They repair our systems, expand them and adapt them to new requirements. Put new functions through their paces. They deal with errors and find innovative and pragmatic solutions. They also plan, develop and programme new pillars for CAcert. We are talking about a dedicated small group of volunteers known as “Software Team”. When you talk to them, you can immediately sense the enthusiasm with which they work in their free time to create new things together and make progress.
The fact that various small projects have been completed in recent months, that age-related weaknesses have been ironed out and errors rectified, and that a major new project has been brought to the finishing line, is not only thanks to the dedication of these people, but also to the fact that they have succeeded in winning over others. The software team has actually grown this year, with new members joining the team. In fact, the software team has actually grown this year, with new members joining the team.
New recruits initially take on small tasks, working hand in hand with volunteers who know our systems inside out like nobody else. Once they have passed the security check, formerly known as ABC, replaced some time ago by BGC, they also help with work on system-relevant software. Welcome to the Software Team of CAcert!
English Our efforts, most recently under Ted’s leadership, to re-establish a functioning background assessment system (formerly called ABC) for incoming volunteers were successful. This was essential for us to be able to staff our teams again.
In May-June 2020, after recognising the inability of the last remaining arbitrators to re-establish the arbitration function anywhere near what it was until 2016, and after consultation with the arbitrators, we established a new background check process, which we entrusted to members of the association who had undergone this ABC check themselves in the past. The first entrusted members to interview newcomers were Bernhard F and Dirk A.
As a result of this work, new background checks were carried out for the first time in more than seven years in the past weeks. Three candidates for positions with wide ranging system access were interviewed by the two examiners in a suitable interview setting to assess with them whether they might be open to external manipulation or even blackmail once appointed to positions with wide ranging access to the machines. Each of the applicants presented a report of their interview to the committee and the committee members were asked to vote on whether they should accept appointment to the positions of responsibility under consideration.
Français Nos efforts pour rétablir un système fonctionnel d’évaluation des antécédents (anciennement appelé ABC) pour les nouveaux volontaires ont été couronnés de succès. C’était indispensable pour que nous puissions reconstituer nos équipes. Après avoir reconnu l’incapacité des derniers arbitres restants à rétablir la fonction d’arbitrage à un niveau proche de ce qu’elle était jusqu’en 2016, nous avons établi un nouveau processus de vérification des antécédents (ABC) que nous avons confié à des membres de l’Association qui s’étaient eux-mêmes soumis à cet examen ABC dans le passé.
Grâce à ce travail, des vérifications des antécédents ont été effectuées pour la première fois en plus de sept ans au cours des dernières semaines. Trois candidats ont été interrogés dans un cadre d’entretien approprié afin d’évaluer avec eux s’ils pouvaient être ouverts à la manipulation externe ou même au chantage une fois nommés à des postes ayant un accès étendu aux machines. Les membres du comité ont été invités à voter pour accepter ou non la nomination aux postes de responsabilité envisagés après avoir vu les résultats.
Deutsch Unsere Bemühungen wieder eine funktionierende Hintergrundprüfung (früher ABC genannt) für neu hinzukommende Freiwillige einzuführen, waren erfolgreich. Dies war unerlässlich, damit wir unsere Arbeitsgruppen wieder besetzen können.
Nachdem wir die Unmöglichkeit erkannt hatten, die Schiedsfunktion wieder annähernd so zu etablieren, wie sie bis 2016 war, haben wir nach Rücksprache mit den Arbitratoren eine neue Hintergrundprüfung eingerichtet, mit der wir Mitglieder des Vereins betraut haben, die sich in der Vergangenheit bereits selbst dieser ABC-Überprüfung unterzogen hatten.
Deshalb wurden in den vergangenen Wochen nach mehr als sieben Jahren erstmals wieder Hintergrundprüfungen durchgeführt. Drei Kandidaten für Posten mit weitreichendem Systemzugang wurden von den beiden Prüfern in einem geeigneten Gesprächsrahmen befragt, um mit ihnen abzuschätzen, ob sie nach ihrer Ernennung in Positionen mit weitreichendem Zugang zu den Maschinen für externe Manipulationen oder gar Erpressungen offen sein könnten. Der Vorstand wurde daraufhin gebeten, nach Lektüre des Prüfberichtes, darüber zu beraten, ob er der Ernennung des Bewerbers für die in Frage kommende Verantwortungsposition annehmen kann.
Todays systemlog message marks the quantum leap in our about 10 months project work, to become the Software-Assessment area auditable.
As many Software-Updates are in the queue from the software developers, that needs testing and reviews by Software Assessors, the team started by end of last year with this project,
to build up a new ”controlled” testserver with authority by Software-Assessors
built up by the critical team as a Disaster Recovery testcase
a new central repository for all the upcoming software projects (including the New Software project BirdShack)
building a new test team running the software tests
and finalyze the process by a review of the patches by 2 Software-Assessors
document the patches, the testing, the review and the check by two Software-Assessors
to bundle the new Software-revision for transfer to the Critical team
The systemlog message signals, that the first tested and reviewed patches has received by the critical system webdb and is incorporated into production. A new tarball has been generated to build the next basis for applying the next patches.
So here my thanks goes to all the involved teams,
Software-Assessment-Project team
the new Software Testteam
the Critical Sysadmins team
and last but not least to the Software-Assessors from the Software-Assessment team
With all these people assistance, this project hadn’t be pushed to this milestone. Thank you Andreas, to build the project plan and the technical background, and also hosting the current testserver, Thank you Wytze for all your work to build the new testserver from scratch as identical as possible to the production server, to Michael, who assist us in deploying the new git repository and also assistance in deploying the Testserver-Mgmt-System, so everybody can start testing w/o the need of console access, Thank you Markus, for all your time and effort to deploy the repository and testserver environment and also your work together with Philipp as Software-Assessor, to finalyze the Software-Update-Cycle. Thank you Dirk for all your suggestions to move on with this project.
Some more work is todo:
adding a test-signer, so also cert related patches can be tested in the future (Andreas and Markus are working on this)
deploying a C(ontinous)I(ntegration) system for automated testing (Andreas is working on this).
Now the teams have to walk thru the list of open bugs, that needs to be pushed thru … First of all is the “Thawte” bug … to signal all users who’ve got their Thawte points transfered by the old Tverify program if they are effected by the points removal or if they are safe. The CCA-Rollout with a couple of patches, a list of new Policies and Subpolicies related patches (eg. PoJAM, TTP program), a list of Arbitration pushed patches, and so on …
So guys, lets have a party tonight, we’ve wiped out one of the biggest audit blockers!