View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000876 | Main CAcert Website | website content | public | 2010-10-06 14:19 | 2013-01-15 15:02 |
| Reporter | edgarwahn | Assigned To | NEOatNHNG | ||
| Priority | immediate | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2010 Q4 | ||||
| Summary | 0000876: NRP-DaL to be removed immediately | ||||
| Description | Message from IanG: The policy group decision was pretty damning: "Further, that Non-related Parties - Disclaimer and Licence be withdrawn entirely and immediately, fully effective on finalisation of this motion. The purpose of the NRP-DaL is entirely replaced by the RDL." I would think that linking to this document is a secondary issue. The document will also be linked to by many wiki and SVN pages, being our second tier documentation. And, also many other sources tertiary and below. All these have to be cleaned up, sure. But that doesn't change the priorities. NRP-DaL to be withdrawn *entirely and immediatly*. | ||||
| Additional Information | Remove the file /www/policy/NRPDisclaimerAndLicence.php from the source tree. If possible send an email to some admin, including http referrer (to be able to fix links to that page over time) and display a decent error message. If not possible in short time, remove the file entirely. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
|
|
Removed the file from cacert-devel repository, pushed to cacert1. http://cacert1.it-sls.de/policy/NRPDisclaimerAndLicence.php Looks ok for me, so here is the first Ack for release. |
|
|
File replaced with an explanatory text and link to RDL. |
|
|
Reviewed, Ack to be released. |
|
|
About CAcert.Org + Policies https://cacert1.it-sls.de/policy/ NRP-DaL is still on the Menu list * NRPDisclaimerAndLicence.php click on this link results in "The document "Non Related Persons - Disclaimer And Licence" was replaced by the Root Distribution Licence, which can be found here. " thats ok "can be found here" link redirects to https://cacert1.it-sls.de/policy/RootDistributionLicense.php this is ok. Main website https://cacert1.it-sls.de/ lists the RDL, thats ok. Link works. Ok Community Agreement https://cacert1.it-sls.de/policy/CAcertCommunityAgreement.php links: NRP-DaL is named, but doesn't include links. Root Certificate - page links to RDL directly. Ok. Join - no occurance of RDL or NRP-DaL Add Email - no occurance of RDL or NRP-DaL Create Client Cert - no occurance of RDL or NRP-DaL Add Domains - no occurance of RDL or NRP-DaL Add Server Cert - no occurance of RDL or NRP-DaL So all seems to be ok ... except the menu link under Policies |
|
|
Regarding: https://cacert1.it-sls.de/policy/ [^] NRP-DaL is still on the Menu list * NRPDisclaimerAndLicence.php As the file contents was replaced by the explanatory text + link to RDL, the FILE itself still exists. The index.php script placed in /policy/ just takes all file names als generates the link list automatically. We can just ignore this, remove the NRP-DaL entirely or add the file name to an exclude list within the index script. |
|
|
in original bug filing it is reading "Further, that Non-related Parties - Disclaimer and Licence be withdrawn entirely and immediately, fully effective on finalisation of this motion. The purpose of the NRP-DaL is entirely replaced by the RDL." I would think that linking to this document is a secondary issue. thats one sidenote by the author .... I'm reading it as "if its too difficult to push the patch thru" ... but currently we've reached the essential milestone ... to push patches from Software-Assessment to Crititical Team ... so therefor this link has to be removed too ... "NRP-DaL to be withdrawn *entirely and immediatly*." is the goal ... leaving things open ... is one more point we have to check again and again ... and users complaining again and again ... remove all links also if its possible ... und removing the link is possible ... so why leaving this link open ?!? |
|
|
Added filter to index.php to prevent NRP-DaL from being displayed when accessing www.cacert.org/policy. The "sorry, page has gone look there" page is still there if the policy is accessed directly. So no broken link, license is not displayed any longer. Still existing links in webdb, wiki and external sources can be fixed when found without a need to hurry. Tested, looks good, so Ack from my side to put to live. |
