CAcert Code Development list.

[Michael Tänzer <michael.taenzer AT cacert.org>]

Hi,

On 13.06.2011 23:28, Bernhard Fröhlich wrote:
> Am 13.06.2011 04:22, schrieb Michael Tänzer:
>> I have just upgraded our bug tracker to a new version of the operating
>> system. There were no major complications so I hope it continues to
>> operate smoothly. If it does not, throw me a message.
> 
> The bug tracker seems to work, but it looks very unusual here, like some
> kind of layout information is missing, see screenshot.
> Maybe a problem with a CSS? Trying to load the sheet from
> http://bugs.cacert.org/default.css
> <view-source:http://bugs.cacert.org/default.css>produces a "404 Not
> Found" error...

Yes, today I have continued to upgrade. The Bug tracker is now at
version 1.2.x but there are some issues remaining. A rather annoying one
is that Mantis and the Tunix firewall don't seem to play well together.
Apparently all SSL connections are terminated in the firewall and then
bugs.cacert.org only gets a usual HTTP connection. That's bad in many ways:
- If we ever came around to implement client authentication it wouldn't
work because the server at bugs.c.o can't verify the client identity
because it doesn't even know, that there is an SSL handshake going on
- Because bugs.c.o doesn't know it's communicating over SSL it does
construct wrong URLs sometimes. Especially the CSS links are broken in
that they link to the non-SSL version (don't ask me why they are using
absolute URLs there). It seems that some browsers (e.g. Firefox) ignore
CSS over non-SSL for SSL sites. In the old versions of mantis one could
overwrite that by specifying an alternative CSS including the https://
but now you can only give it relative paths and Mantis always prepends a
http://bugs.c.o. I played around with it a bit and made a mistake not
including the /css/, that's what you saw. Now it should semi-work again
(i.e. the file is not 404 but it is still served over non-SSL). There
are some even more annoying places where this happens (e.g. on the
"Request Successful" pages you are redirected to a non-SSL site).
- Mantis provides a SOAP API you could for example use to integrate it
into your IDE. That doesn't work because the firewall doesn't know SOAP
although they are plain old HTTP posts and responds with a 501 Not
Implemented.


So it essentially comes down to: do we need to keep bugs.c.o behind the
Tunix firewall? I mean firewalls in general are great but not if they
dig that deep into the protocol layers. The alternative being
downgrading to Mantis 1.1.X again (i.e. no Git integration etc.) or
patching the Mantis code to only use relative URLs (at least in the
important places). We will never get Client Certificate login and SOAP
services then.


Upcoming changes: introducing new bug states to reflect our Software
Assessment process ("needs work", "needs review & testing", "needs
testing", "needs review", "ready to deploy")


Cheers,
-- 
Michael Tänzer
CAcert Support Team Leader

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature