc2 var prob
    needs work

    {r}

    dirk

    bug #1054 0001054: Review the code regarding the new point calculation

    Thawte patch part II
    needs further work

    {r}

Software Assessors: Review 1 / add to cacert-devel, add to testserver

  • Software-Assessors task

Testing

  • Testers task

    neo

    bug #1004 Stats page improvement

    tested by 2, needs 2nd review

    {0}

    neo

    Bugs #1159 it might be possible to execute commands on the signing server

    {0}

    inopiae

    bug #1065 Wrong wording when sending mails during the assurance process

    {0}

    inopiae

    bug #1162 calcutate (the passwords) hash in php instead of in mysql

    create test scenarios for the software testers /!\
    Full testing /!\

    {0}

    inopiae

    bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails

    {0}

    inopiae

    bug #988 TTP cap form deployment

    {0}

Software Assessors: 2nd Review, Bundle Package to Critical Team

  • Software-Assessors task

    Ted

    bug #500 Get contact mail adress after resolving test

    tested by 3, requires review

    {0}

    Ted

    bug #1140 Show if a test is passed in learnprogress

    tested by 3, requires review

    {0}

    magu

    bug #1131 Rename _all_ Policies from .php to .html and fix all links

    global policy directory maintenance and update

    {0}

    inopiae

    bug #1010 Reorder the view on organisation certificates

    tested by 3

    {0}

Software Assessors: Bundle Package to Critical Team

  • Software-Assessors task

    inopiae

    bug #1139 Add new fields to the database

    tests through #500 and #1140, 2nd review done, requires transfer

    {0}

Awaiting Response from Critical Team

  • inopiae

    bug #411 Wrong text is made into link

    {g}


Agenda

1. Preface

  1. dirk topics
    1. Cebit brainstorming
      • dirk: request for events report
      • (2012-03-27) Marcus awaiting translation from Marc
  2. u60: new Dev image
    • after removal of stamp server by Critical team
  3. u60: a20110118.1 continued

  4. u60: new bug under bug#855, bug #855 re-opened

    • board=1 users: assure someone leads in <empty> assurance method fields

    • identified under a20110118.1 discovery

    • Marcus cannot confirm board=1 assurance result error to be <empty>

    • more testers to try, to confirm or not

2. Software-Assessors candidates

3. bug #1023 Testing (6.php)

  1. Thawte points removal, final step
    • relates to 6.php
    • this also relates to TTP
    • dirk will work on this last weekend (2012-01-21)
    • current state: not yet finished
      • expected finishing? upcoming weekend (2012-01-23 to 2012-01-30)
      • not finished, upcoming weekend 2012-02-06?
      • not finished, last weekend 2012-03-12?
      • 2012-03-13: new bug#1023 bug#1023

      • transfered to git cacert
      • to test:
        • assure someone
        • w/ and w/o ttp
        • in all variations
      • Added to testserver Tue 13.3., Wed 14.3.

      dirk

      bug #1023 Consolidate changes into the Assure Someone page

      6.php global re-design project
      assurance, wot area (Thawte points removal effective)

      {0}

    • current state: patch removed from testserver, needs work (DEV)
    • (2012-03-27) back on testserver: bug #1023 (6.php), has a bug, needs work

4. testing of certs patches

5. 2nd review of 3 patches

6. continue BlackJack coding by Michael

  1. bug#964, bug#918 (Part II) Codename "BlackJack" - VBscript for Vista/Win7 (select keysize >= 1024)

    • x1 Dirk, new bug#964
      DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV

      current state: test /account/4.php added to testserver
      Marcus will do detailed tests on Wed
      some references added to bug#964

      {0}

    • as part of
    • x1 Arbitration case a20110312.1 Weak keys bug #918 / bug #954 / bug#964

    • Current state:
      • {g}

        pre mailing sent

        {g}

        keys revocation script to bulk revoke weak keys, new bug #954, finished

        {-}

        dirk: DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV
        vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024)
        Api CertEnroll (MS crypto provider)
        new bug#964
        current state: test /account/4.php added to testserver
        Marcus will do detailed tests on Wed
        some references added to bug#964 - codename "BlackJack"

        {g}

        Weak keys blog post, published

        {g}

        Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30)

        {b}

        weak keys: problems with cryptostick (to test at Froscon with Juergen ?)

    • cert enroll infos under bug#964

    • vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation

    • dirk: has not started the virtual machine
    • Question from Marcus: did someone contacted illuminat?
      • No, Marcus: to contact illuminat
      • illuminat will give it a try, first needs download of testserver image
    • Update?
      • marcus: illuminat not yet seen last time
      • baseline requirement - keyssize >= 2048 to fix till end of 2011

      • how to proceed?
      • dirk: 1st step, to bring win test server localy online
      • marcus: to contact illuminat
      • Do we have other developers who may pick up this project?
    • Marcus -> dirk: announcement of vbscript bug to developers mailing list

      • change keysize
      • merge 2 scripts to one
      • fix on script 1 needs fix in 2nd script too, solutions: include, one file, or comment fix script 2 too
    • interrupt: bug#964 -> codename "BlackJack"

      • relates to IE8 problem, that certs cannot be created
      • is there a security issue with available fix? also bug#918

      • related 927, 901, 847
      • a patch is online on testserver, but cannot found
      • related patch files, /pages/account/ 3,4,16,17; /include/account.php
      • there are other vbscript pages: ../account/ 6 + 19
    • Brian bug#964

      • Michael: Marcus to test with IE
      • IE select provider only
    • code from Brian needs some corrections, corrections to do, 4 + 17 inclusions, checkin
      • notification to Brian, done
      • quickfix has problems too
      • next step(s)
        • check error codes / debug routines
        • open developer mode, create cert
          • resulting error: line 213, put length, wrong parameter
            Zeile: 213
            Fehler: CertEnroll::CX509PrivateKey::put_Length: Falscher Parameter. 0x80070057 (WIN32: 87)
            Zeile 213:  objPrivateKey.Length = &h08000000
    • current state: an undef error with current patch
      • we need someone who has experience with vbscript, to come into telco, reviews interface/api beforehand
        • illuminat: not before eastern
        • marcus: will ask users on assurance party Wed 18th Jan
    • 2012-01-23:
      • also cabforum requirement, keysize under IE limited to 1024
      • how to find programmers ?
        • windows webserver programmers: Outlook, Citrix portals
      • new API's can use java, new apis have web-enabled
      • splitting vbscript for os revisions < vista, java for os revisions >= vista ?

    • NEO started development, not yet finished
    • next: for XP: rewrite vbscript to JavaScript

7. next meeting

Minutes

  1. dirk topics
    • Cebit brainstorming
    • dirk: request for events report
    • (2012-03-27) Marcus awaiting translation from Marc
    • (2012-04-03) Marcus will do upcoming weekend
  2. u60: new Dev image
    • after removal of stamp server by Critical team
    • (2012-04-03) u60: mail sent to Wytze, Critical team, Michael asking about removal of stamp.cacert.org
  3. u60: a20110118.1 continued

    • Permissions Review Reports recipients review under bug #1003

    • new report recipients proposal a20110118.1 new proposal

    • discussion
      • Marcus: (prefers) Support to send to OTRS
        • magu: addtl. email address for OTRS SE queue
        • uli: (prefers) Support to send to admin=1 recipients
        • Michael: alias, email addr for OTRS
        • dirk: open CA, disclosure of lists?
        • Marcus: list includes names, emails, group membership, potential privacy problem, rcvd 3-4 complains regarding tverify (own group prob)
        • ruling: to reset tverify, board, problem settings: how to continue, AO+OAO notification, own group specials
      • Neo: Locadmin falls back to board, responsibility: board
      • Michael: AO, OAO recipients, alias: OAO avail, AO not yet
      • Michael, Marcus: AdAdmin: Advertisement, no team, was held by treasurer

      • Michael: Codesigning, counter() public, no implementation needed
  4. bug #1023 Testing (6.php)
    • 2 new bugs within meeting 2012-03-27
  5. Marcus: automated create user script (dotnet script)
    • Magu: testing
  6. Software-Assessors candidates
    • Problem:
      • 2nd review of 4 patches cannot be reviewed by NEO, dirk is busy, so only Ted avail, Markus inactive
    • candidate to contact by ...
      • kotek? (-> neo) - neo is doing reviewing

      • aphexer? (-> ?)

      • bjoern? (-> magu) - no update

      • willm (-> neo) (xing contact, developer), will contact next

      • stephan (-> marcus)

  7. continued Permissions review recipients discussion
  8. new patch bug #1027 Add information for affiliate program from booking.com

    • on testserver, request to dirk for 2nd review
    • current: on donatation page, discussion about add on main page donations info
  9. bug #1023 Testing (6.php)
    • bugs analyze, empty results analyse, new patch transfered to testserver
  10. github
  11. uli: make ca-mgr1 + git, backup
    • machines needs update, neo wip
  12. next meeting, in 14 days (upcoming week: dirk, marcus, uli, michael not avail)
    • Tuesday, April 17, 2012 22:00 CEST

Fixed Action Items since last or within meeting


Action Items New

Action items: Meeting Action Items


Software/Assessment/20120403-S-A-MiniTOP (last edited 2012-04-04 16:47:43 by UlrichSchroeter)