|
|
Site note: the new text is not translated right now, needs to be pushed to translingo. |
|
|
http://cacert1.it-sls.de/policy/ no longer lists NRP-DaL great ;) direct link (from possible other sources) http://cacert1.it-sls.de/policy/NRPDisclaimerAndLicence.php displays link to the RDL. Link works. so from my side, problem is solved. |
|
|
patch: git diff 5b265ec9f26db9fcc24cf8e6f596117403f3cd78..c6ed18141161adf6b17ea07d9c6a8eeb37f6eaa1 |
|
|
I've made some improvements: - We don't need any dynamic content in this page so I stripped all PHP (this is also how it's done in the other policies) - I fixed the HTML markup (missing opening html and body tags as well as missing header) Changes available in branch bug-876, last commit 96448c95722cb358edc37ced9c70dc146dd5ad35 (will be in cacert-devel.git as soon as I'm able to push there) |
|
|
OK, pushed and added to the test server. Please review and test. |
|
|
I have found that NRP is mentioned on the following pages which need to be changed: https://cacert1.it-sls.de/policy/CAcertCommunityAgreement.php It may be also on capnew.php but I can't test this on the test system because of a missing logo (will open a seperate bug ticket for that) |
|
|
This is something the policy group has to do. In the WIP version of the document it already has been changed ( https://svn.cacert.org/CAcert/Policies/Agreements/CAcertCommunityAgreement.html ) but it has to be voted to draft and approved by the board to become policy. So we can't fix that one. capnew.php would be a different story. |
|
|
Results from visiting the website w/o login: --------------------------------------------- Policies lists http://cacert1.it-sls.de/policy/ CAcert Policies * AssurancePolicy.php * CAcertCommunityAgreement.php * CertificationPracticeStatement.php * DisputeResolutionPolicy.php * OrganisationAssurancePolicy.php * PolicyOnPolicy.php * RootDistributionLicense.php Thats as expected. Direct link from an outdated document (like the CCA, capnew) ends on http://cacert1.it-sls.de/policy/NRPDisclaimerAndLicence.php as expected with a redirect link to new RDL http://cacert1.it-sls.de/policy/RootDistributionLicense.php Thats as expected. Results from visiting the website w/ login: --------------------------------------------- cannot find any link to NRP-DaL nor RDL eg issue new cert doesn't include CCA agreement request and therefor no link to NRP-DaL or RDL Assure someone has no links to NRP-DaL or RDL so this is out of scope of this bug# |
|
|
remark to comment (0001783) capnew.php will no longer supported. probably removal candidate. There are known problems with the create pdf routine. Design is somewhat complicated in the assurance process. AP 4.5 - assurer has to check following points: The CAcert Assurance Programme (CAP) form requests the following details of each Member or Prospective Member: 1. Name(s), as recorded in the on-line account; 2. Primary email address, as recorded in the on-line account; 3. Secondary Distinguishing Feature, as recorded in the on-line account (normally, date of birth); 4. Statement of agreement with the CAcert Community Agreement; 5. Permission to the Assurer to conduct the Assurance (required for privacy reasons); 6. Date and signature of the Assuree. The CAP form requests the following details of the Assurer: 7. At least one Name as recorded in the on-line account of the Assurer; 8. Assurance Points for each Name in the identity document(s); 9. Statement of Assurance; 10. Optional: If the Assurance is reciprocal, then the Assurer's email address and Secondary Distinguishing Feature are required as well; 11. Date, location of Assurance and signature of Assurer. On cap.php points 1-6 are in order top down except 2/3 and 4/5 switched points 7-11 are all in the Assurers box capnew.php has splitted Assurees part into 2 blocks 1-3 and 4-6 The Assurers part is arranged over all parts of the capnew 7 assurer block, 8 assuree block, 9 + 10 again in assurer block, 11 splitted onto top of capnew (location), date + signature into assurer block so cap.php is more a straight top-down process conducted by AP. capnew.php includes the possibility to add addtl. name variations on different ID doxs into the name fields, but there is no more a straight top-down logic within the cap form to follow AP points. |
