Policy group voted within the last 2 weeks for the proposed p20111113 CPS #7.1.2 “Certificate Extensions” adjustments with a strong concensus for the proposal.
Continue reading
On 2011-11-27 CAcert held its Annual General Meeting. Minutes will be published soon on the wiki.
A new board was elected. We are happy to announce the new CAcert board
During the AGM CAcert’s annual report and the financial report was presented and accepted by the membership. It shows many things happened at CAcert during the last year and is worth reading to get an impression of CAcert’s progress during the last time.
During the AGM, 3 special resolutions were presented, first to bring CAcert Inc rules in compliance with Association Act 2009 and 2 more rules changes, that fixed a minor bug. The rule changes have been accepted in a strong concensus.
A big thank you to all people volunteering and helping to achieve this successful result. CAcert is dependent on many volunteers and is looking forward for your help to achieve such a good result for the coming year.
May 20th, CAcert has started the Software-Testers Reward Challenge 2011
The second result for June 2011 now has counted:
Continue reading
The Software-Testers Reward Challenge 2011 is now running the last two days. So its your last chance to climb into the hall of fame.
The Software-Testers Reward Challenge will end Thursday, June 30th at midnight.
The software tester with the highest count of reports written related to the listed bugs under the Tester Portal receives a reward of 30 Euro. The 2nd one a reward of 15 Euro.
Each report under the listed bug numbers counts 🙂
Since Tuesday we have at least two new bugs added to the testserver that you can start testing:
Happy testing
May 20th, CAcert has started the Software-Testers Reward Challenge 2011
The first result for May 2011 now has counted:
Continue reading
We’ve just started our this years Easter Egg Challenge … We’ve put a couple of patches on to our testserver CACERT1 for you, our fellow and our new Software testers. We’ve put light to heavy patches to the package so everybody is able to walk thru the testserver web pages and search our Easter Egg’s.
Continue reading
A new default rule has been added to Practice On Names – Hyphen Rule.
For the purposes of checking the Name against PoN, a hyphen in given names is to be treated as optional.
Continue reading
Within the last 2 days, the testserver got the running signer integration into the testserver environment. This was one of the milestones in getting a testing environment as identical as possible to the production system.
Continue reading
Todays systemlog message marks the quantum leap in our about 10 months project work, to become the Software-Assessment area auditable.
As many Software-Updates are in the queue from the software developers, that needs testing and reviews by Software Assessors, the team started by end of last year with this project,
The systemlog message signals, that the first tested and reviewed patches has received by the critical system webdb and is incorporated into production. A new tarball has been generated to build the next basis for applying the next patches.
So here my thanks goes to all the involved teams,
With all these people assistance, this project hadn’t be pushed to this milestone. Thank you Andreas, to build the project plan and the technical background, and also hosting the current testserver, Thank you Wytze for all your work to build the new testserver from scratch as identical as possible to the production server, to Michael, who assist us in deploying the new git repository and also assistance in deploying the Testserver-Mgmt-System, so everybody can start testing w/o the need of console access, Thank you Markus, for all your time and effort to deploy the repository and testserver environment and also your work together with Philipp as Software-Assessor, to finalyze the Software-Update-Cycle. Thank you Dirk for all your suggestions to move on with this project.
Some more work is todo:
Now the teams have to walk thru the list of open bugs, that needs to be pushed thru … First of all is the “Thawte” bug … to signal all users who’ve got their Thawte points transfered by the old Tverify program if they are effected by the points removal or if they are safe. The CCA-Rollout with a couple of patches, a list of new Policies and Subpolicies related patches (eg. PoJAM, TTP program), a list of Arbitration pushed patches, and so on …
So guys, lets have a party tonight, we’ve wiped out one of the biggest audit blockers!
Back in January 2010 the former Board decided by Board motion m20100117.3 “No new subroots on current root, plan for new root”. In the discussion a date was scheduled by end of Dec 31, 2010. On my 2nd thought, probably nobody did recognize, what that means, 
to finish all the projects from the bottom left corner at beginning of 2010 to the top right corner by end of the year with the “New Roots and Escrow” (
) process running. So this article should bring Audits mistery to light.
Policy Group worked on the last few essential Policies (
), that are essential for the Audit. One essential requirement for Audit is to Rollout the CAcert Community Agreement to all the members, so they can decide to continue or to leave the Community. To become “CCA Rollout Ready” (
), the running Software needs to be updated. This opens the next problem: by starting 2010, there was no Software Update Process defined, nor documented. But we’re on the lucky side, the Software-Assessment-Project started November last year to fulfill this requirement (
). The task was: To get a repository system controlled by Software-Assessment team, a controlled testserver environment and a documentation system. Currently the team tests the transfer of a test patch to the production system. Involved parties: Software-Assessment Project team, Software-Assessment team and the Critical Sysadmins team.
CAcert’s Big Masterplan To become Audit Ready (10/2010)
In the meantime, another issue pop’d up: the “Thawte points removal” with a deadline of Nov 16th, 2010. We’ve allready posted several blog posts on this topic. So also this is related onto the Software-Assessment-Project progress ().
The next topic is running Assurer Training Events (ATE) (
). ATE’s are an essential concept in the Audit over Assurance (RA) business area. To scale a worldwide community, the community has to assist Auditors work in doing Co-Audits over Assurers. The question: How to contact groups of Assurers was answered back in 2009 with the ATE concept. The purpose of ATE is twofolded: first to communicate to the Assurers all the new informations and second to do Co-Audits. As Assurers follows the invitations to the ATEs we can expect, that they are more active in the community. So also from 2009 ATE experiences, we’ve got new resources from the community by contacts on ATEs (). So this was the plan for 2010 ATE season, to find more people, who can help on the several tasks and projects that needs to be finished, before the new Roots and Escrow project and also the Audit can be (re-)started. E.g.
Helping CAcert
). This project is running about 2 years, but currently without progress.
), that was started last year, after Auditors review of the Software that concludes: „Serious difficulties in maintaining, improving and securing.” and „Cannot form conclusion over software.”, so if the plan to start with the Audit over the old Software fails, we’re close to the 2nd path: BirdShack.
), that becomes the ground base for the New Roots and Escrow project () that should be keep tracked by an Auditor, and the re-start of the Audit ( 1) and ( 2).The New Roots and Escrow Project Relation to Audit
As said before, the New Roots and Escrow Project should be keep tracked by an Auditor. From the experiences back in 2008 on creating New Roots but fail on Roots Escrow, we’re warned to separate the Audit steps of the New Roots and Escrow Project () and the Audit over Systems ( 2). Both tasks should be close together.
On the other side, we have to do an Audit over Assurance (Registration Authority, RA) ( 1). There is no requirement on bundling the RA Audit and CA Audit as both business areas have their own Policy sets and can be checked separately. This can make our work presumably easier. Easier to get Audit funding for Audit over RA. As Assurance area is closer to be Audit Ready, we can also signal to the Community Audit is back on track. This will probably push the other tasks. With a small budget we probably can double the result by getting new resources, “Hey, there is progress on the overall Audit task” – CAcert is back!