Minutes of the MiniTOP on the 2012-07-17


The MiniTOP will be held via telco 22:00 CEST

Attendees: Marcus, Uli, Benny, dirk, Michael, (David via irc)


(skip to agenda)

Action items from last meeting Meeting Action Items


Development, Deployment, Discussion

  • OAO, Ted

    bug #943 change OA admin/assurer text

    needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected


    uli, Ted

    bug #824 Org User cert fix Case study

    Organisation User Certificates: Need UI improvement for proper production usage


    uli, ted

    bug #823 email address removal fix

    No warning when removing e-mail address from account that certificates will be revoked
    checked by 4, needs 2nd review, deploy



    bug #920 Join - single name only (eg Indonesian)

    details under bug number



    bug #859 admin console interface

    feature request: show activity on an account in the admin interface
    rejected, certs login doesn't modify "modified" field



    bug #540

    p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
    uli, marcus: needs full cert create tests
    duplicate report to bug#978
    tested by 3, 2nd review done, transfered
    Ken reported: still has problems, bug kept open


    gagern, NEO

    bug #440 Problem with subjectAltName (CSR, renew certs)

    There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development



    bug #1025 Domain Dispute issue

    disputes rc and rc2 var prob
    needs work



    bug #1054 0001054: Review the code regarding the new point calculation

    Thawte patch part II
    needs further work


Software Assessors: Review 1 / add to cacert-devel, add to testserver

  • Software-Assessors task


  • Testers task


    bug #1004 Stats page improvement

    tested by 2, needs 2nd review



    Bugs #1159 it might be possible to execute commands on the signing server



    bug #1065 Wrong wording when sending mails during the assurance process



    bug #1162 calcutate (the passwords) hash in php instead of in mysql

    create test scenarios for the software testers /!\
    Full testing /!\



    bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails



    bug #988 TTP cap form deployment


Software Assessors: 2nd Review, Bundle Package to Critical Team

  • Software-Assessors task


    bug #500 Get contact mail adress after resolving test

    tested by 3, requires review



    bug #1140 Show if a test is passed in learnprogress

    tested by 3, requires review



    bug #1131 Rename _all_ Policies from .php to .html and fix all links

    global policy directory maintenance and update



    bug #1010 Reorder the view on organisation certificates

    tested by 3


Software Assessors: Bundle Package to Critical Team

  • Software-Assessors task


    bug #1139 Add new fields to the database

    tests through #500 and #1140, 2nd review done, requires transfer


Awaiting Response from Critical Team

  • inopiae

    bug #411 Wrong text is made into link



1. Preface

  1. Cebit brainstorming
    • dirk: request for events report
    • (2012-03-27) Marcus awaiting translation from Marc
    • (2012-06-19) Marcus: translation received, will send within the next upcoming days
    • (2012-06-26) Marcus: not yet finished
    • 2nd draft finished
    • Sat report missing
  2. Bennys c.o address
    • wip

2. 2nd review of about 5 patches

3. bug #1023 Testing (6.php)

  1. Thawte points removal, final step
    • last patch transfered to production system 2012-05-30
  2. what are the next steps for thawte points revoke?
    • points settings codes eg 50 pts open gpg/pgp, which certs avail by how many pts
    • 15.php needs rename to 10.php
    • cannot move forward without dirk

4. Marcus Bugs list

5. Benny reviews

  1. bug #1025 "Domain Dispute strange behaviour / Domain Dispute issue", checked

    • wrong description, problem removing domains, bugfix solves this problem
    • async removal of certs by signer
    • needs review and testing
    • inopiae will try testing on upcoming weekend
    • to test: email- and domain dispute
  2. bug #922 "CAcert application code problem causing missing 'certificate about to expire' messages", checked

    • patch seems to be ok
    • white spaces cleanup
    • includes/account.php var $id shall be fixed within recursion, new bug #1078

    • 2 tests initiated by inopiae and u60
    • principle ok, but very confusing
    • test reports Marcus:
      • discussions, Marcus got 71 or 72 notifications
      • Neo: default 5 notifications: 45d, 30d, 15d, 3d, 1d
    • bug #922 test report / review

      • one test account, 1 client cert, 1 server cert, received 105 (1) reminders (!!!)
      • 15 reminders checked, 1 for client cert, 14 for server cert (!!!)
      • needs further inspection
  3. bug #1019 "Contact form does not work when logged in"

    • Michael: rework contact form
      • usability: 1 form, option box with public/support delivery, default support
      • current form 1: public, form 2: private
      • spam prevention via java, on disabled java the mail is marked [possible spam]
    • mass mailing possible if adding multiple emails separated by commas
    • account.php - email address from sender, no address validation, several other places it passes address validation
    • neo: why not use primary email address?
      • works only if logged-in
    • index?id=11 has also been changed
    • url was hardcoded
    • account.php?id=14
    • sendmail() routine in includes/mysql.php
  4. patches 2nd review, Benny to do pre-view
    • neo

      bug #1024 Assurer flag is not set correctly on updatesort.php run

      tested by 4, ok

      2 {0}


      bug #540

      p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
      uli, marcus: needs full cert create tests
      duplicate report to bug#978

      3 {0}


      bug #981 OA overview (dupe of bug #943)

      New layout of view for Organisation Administrators in account/id35

      4 {0}


      bug #978 Invalid SPKAC requests are not properly validated

      recheck full certs signing procedures
      duplicate report to bug#540

      5 {0}

      uli, ted

      bug #789 OA edit domain fix

      Editing domain for organisations does not work
      new update 2011-09-26
      2 tests, needs 2nd review, deploy

      6 {0}

    • for #540 uli has sent a short summary to dirk

6. New SA candidates and Coders

  1. ABC Benny - possible Itzehoe (2012-09-14), mrmcd (2012-09-08) or other events before 2012-08-10 - 2012-08-11 BarCamp kiel

  2. Whats with ABC over archaios?
  3. How to find coders? Experiences from the Gentoo project

7. English Translation Problems

8. Long Term Projects

  1. NEO: "BlackJack"

  2. Marek's sql class project:
    • is working on charset replacement
  3. api project, Carsten continues with portal project not waiting for vendor-api to be delivered
    • potential candidates for development
      1. Marek's sql class proposal
        • needs probably db upgrades
        • needs addtl. indices
        • needs testing
      2. archaios
        • builds daemon as unpreviliged user
    • vendor-api delayed
      • no coders
      • other projects
      • related to sql class project
    • portal project continues with a workaround, needs an assurer
    • arbitration case on locations database orders outsourcing of find-an-assurer asap
    • with portal function, update of data is possible vs. update of data on critical system is difficult (keep data current for assurers)

9. next meeting


  1. Preface
    1. Bug Testing / Reporting bug #922 difficult
      • Marcus writes a tool to collect Email infors from TMS
    2. Bennys reviews
      • 5 patches reviewed
      • 3 simple, bugs 540 (mostly check policy text), 789, 981
      • 2 with some difficultys, complexest one: 1024
    3. Bennys c.o address
      • is active, finished
    4. ABC Benny, no fixed date set yet
    5. NEO: default pem coded signed key output, chrome expects der
    6. How TMS email works: NEO: TMS connects via imap and collects and displays mails
  2. dirk review bug 540
    • gitdiff origin/release..origin/bug540
      • dirk 2nd review of patches, reviewed 2012-07-10
        • bug #540

        • diff line 23ff unclear, what does section ($root==2) mean?
          • class 3 server (in signer), comm module, each root client certs, there is a config #, root=0 class1, root=1 class3, root=2 newroots project class3s.crl (from 2008 new roots project)
          • root=2 not avail on current system
        • also unclear: else section $CRLUrl="http://crl.cacert.org/root${root}.crl";

          • 5 root vars defined (in client.pl)
          • crl for other keys, not class1, class3. all other keys not active on current system
        • server.pl: root.crl, class3, class3s, for further still unused keys
        • related policy decision: https://wiki.cacert.org/PolicyDecisions#p20111113

        • review ok
        • config files not reviewed, 2nd review not finished
  3. bug #1075 cap form link wrong under pages/wot/6.php

    • neo

      bug #1075 cap form link wrong under pages/wot/6.php

      cap link removed, moved to testserver


    • data protection problem to pickup user data before assurance f2f meeting starts
    • what does assurance process means? assurance "process" starts from request of assuree to an assurer to do an assurance over assuree
    • problem in ttp process too, to have a view over data before f2f meeting and signed cap is in the hands of an assurer. ttp-admin can request confirmation from ttp-user to access online data
    • simple patch: remove links
    • edited by NEO: transfered to testserver
  4. dirk review bug 789, OA edit domain fix, Editing domain for organisations does not work
    • gitdiff origin/release..origin/bug789
    • bug #789 reviewed: 2012-07-10

      • what is /pages/account/29.php for? edit org domain
      • phone accu breaks
  5. NEO: has finished IE patch, http://cacert.nhng.de/IEkeygen/keygen.html

    • will prepare a working patch and will transfer to testserver within the next 7 days
  6. NEO: git diff origin/release...origin/bug-XXX -> search all differences since last release

  7. How to find coders? Experiences from the Gentoo project
  8. English Translation Problems
    • how to handle typing error in web phrase Software/TranslationMisspelling

    • "Can't continue with certificaterequest." in ../includes/account.php:341 ../includes/account.php:1482
    • create shared bug
    • probably make part a. and b. a. that is clear, b. that is questionable
  9. David's posts in irc
    1. there is no checks for \00, er, \0
      • the \0 check will be done in signer (-> CommModule client and/or server.pl)

      • server.pl lines 494+495
      • blacklist for domain names for new signer
    2. (char) 160 is problematic in various locales, as it appears as whitespace (160 is not a particularly good val either in ISO-8859-1) in certs
      • todo: doing whitelist of allowable chars
      • \xA0 is a problem too (at least in Win32/64)
    3. subjectAltName is occasionally not checked for problems
      • file a new bug
  10. FF prob with favicon verification
  11. next meeting
    • Tuesday, July 24, 2012 22:00 CEST

Fixed Action Items since last or within meeting

Action Items New

Action items: Meeting Action Items

Software/Assessment/20120717-S-A-MiniTOP (last edited 2012-07-24 16:04:07 by UlrichSchroeter)