CAcert needs your help with the following tasks. You can register yourself on this wiki page when you want to work on it.

Encrypted Logfiles

We need a solution for Syslog, Apache and potentially other applications to automatically encrypt all their logfiles to a given public key. We already thought about other solutions like serial links to a dedicated syslog server, or syslog over TCP, but we prefer to store the logfiles directly on the server where they are created, encrypted to a public key. The secret key to decrypt the logfiles should be generated on a dedicated machine. In demand of logfile auditing, the encrypted logfiles should be copied to the dedicated machine, where they can be decrypted and audited. An attacker that succeeds to gain access to the webserver should not be able to decipher the logfiles on the server. All logfiles on the server can be encrypted to the same public key, we currently don't need different settings per logfile. It should be easy to deploy it on a normal Debian+Apache+Postfix server, to install the software and deploy the public key, and to have all logfiles encrypted from then on. Compatibility with OpenPGP Public keys (or X.509 certificates, or even SSH keys) is preferred, but not a requirement. (Perhaps GnuPG can be used directly by syslog in some way?)

httpdate

A Debian package containing http://www.stud.uni-karlsruhe.de/~ucbdo/httpdate.en.html to be run either as a cronjob.

Translatable Wiki

Please read http://svn.cacert.org/CAcert/HowTo/HowTo_Translingo.pdf and try it out on www.Translingo.org We are searching for a Wiki engine that is able to either use Translingo to translate the contents on the wiki, or to do a similar translation system internally. Please search for Wikis with translation functionality, test them, and provide a report about it.

Detection for register_globals usage

Find or develop a solution for a PHP module (perhaps Suhosin or similar), that writes logfile entries with filename+linenumber of all usages of globals that were registered through register_globals The current detection solutions of turning it off and looking for things that break isn't sufficient. Perhaps the tainting concept of Perl helps to solve this task (by tainting all registered globals, and reporting tainted variables on usage.

Subversion Mimetypes

Find a solution to automatically set the mimetypes of newly added files (.pdf -> application/pdf , ...) on the subversion server. The problem we have is that we have too many different users with too many different clients, so it's impossible for us to tell every user to configure their client correctly to send the mimetypes correctly in the first place. Most clients automatically send application/octet-stream as mimetype, which makes the Apache-modsvn access difficult for the users.

LUKS Security

Find a solution to tell LUKS/DM-Crypt in case of emergency to wipe all the keys in memory, block disk access, and ask for the passwords on the console again. Perhaps a /proc file interface like /proc/sys/dmcrypt/emergency would be helpful.

LUKS Robustness

Currently LUKS is usually using hardcoded devicenames, which causes a problem when race-conditions result in randomly different devicenames upon booting (/dev/sda <-> /dev/sdi). In those cases LUKS doesn't find the encrypted harddisk anymore, and can't boot. Find a solution that LUKS does not depend on the hardcoded values anymore (perhaps still use them as default for the first try, but the encrypted partition isn't found there, then fall back to search for it on all other available devices) The solution should be then incorporated into Debian and Ubuntu (which are both affected by that problem)

Troubleticket System

We are searching for a troubleticket system with a Thunderbird extension, so that we can distribute the support-cases through IMAP or POP3 mailinglists to our support staff, and so that they can use Thunderbird as a frontend for the support system. Please evaluate whether any of the existing troubleticket / support systems out there already have a Thunderbird extension (or an extension to another widely available email client), or whether they have an API that could be used for a newly developed extension.

Evaludate Mephisto

A task for our new sysadmins: We are thinking about migrating blog.cacert.org to Mephisto: http://mephisto.stikipad.com/ Please setup a Wordpress installation, create a few users, post a few blog-entries. Then try a migration to Mephisto, and see how it behaves. Create a Debian package for Mephisto in case there is none yet.

Testsystem Image

We currently have a single testsystem on the internet: https://www.test1.cacert.at/ The sourcecode of the website is available on http://www.cacert.org/src-lic.php but it's very hard to setup into a working environment. We would like to have a VirtualBox/Qemu/VMWare image which includes a whole testsystem, so that every developer can easily setup a testsystem on his own machine, and that the developers don't interfere with each other.

OpenSource

CAcert wants to make LibreSSL Opensource, which is the application that runs www.cacert.org. To achieve that, the first step is that we need an analysis of the existing sourcecode, the licenses associated and the problems and incompatibilities those produce. (Integrated modules like fpdf, CertEnroll, ...). Please investigate and write a report about the things you found.

Unicode

CAcert wants to migrate to Unicode. Please join http://wiki.cacert.org/wiki/UnicodeTaskForce if you are experienced with Unicode.

CAcert Feature Requests and Bugs

Developers please also see http://bugs.cacert.org/ whether there are any outstanding requests that are missing patches for them.