Deutschsprachige CAcert Support Liste

[Bernhard Fröhlich <bernhard AT cacert.org>]

Hi Dirk,

the fix needs a second review (which is all but trivial!), but IIRC we'd 
formally need two test reports, so at least one more than your report, 
and preferably one from someone not involved in development and review...

Probably you can overrule this requirement as Software Team Lead, 
especially because the change is that simple.

As an alternative we'd need a description on how to test this bug. I 
guess that this is not so easy since you probably need a publicly 
reachable mail server which is "picky".

The second problem is that it looks like test.cacert.org is not allowed 
to open SMTP connections into the internet by the firewall. While I 
consider this very sensible under normal circumstances, it obviously 
prevents testing of this bugfix.

Jan, I guess you could change the firewall. Is there an option to 
temporarily allow SMTP connections? Something like a web interface where 
you can allow the "pass" rule for 4 hours or so?
Or am I wrong, and is this not a firewall problem at all?

Kind regards
Ted

Am 24.01.2019 um 09:06 schrieb Wytze van der Raay:
> Hi Dirk,
>
> On 11/23/18 10:39 PM, dirk astrath wrote:
> > ...
> > When a patch is ready to be deployed on the productive server, Ted
> > (Bernhard) or I will send a signed email with the details in a form like
> > you added to this mail. (If one of the silent Software-Assessors tries
> > to use this procedure, please contact Ted and/or me for confirmation.)
> >
> > As soon as we sent this mail, we'll assign the bug to you so you're able
> > to confirm the execution via mantis, too.
> > > In this case I'll compile the signed message to you/critical team for
> > bug 1430 over the weekend ...
> The formal patch request for bug #1430 never materialized until now.
> Could you please take care of it ASAP. Since November, several users
> have suffered from this bug, as deployment of TLS1.2 in exclusive
> mode is increasing. I've Cc'ed the most recent victim of this problem.
>
> Regards,
> -- wytze
>
>
> > Kind regards,
> >
> > dirk
> >
> > On 23.11.2018 09:12, Wytze van der Raay wrote:
> > > Hi Dirk,
> > >
> > > On 11/22/18 10:26 PM, Mantis Bug Tracker wrote:
> > > > The following issue has been ASSIGNED.
> > > > ======================================================================
> > > > https://bugs.cacert.org/view.php?id=1430
> > > > ======================================================================
> > > > Reported By:                HansMaulwurf
> > > > Assigned To:                wytze
> > > > ======================================================================
> > > > ...> 2018-11-16 18:39 dastrath       Note Added: 0005682
> > > > 2018-11-22 21:26 dastrath       Assigned To              dastrath => wytze
> > > > ======================================================================
> > > I noticed that you changed the assignment for this issue to me.
> > > Is this meant to indicate that CAcert Software Assessment expects
> > > to see this patch implemented on the production server?
> > > If so, this is a rather unusual method of indicating so ... in the
> > > good old days, SA would send a patch request to 
> > > critical-admin AT cacert.org
> > > (example attached) to request a change to the production server(s).
> > > I am open to change, but would like to know for sure what will be the
> > > procedure for requesting production server patches.
> > >
> > > Regards,
> > > -- wytze
> > >
> > > Attached: sample patch request from 2016 (actually the very last one until now
> > > ...)

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature