View Issue Details

IDProjectCategoryView StatusLast Update
0001265Main CAcert Websitemiscpublic2014-09-02 20:54
ReporterNEOatNHNG Assigned ToBenBE  
PriorityimmediateSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version2014 Q2 
Target Version2014 Q2Fixed in Version2014 Q2 
Summary0001265: Notification about Heartbleed OpenSSL bug to members
DescriptionAccording to Arbitration a20140408.1 [1] we should notify "all current members, who have either have had an active server-certificate since 2011-12-01 or have activated the "general announcement"-flag."


[1]: https://wiki.cacert.org/Arbitrations/a20140408.1
TagsNo tags attached.
Reviewed byNEOatNHNG, BenBE
Test Instructions

Activities

MartinGummi

2014-04-09 03:05

updater   ~0004697

Last edited: 2014-04-09 07:37

View 3 revisions

lll@s.d
General Announcements true
Language: germany
no orgs
Server Cert
=> OK

ttt@s.d
org Server Certs
revoked Server certs
Language: english
General Announcements false
=> OK

50.feb14@a.c
org Server Certs
General Announcements false
Language: french
=> OK

15.feb14@a.c
General Announcements false
Language: Dansk
no server certs
=> OK

20.feb14@a.c
General Announcements true
Language: German
no server certs
=> OK

==> OK test done

NEOatNHNG

2014-04-09 03:37

administrator   ~0004698

I have written the mail script and executed it on the test server. It probably takes until 4:00 UTC to complete. Please review and set up some test accounts so we can do a final test run.

Eva

2014-04-09 06:39

updater   ~0004699

Last edited: 2014-04-09 07:23

View 5 revisions

The basic combinations are:

- no reason for mail -> should get no mail
- some kind of S(erver)-Cert, no announcement set -> should get 1 mail
- no S(erver)-Cert, announcement set -> should get 1 mail
- some kind of S(erver)-Cert, announcement set -> should get 1 mail

Also:
- If language DE, than mail in DE (if at all)
- else, mail in EN (if at all)

There are a lot of combinations possible, especially if one checks every other possible influence (kind of server cert, all possible combinations of announcements...)

But in general those 4 mail combinations and the 2 language combinations should not be influenced by anything else or each other, so to test one of each of those categories should theoretically lead to no different answer, than if all possible subcategorie-combinations would be tested.

At least if one consideres the nature of the script, there is no reason to believe, that other than the needed fields would be even looked at. At least if it passes the review.

I currently cannot free the time to test all possible sub-combinations.
(all kinds of Certs, revoked and expired, annoucement, EN)
KatziAdm@cacert.org
EN
revoked and expired C and
active Org S exp and revoked Org C
all announcement

EN-Mail
-> OK


(S certs, announcement, DE)
obelix@acme.com
DE
C, S abgelaufen exp
ORg S abg
all announcement

EN+DE-Mail
-> OK



(only annoucement)
KatziTest1@cacert.org
EN
C revoked + expired
no S, Org
all announcement

EN-Mail
-> ok


(only S-Cert as reason)
50.feb14@acme.com
FR
org S, no other
no announcements

EN-Mail
-> ok


(no reason)
15.feb14@a.c
EN
no certs
no annoucnement

no mail
-> ok

overall: OK


I currently cannot free the time to test all possible sub-combinations. The most important ones were covered at least once.

Not covered by this test is if the time restriction, that it will not be send to members because of server certificates that expired before Dez 2011.

It is not possible to find according accounts in the huge amount of text accounts we have, in a sensible time frame. And it is not possible to fake those dates.


To get the mail out has to be considered to be urgend. So I hope that this test can be considered to be enough.

It covers the basic combinations.

(update: checked the mail for the DE acc again - did not see the DE mail below the EN one, previously, even as it was there.)

Eva

2014-04-09 06:57

updater   ~0004700

Comment of Arbitrator of a20140408.1:

I only ruled about who should get informed by the script. As long as the persons who should get the mail provided by Arbitration get it either in EN or in their chosen language I consider my ruling met.

The same goes for the greetings. I would accept a personal that usese the entries from the account or one that is the same for everybody. (As it was in the template provided from Arbitration.)


It is up to software team to decide if/when those conditions are met.

BenBE

2014-04-09 07:33

updater   ~0004701

Mailing script reviewed: Review OK.

Some minor changes in the text have been done, which should get a short OK from A or CM of a20140408.1 - otherwise ready to go.