|
|
Notifications to testteam sent by email * 2010-11-12 (english) * 2010-11-16 (english) * 2010-11-19 (german) |
|
|
I found no link on the main pages that can be reached over the menue in http://cacert1.it-sls.de/index.php without and with login. But I discovered the following: On https://cacert1.it-sls.de/policy/CAcertCommunityAgreement.php the NRP is mentioned but not linked. ON https://cacert1.it-sls.de/policy/CertificationPracticeStatement.php there is the link COD4 that points to the NRPDisclaimer |
|
|
@INOPIAE But apart from that everything is OK, right? Those two pages are policies and can only be fixed in the policy group, as clarified above. |
|
|
Note to Software Assessors: My changes still need review. Patch of the whole changes can be shown by doing $ git diff your_name_for_cacert-devel/release your_name_for_cacert-devel/bug-876 Where your_name_for_cacert-devel is replaced with the remote alias you have chosen for cacert-devel.git (if you cloned from it it's "origin" by default). Make sure you have the latest changes ("git fetch your_name_for_cacert-devel"). To only show the changes I have done: $ git show d385b7b2647355444a08b3b7f16924dc106f8a34 |
|
|
Looks ok for me, code "adds" the removal of all dynamic php and renders the document as 100% static content. |
|
|
Mail sent to Critical Admins |
|
|
Looked ad all the links, For the Add ... links: did not actially Finnish the Add action. There are still some references to the NRP-DaL from the Policy's, and some links (COD4) from http://cacert1.it-sls.de/policy/CertificationPracticeStatement.php: http://cacert1.it-sls.de/policy/CAcertCommunityAgreement.php 5. "Non-Related Person" ("NRP"), being someone who is not a Member, is not part of the Community, and has not registered their agreement. Such people are offered the NRP-DaL another agreement allowing the USE of certificates. 6. "Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"), another agreement that is offered to persons outside the Community. 1.1 Agreement .... Your agreement is effective from the date of the first event above that makes this agreement known to you. This Agreement replaces and supercedes prior agreements, including the NRP-DaL. http://cacert1.it-sls.de/policy/CertificationPracticeStatement.php 1.3.5. Other participants .... Non-Related Persons (NRPs). These are users of browsers and similar software who are unaware of the CAcert certificates they may use, and are unaware of the ramifications of usage. Their relationship with CAcert is described by the Non-related Persons - Disclaimer and Licence (COD4). No other rights nor relationship is implied or offered. COD4 => http://www.cacert.org/policy/NRPDisclaimerAndLicence.php 1.6. Definitions and acronyms Non-Related Persons. ("NRPs") are general users of browsers and similar software. The NRPs are generally unaware of CAcert or the certificates that they may use, and are unaware of the ramifications of usage. They are not permitted to RELY, but may USE, under the Non-Related Persons - Disclaimer and Licence (COD4). 4.5.2.b Who may rely .... NRPs may not rely. If not related to CAcert by means of an agreement that binds the parties to dispute resolution within CAcert's forum, a person is a Non-Related-Person (NRP). An NRP is not permitted to rely and is not a Relying Party. For more details, see the NRP - Disclaimer and Licence (COD4). 9.7. Disclaimers of Warranties Persons who have not accepted the above Agreements are offered the Non-Related Persons - Disclaimer and Licence (COD4). Any representations and warranties are strictly limited to nominal usage. In essence, NRPs may USE but must not RELY. 9.8.1 Non-Related Persons CAcert on behalf of related parties (RAs, Subscribers, etc) and itself disclaims all liability to NRPs in their usage of CA's certificates. See COD4. http://cacert1.it-sls.de/policy/DisputeResolutionPolicy.php 2.2 Preliminaries .... Any parties that are not Users and are not bound by the CPS are given the opportunity to enter into CAcert and be bound by the CPS and these rules of arbitration. If these Non-Related Persons (NRPs) remain outside, their rights and remedies under CAcert's policies and forum are strictly limited to that specified in the Non-Related Persons -- Disclaimer and Licence. NRPs may proceed with Arbitration subject to preliminary orders of the Arbitrator. Question: RDL states: THIS LICENSE SPECIFICALLY DOES NOT PERMIT YOU TO RELY UPON ANY CERTIFICATES ISSUED BY CACERT INC. IF YOU WISH TO RELY ON CERTIFICATES ISSUED BY CACERT INC, YOU MUST ENTER INTO A SEPARATE AGREEMENT WITH CACERT INC. RDL does not state NRP's may use cert from CAcert as did the NRP-DaL, is the permission tu Use stated somewhere else? |
