View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001440 | Main CAcert Website | source code | public | 2018-05-24 21:33 | 2023-09-16 12:07 |
| Reporter | GuKKDevel | Assigned To | jandd | ||
| Priority | immediate | Severity | block | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Summary | 0001440: link to EU-EEA-DataProtectionDeclaration | ||||
| Description | we need a link to the EU-EEA-DataProtectionDeclaration | ||||
| Tags | legal requirement | ||||
| Attached Files | |||||
| Reviewed by | egal, Ted | ||||
| Test Instructions | |||||
|
|
https://github.com/CAcertOrg/cacert-devel/compare/release...GuKKDevel:bug-1440 |
|
|
The target link is https://wiki.cacert.org/Privacy/EU-EEE-DataProtectionDeclaration The pages in the WiKi were created by Etienne, with some help of others. I asked Megan (our current Privacy Officer) for a statement, she confirmed that at least the english text is acceptable. Sent a Mail to Etienne asking about the current status, and his opinion on access restrictions on these pages. |
|
|
The fix is now installed on https://test.cacert.org and ready for testing. |
|
|
did a short test. irritating is that a certificate is asked for. after giving one - connected with an account- , I am logged in to the wiki and the page is shown cancel the certificate question the wikipage is shown question: can we at a later time integrate this pages into our online-directory? or at least is the writing access to this wikipages restricted? |
|
|
tested with kubuntu 18.04 and firefox. same behavior with win10 and chrome same behavior with win10 and opera different behavior win10 and firefox there was no question for certificate |
|
|
tested with Vivaldi 2.0 on Lubuntu 16.04 LTS it tells something about invalid certs, if I accept to proceed to an unsure site it works. If Vivaldi works this way, Chrome and Chromium will probabely as well. |
|
|
Can the text of the link be changed from EU-EEE-DataProtectionDeclaration to EU-EEA-DataProtectionDeclaration? (This is a typo in the wiki URL, as EEA is the European Economic Area) - apperas the text on pootle and can be corrected an translated there? |
|
|
did the source change diff-bug-1440-bug-1440 (1,000 bytes)
diff --git a/includes/general_stuff.php b/includes/general_stuff.php
index 891c4bf..9aca9ef 100644
--- a/includes/general_stuff.php
+++ b/includes/general_stuff.php
@@ -135,7 +135,7 @@ if(!function_exists("showfooter"))
<div id="siteInfo">
<a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
<a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> |
- <a href="https://wiki.cacert.org/Privacy/EU-EEE-DataProtectionDeclaration"><?=_("EU-EEE-DataProtectionDeclaration")?></a> |
+ <a href="https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration"><?=_("EU-EEA-DataProtectionDeclaration")?></a> |
<a href="/index.php?id=51"><?=_("Mission Statement")?></a> | <a href="/index.php?id=11"><?=_("Contact Us")?></a> |
©2002-<?=date("Y")?> <?=_("by CAcert")?></div>
</div>
|
|
|
Test report: 1. Tested URL: https://test.cacert.org 2. Hyperlink to GDPR visible in the footer of the main page with the label "EU-EEE-DataProtectionDeclaration". 3. Clicking on that link opens in the same window the page titled "PrivacyEU-EEE-DataProtectionDeclaration". That page lists 7 languages, whom 4 of them make actually a GDPR declaration available. 4. Clicking on "english" opens in the same window the page titled "Data Protection Declaration for Users in EU & EEA". That page actually contains a declaration of CACert in regards of its users' rights and CACert's obligations under the general data protection regulation. 5. Coming back to the page titled "Data Protection Declaration for Users in EU & EEA" and then clicking on "česky" or "deutsch" directs in a similar way to the same declaration translated into theses respective languages. 6. Coming back to the page titled "Data Protection Declaration for Users in EU & EEA" and then clicking on "italiano" directs in a similar way to the same declaration partially translated into Italian, part of the declaration being displayed in English still. 7. Coming back to the page titled "Data Protection Declaration for Users in EU & EEA" and then clicking on "Български" or "français" or "nederlands" directs to empty pages (populated either by the generic message "This page does not exist yet." either by a message "translation to be completed"). 8. Conclusion : the patch works like it should work. Additional work have to be done for completing translations of the GDPR declaration, but this is not what the patch is involved in. 9. Tested with Firefox Quantum 63. Miscellaneous : that test report was written as a matter of exercise for me, in order to find in the future a trade-off between the quality of software testing required by CACert's policy and the quantity of work it requires from tester. Here, it might happen that the amount of paperwork coming with the patch acceptance far exceeds the quantity of work for writing the patch itself. May it be enough for a second confirmation test by someone else to states that the same behaviour would have been observed, without more details? I hope so, in order to save time of the next tester. |
|
|
if the new diff (https://bugs.cacert.org/view.php?id=1440#c5632; EU-EEE-DataProtectionDeclaration to EU-EEA-DataProtectionDeclaration) is installed, the wiki-page(s) must be renamed: PrivacyEU-EEE-DataProtectionDeclaration to PrivacyEU-EEA-DataProtectionDeclaration |
|
|
The following links are now changed: https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/CZ https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/DE https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/EN https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/FR https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/NL https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/IT including the internal links on the top of each page. |
|
|
L10N proposed to solve bug-1423 i the same test as bug-1440; Wenn du gerade den Datenschutzlink auf der Cacert.org Seite änderst, könntest du gleich eine Zeile darüber bei de Sponsorenlogos beim Open Network Architecture Logo den Link zu http://www.openarchitecturenetwork.org/ entfernen? Das Netzwerk existiert nicht mehr und der Link wird zu einer Bank in Singapur umgeleitet, zu der CAcert keine Beziehung hat. Somit wäre https://bugs.cacert.org/view.php?id=1423 auch gerade gelöst. The branch is created and updated |
|
|
tested on: mozilla firefox 69.0. i do not have wiki account yet. certificate requested on click (but looks like it does not requested anymore after i logged in to mantis). i do not see problem in certificate requesting, but if anonymous access to this page must be provided, in case of not providing login certificate page should be displayed too. |
|
|
i have logged out from mantis and retry test, certificate does not requested anymore. |
|
|
certificate requested again after browser restart, page works in both cases: 1. if i provide login certificate 2. if i decline and does not provide login certificate |
|
|
Tested with FF 69.0 (64 bit) on Linux Mint 19.2. I have a Wiki account. I startet FF and clicked the link, got a client certi dialog. I pressed ESC and got to the Wiki. Clicked "deutsch" and got to Datenschutzerklärung without more client cert dialog. I restarted FF and clicked the link, this time I chose my certificate and got into the Wiki (login successful). I restart FF a third time and opened the link as HTTP. The Wiki link is HTTPS, so it will always request a client cert. I'm ok with this behaviour (as the privacy declaration can be accessed without certificate). You could improve it only if the Wiki would allow HTTP and had no Strict-Transport-Security header. |
|
|
Now tested on my LineageOS 14.1 phone (1080 x 1920). I have CAcert root certs installed. First with FF 68.1.1: Works without client cert dialog, I get to the privacy declaration with 2 clicks. Strange: Android browser shows the welcome page, but when I click the link it loads the Wiki, but does not display it. There is still the welcome page displayed. I guess this is an Android/LIneageOS issue and no CAcert bug. |
|
|
So, I take this testreports that this procedure is acceptable. So now, reviews must be done (by the Software Assessors)... |
|
|
review passed when using the code from test-server: <div id="siteInfo"> <a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> | <a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> | <a href="https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration"><?=_("EU-EEA-DataProtectionDeclaration")?></a> | <a href="/index.php?id=51"><?=_("Mission Statement")?></a> | <a href="/index.php?id=11"><?=_("Contact Us")?></a> | ©2002-<?=date("Y")?> <?=_("by CAcert")?></div> </div> |
|
|
Rebased bug-1440 to the current release branch. Compared commits d328ebd6ad641a9caf4c80208a14d3b8f768edc0 (release) to cc57914d34e703c2abd085757bd91d9d6313e92e. The review is PASSED. I noticed that https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/DE (and probably the translations as well) need an update to the new (swiss based) address of CAcert Inc, but this does not prevent the review. |
|
|
Patch request sent to critical team. |
|
|
@Ted where can I find a git branch containing commit cc57914d34e703c2abd085757bd91d9d6313e92e ? I would like to discuss how we do branching/releasing correctly and most importantly in a traceable manner in the future. Sending around individual patches may not be the best way to do this. |
|
|
@jandd You can use "git show cc57914d34e703c2abd085757bd91d9d6313e92e" to get details on the commit (for example the branches where this commit is included), you can usr "git checkout cc57914d34e703c2abd085757bd91d9d6313e92e" to get the code status after this commit, you can use it as one parameter for "git diff". With Git Extensions you can explicitly search for the commit. For github.com I did not find a way to easily search for a commit id (without knowing its branch)... Does this answer your immediate question? As I understand it, the commit id is one reliable mechanism to refer to a specific code state in git. I'm very open to discuss alternatives to my current processes, but I guess this case is not the ideal place to do so... Should we try on cacert-devel@lists.cacert.org ? |
|
|
I just was not aware that searching for commit ids does not work on github. https://github.com/CAcertOrg/cacert-devel/compare/bug-1440 shows the change. Sorry for the noise :-) git branch -a --contains cc57914d34e703c2abd085757bd91d9d6313e92e showed me the relevant branch. |
|
|
at who it may concern: please close; it is implemented at cacert.org. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-05-24 21:33 | GuKKDevel | New Issue | |
| 2018-05-24 21:55 | GuKKDevel | Assigned To | => GuKKDevel |
| 2018-05-24 21:55 | GuKKDevel | Status | new => fix available |
| 2018-05-24 21:55 | GuKKDevel | Note Added: 0005590 | |
| 2018-10-30 20:27 | Ted | Note Added: 0005623 | |
| 2018-10-30 20:27 | Ted | Assigned To | GuKKDevel => Ted |
| 2018-10-30 20:27 | Ted | Status | fix available => needs review & testing |
| 2018-10-30 22:23 | Ted | Note Added: 0005625 | |
| 2018-10-30 22:23 | Ted | Note Edited: 0005625 | |
| 2018-10-31 06:54 | GuKKDevel | Note Added: 0005627 | |
| 2018-10-31 13:43 | GuKKDevel | Note Added: 0005629 | |
| 2018-10-31 22:59 | L10N | Note Added: 0005630 | |
| 2018-10-31 23:12 | L10N | Note Added: 0005631 | |
| 2018-10-31 23:34 | GuKKDevel | File Added: diff-bug-1440-bug-1440 | |
| 2018-10-31 23:34 | GuKKDevel | Note Added: 0005632 | |
| 2018-11-01 05:16 | GuKKDevel | Summary | link to EU-EEE-DataProtectionDeclaration => link to EU-EEA-DataProtectionDeclaration |
| 2018-11-01 05:16 | GuKKDevel | Description Updated | |
| 2018-11-01 05:18 | GuKKDevel | Tag Attached: legal requirement | |
| 2018-11-02 10:07 |
|
Note Added: 0005639 | |
| 2018-11-02 11:02 | GuKKDevel | Note Added: 0005640 | |
| 2018-11-05 23:43 | L10N | Note Added: 0005656 | |
| 2018-11-06 10:54 | GuKKDevel | Note Added: 0005659 | |
| 2018-11-06 10:57 | GuKKDevel | Relationship added | related to 0001423 |
| 2019-09-21 15:44 | sss | Note Added: 0005839 | |
| 2019-09-21 15:46 | sss | Note Added: 0005840 | |
| 2019-09-21 15:48 | sss | Note Added: 0005841 | |
| 2019-09-21 18:18 | SaT | Note Added: 0005842 | |
| 2019-09-21 18:33 | SaT | Note Added: 0005843 | |
| 2019-10-02 19:26 | Ted | Status | needs review & testing => needs review |
| 2019-10-02 19:26 | Ted | Note Added: 0005849 | |
| 2021-04-05 17:38 | egal | Note Added: 0005973 | |
| 2021-04-05 17:38 | egal | Reviewed by | => egal |
| 2021-04-11 14:31 | Ted | Note Added: 0005978 | |
| 2021-04-11 14:31 | Ted | Reviewed by | egal => egal, Ted |
| 2021-04-11 16:08 | Ted | Status | needs review => ready to deploy |
| 2021-04-11 16:08 | Ted | Note Added: 0005979 | |
| 2021-04-12 07:41 | jandd | Note Added: 0005980 | |
| 2021-04-12 16:10 | Ted | Note Added: 0005981 | |
| 2021-04-12 16:10 | Ted | Note Edited: 0005981 | |
| 2021-04-12 16:11 | Ted | Note Edited: 0005981 | |
| 2021-04-13 10:09 | jandd | Note Added: 0005982 | |
| 2023-09-15 21:59 | L10N | Note Added: 0006190 | |
| 2023-09-16 12:07 | jandd | Status | ready to deploy => solved? |
| 2023-09-16 12:07 | jandd | Resolution | open => fixed |
| 2023-09-16 12:07 | jandd | Assigned To | Ted => jandd |
| 2023-09-16 12:07 | jandd | Status | solved? => closed |