MartinGummi

2014-04-09 07:45

updater   ~0004702

only text changes, looks ok

wytze

2014-04-09 09:01

developer   ~0004703

Last edited: 2014-04-09 09:01

View 2 revisions

The script has been installed on the production server on April 9, 2014.
See also https://lists.cacert.org/wws/arc/cacert-systemlog/2014-04/msg00003.html

Execution of the script has been started on April 9, 2014, 10:45 CEST.
Final results will be reported after completion of the script run.

wytze

2014-04-11 09:43

developer   ~0004713

After running the script for some 28 hours, we are probably only still
somewhere halfway (over 90.000 mails have been sent, userid is around
164000). Sending out these mails at a rate of 1 mail/second is too slow
with our current membership numbers I'm afraid. While this limitation
of 1 msg/second was needed in the past due to the rather modest
capacity of the old webserver, the new server is mostly idling under
such a load. So I've taken the liberty to increase the sending rate
to 10 msgs/second, by adding a "if ($count % 10 == 0)" in front of the
sleep(1).

After this speed up, the sending process completed on April 10 at 18:37 CEST.

wytze

2014-04-11 09:51

developer   ~0004714

The script has been running from April 9, 10:45 until April 10, 18:37 CEST.
A total of 168977 messages has been sent out, for a total userid base of 290146 entries.
According to the postfix mail statistics, a total of 170213 e-mails were sent during this period (including regular webdb service mails). For 22414 e-mails out of these delivery problems were reported.
At this moment (April 11, 11:30 CEST) there are still some 3700 e-mails queued for possible delivery later (the regular queue size is more like 50 - 100 e-mails).

For future mass-mailings like this, it is recommended to increase the sending rate from 1 msg/second to 10 msg/second, so the available server resources are used better and the mailing can complete within a number of hours rather than days.

Issue History

Date Modified Username Field Change
2014-04-08 15:30 NEOatNHNG New Issue
2014-04-08 15:30 NEOatNHNG Assigned To => NEOatNHNG
2014-04-08 15:31 NEOatNHNG Status new => needs work
2014-04-09 01:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 7a291246
2014-04-09 01:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable b4584939
2014-04-09 01:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 165628b7
2014-04-09 01:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 0331f388
2014-04-09 01:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable b5da37ca
2014-04-09 01:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 13aa009d
2014-04-09 01:40 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 3638be04
2014-04-09 01:40 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 26a30db1
2014-04-09 03:05 MartinGummi Note Added: 0004697
2014-04-09 03:05 MartinGummi Note Edited: 0004697 View Revisions
2014-04-09 03:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 71f46c65
2014-04-09 03:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 8db0a228
2014-04-09 03:37 NEOatNHNG Reviewed by => NEOatNHNG
2014-04-09 03:37 NEOatNHNG Note Added: 0004698
2014-04-09 03:37 NEOatNHNG Assigned To NEOatNHNG => BenBE
2014-04-09 03:37 NEOatNHNG Status needs work => needs review & testing
2014-04-09 06:39 Eva Note Added: 0004699
2014-04-09 06:40 Eva Note Edited: 0004699 View Revisions
2014-04-09 06:48 Eva Note Edited: 0004699 View Revisions
2014-04-09 06:57 Eva Note Added: 0004700
2014-04-09 07:02 Eva Note Edited: 0004699 View Revisions
2014-04-09 07:23 Eva Note Edited: 0004699 View Revisions
2014-04-09 07:33 BenBE Reviewed by NEOatNHNG => NEOatNHNG, BenBE
2014-04-09 07:33 BenBE Note Added: 0004701
2014-04-09 07:33 BenBE Priority urgent => immediate
2014-04-09 07:33 BenBE Status needs review & testing => needs testing
2014-04-09 07:37 MartinGummi Note Edited: 0004697 View Revisions
2014-04-09 07:40 BenBE Source_changeset_attached => cacert-devel testserver-stable 7013a435
2014-04-09 07:40 BenBE Source_changeset_attached => cacert-devel testserver-stable e5c83c7a
2014-04-09 07:45 MartinGummi Note Added: 0004702
2014-04-09 07:45 MartinGummi Status needs testing => ready to deploy
2014-04-09 09:01 wytze Note Added: 0004703
2014-04-09 09:01 wytze Note Edited: 0004703 View Revisions
2014-04-11 09:43 wytze Note Added: 0004713
2014-04-11 09:51 wytze Note Added: 0004714
2014-04-11 09:51 wytze Status ready to deploy => solved?
2014-04-11 09:51 wytze Fixed in Version => 2014 Q2
2014-04-11 09:51 wytze Resolution open => fixed
2014-09-02 20:54 INOPIAE Status solved? => closed