|
|
@pemmerik: I think the permission to copy also means that you may decode and verify it which is enough to use it, but that's something that belongs to the policy group ( cacert-policy@lists.cacert.org ). Also all pointers from other policies to the NRP-DaL have to be fixed by the policy group. If you repeat your request there you will probably get an answer. |
|
|
Applied fix to production system and committed it to CVS. See https://lists.cacert.org/wws/arc/cacert-systemlog/2010-11/msg00002.html |
|
|
Issue is closed as change is applied to production site. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2010-10-06 14:19 | edgarwahn | New Issue | |
| 2010-10-06 14:20 | edgarwahn | Relationship added | related to 0000829 |
| 2010-10-07 08:00 | edgarwahn | Note Added: 0001735 | |
| 2010-10-07 08:33 | edgarwahn | Note Added: 0001739 | |
| 2010-10-07 08:33 | edgarwahn | Note Added: 0001740 | |
| 2010-10-07 10:49 | Uli60 | Note Added: 0001741 | |
| 2010-10-07 11:19 | edgarwahn | Note Added: 0001742 | |
| 2010-10-07 22:01 | Uli60 | Note Added: 0001746 | |
| 2010-10-08 07:02 | edgarwahn | Note Added: 0001748 | |
| 2010-10-08 07:03 | edgarwahn | Note Added: 0001749 | |
| 2010-10-08 10:22 | Uli60 | Note Added: 0001750 | |
| 2010-10-15 08:59 | edgarwahn | Note Added: 0001752 | |
| 2010-11-12 00:28 | NEOatNHNG | Note Added: 0001781 | |
| 2010-11-12 09:00 | NEOatNHNG | Note Added: 0001782 | |
| 2010-11-12 09:51 | Andreas Baess | Note Added: 0001783 | |
| 2010-11-12 10:19 | NEOatNHNG | Note Added: 0001784 | |
| 2010-11-13 17:31 | NEOatNHNG | Note Edited: 0001784 | |
| 2010-11-15 17:17 | Uli60 | Note Added: 0001785 | |
| 2010-11-15 17:33 | Uli60 | Note Added: 0001786 | |
| 2010-11-19 15:13 | Uli60 | Note Added: 0001789 | |
| 2010-11-22 04:37 | INOPIAE | Note Added: 0001793 | |
| 2010-11-23 15:42 | NEOatNHNG | Note Added: 0001794 | |
| 2010-11-23 15:58 | NEOatNHNG | Note Added: 0001795 | |
| 2010-11-23 16:07 | NEOatNHNG | Status | new => needs work |
| 2010-11-23 16:07 | NEOatNHNG | Assigned To | => NEOatNHNG |
| 2010-11-23 16:08 | edgarwahn | Note Added: 0001796 | |
| 2010-11-23 16:08 | NEOatNHNG | Status | needs work => needs feedback |
| 2010-11-23 16:19 | NEOatNHNG | Note Added: 0001797 | |
| 2010-11-23 23:10 | pemmerik | Note Added: 0001798 | |
| 2010-11-23 23:11 | pemmerik | Note Edited: 0001798 | |
| 2010-11-24 08:53 | NEOatNHNG | Note Added: 0001799 | |
| 2010-11-29 16:50 | wytze | Note Added: 0001810 | |
| 2010-11-29 16:52 | wytze | Resolution | open => fixed |
| 2010-11-29 17:16 | NEOatNHNG | Status | needs feedback => solved? |
| 2010-11-29 19:35 | Andreas Baess | Note Added: 0001811 | |
| 2010-11-29 19:35 | Andreas Baess | Status | solved? => closed |
| 2011-06-19 16:12 | NEOatNHNG | Source_changeset_attached | => cacert-devel release d385b7b2 |
| 2011-06-19 16:46 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 01fd34e2 |
| 2011-06-19 16:46 | NEOatNHNG | Source_changeset_attached | => cacert-devel release d385b7b2 |
| 2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 01fd34e2 |
| 2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release d385b7b2 |
| 2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 01fd34e2 |
| 2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 96448c95 |
| 2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release d385b7b2 |
| 2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release d407985f |
| 2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 8561bf19 |
| 2013-01-10 10:48 | Werner Dworak | Relationship added | related to 0000941 |
| 2013-01-15 15:02 | Werner Dworak | Fixed in Version | => 2010 Q4 |
