Tag Archives: Project

Was ist OpenID Connect und was kann es?

Seit etwas mehr als einem Jahr ist bei CAcert immer wieder die Rede von OpenID Connect. Vor wenigen Wochen konnten die Messebesucher der FrOScon unser neues Standbein an unserem Stand selber testen. Doch um was geht es da genau? Eva Stöwe erklärte die Vorteile von OpenID Connect im zweiten Teil (ab 32:40) eines Vortrags an der FrOScon. Dabei geht sie auch auf die Kombination von OpenID Connect mit CAcert-Zertifikaten ein.

Schau den ganzen Vortrag oder auch nur den Teil über OpenID Connect mit CAcert-Zertifikaten ab Minute 32:40 auf dem Medienserver des ChaosComputerClubs: https://media.ccc.de/v/froscon2022-2801-wer_bin_ich_und_wenn_ja_wie_viele (Vortrag in deutscher Sprache)

Bist du so begeistert, dass du selber mithelfen möchtest? Lies hier, welche Möglichkeiten sich dir bieten! Oder wie du mit einer kleinen Spende von €10 die Betriebskosten decken kannst: https://paylink.conotoxia.com/t3A15JkVVW oder IBAN CH02 0077 4010 3947 4420 0

Easter Egg Challenge 2011

Easter Egg
We’ve just started our this years Easter Egg Challenge … We’ve put a couple of patches on to our testserver CACERT1 for you, our fellow and our new Software testers. We’ve put light to heavy patches to the package so everybody is able to walk thru the testserver web pages and search our Easter Egg’s.
Continue reading

Software-Assessment-Project reached next milestone

Todays systemlog message marks the quantum leap in our about 10 months project work, to become the Software-Assessment area auditable.

As many Software-Updates are in the queue from the software developers, that needs testing and reviews by Software Assessors, the team started by end of last year with this project,

  • to build up a new ”controlled” testserver with authority by Software-Assessors
  • built up by the critical team as a Disaster Recovery testcase
  • a new central repository for all the upcoming software projects (including the New Software project BirdShack)
  • building a new test team running the software tests
  • and finalyze the process by a review of the patches by 2 Software-Assessors
  • document the patches, the testing, the review and the check by two Software-Assessors
  • to bundle the new Software-revision for transfer to the Critical team

The systemlog message signals, that the first tested and reviewed patches has received by the critical system webdb and is incorporated into production. A new tarball has been generated to build the next basis for applying the next patches.

So here my thanks goes to all the involved teams,

  • Software-Assessment-Project team
  • the new Software Testteam
  • the Critical Sysadmins team
  • and last but not least to the Software-Assessors from the Software-Assessment team

With all these people assistance, this project hadn’t be pushed to this milestone. Thank you Andreas, to build the project plan and the technical background, and also hosting the current testserver, Thank you Wytze for all your work to build the new testserver from scratch as identical as possible to the production server, to Michael, who assist us in deploying the new git repository and also assistance in deploying the Testserver-Mgmt-System, so everybody can start testing w/o the need of console access, Thank you Markus, for all your time and effort to deploy the repository and testserver environment and also your work together with Philipp as Software-Assessor, to finalyze the Software-Update-Cycle. Thank you Dirk for all your suggestions to move on with this project.

Some more work is todo:

  • adding a test-signer, so also cert related patches can be tested in the future (Andreas and Markus are working on this)
  • deploying a C(ontinous)I(ntegration) system for automated testing (Andreas is working on this).

Now the teams have to walk thru the list of open bugs, that needs to be pushed thru … First of all is the “Thawte” bug … to signal all users who’ve got their Thawte points transfered by the old Tverify program if they are effected by the points removal or if they are safe. The CCA-Rollout with a couple of patches, a list of new Policies and Subpolicies related patches (eg. PoJAM, TTP program), a list of Arbitration pushed patches, and so on …

So guys, lets have a party tonight, we’ve wiped out one of the biggest audit blockers!