View Issue Details

IDProjectCategoryView StatusLast Update
0001440Main CAcert Websitesource codepublic2023-09-16 12:07
ReporterGuKKDevel Assigned Tojandd  
PriorityimmediateSeverityblockReproducibilityN/A
Status closedResolutionfixed 
Summary0001440: link to EU-EEA-DataProtectionDeclaration
Descriptionwe need a link to the EU-EEA-DataProtectionDeclaration
Tagslegal requirement
Attached Files
Reviewed byegal, Ted
Test Instructions

Relationships

related to 0001423 closedegal Link to an Asian Loan Bank 

Activities

GuKKDevel

2018-05-24 21:55

updater   ~0005590

https://github.com/CAcertOrg/cacert-devel/compare/release...GuKKDevel:bug-1440

Ted

2018-10-30 20:27

administrator   ~0005623

The target link is https://wiki.cacert.org/Privacy/EU-EEE-DataProtectionDeclaration

The pages in the WiKi were created by Etienne, with some help of others.

I asked Megan (our current Privacy Officer) for a statement, she confirmed that at least the english text is acceptable.

Sent a Mail to Etienne asking about the current status, and his opinion on access restrictions on these pages.

Ted

2018-10-30 22:23

administrator   ~0005625

Last edited: 2018-10-30 22:23

The fix is now installed on https://test.cacert.org and ready for testing.

GuKKDevel

2018-10-31 06:54

updater   ~0005627

did a short test.
irritating is that a certificate is asked for.
after giving one - connected with an account- , I am logged in to the wiki and the page is shown

cancel the certificate question the wikipage is shown

question:
can we at a later time integrate this pages into our online-directory?
or at least is the writing access to this wikipages restricted?

GuKKDevel

2018-10-31 13:43

updater   ~0005629

tested with kubuntu 18.04 and firefox.
same behavior with win10 and chrome
same behavior with win10 and opera

different behavior win10 and firefox there was no question for certificate

L10N

2018-10-31 22:59

reporter   ~0005630

tested with Vivaldi 2.0 on Lubuntu 16.04 LTS
it tells something about invalid certs, if I accept to proceed to an unsure site it works.
If Vivaldi works this way, Chrome and Chromium will probabely as well.

L10N

2018-10-31 23:12

reporter   ~0005631

Can the text of the link be changed from EU-EEE-DataProtectionDeclaration to EU-EEA-DataProtectionDeclaration?
(This is a typo in the wiki URL, as EEA is the European Economic Area) - apperas the text on pootle and can be corrected an translated there?

GuKKDevel

2018-10-31 23:34

updater   ~0005632

did the source change
diff-bug-1440-bug-1440 (1,000 bytes)   
diff --git a/includes/general_stuff.php b/includes/general_stuff.php
index 891c4bf..9aca9ef 100644
--- a/includes/general_stuff.php
+++ b/includes/general_stuff.php
@@ -135,7 +135,7 @@ if(!function_exists("showfooter"))
   <div id="siteInfo">
        <a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
         <a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> |
-        <a href="https://wiki.cacert.org/Privacy/EU-EEE-DataProtectionDeclaration"><?=_("EU-EEE-DataProtectionDeclaration")?></a> |
+        <a href="https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration"><?=_("EU-EEA-DataProtectionDeclaration")?></a> |
         <a href="/index.php?id=51"><?=_("Mission Statement")?></a> | <a href="/index.php?id=11"><?=_("Contact Us")?></a> |
        &copy;2002-<?=date("Y")?> <?=_("by CAcert")?></div>
 </div>
diff-bug-1440-bug-1440 (1,000 bytes)   

Golffies

2018-11-02 10:07

manager   ~0005639

Test report:

1. Tested URL: https://test.cacert.org

2. Hyperlink to GDPR visible in the footer of the main page with the label "EU-EEE-DataProtectionDeclaration".

3. Clicking on that link opens in the same window the page titled "PrivacyEU-EEE-DataProtectionDeclaration".
That page lists 7 languages, whom 4 of them make actually a GDPR declaration available.

4. Clicking on "english" opens in the same window the page titled "Data Protection Declaration for Users in EU & EEA". That page actually contains a declaration of CACert in regards of its users' rights and CACert's obligations under the general data protection regulation.

5. Coming back to the page titled "Data Protection Declaration for Users in EU & EEA" and then clicking on "česky" or "deutsch" directs in a similar way to the same declaration translated into theses respective languages.

6. Coming back to the page titled "Data Protection Declaration for Users in EU & EEA" and then clicking on "italiano" directs in a similar way to the same declaration partially translated into Italian, part of the declaration being displayed in English still.

7. Coming back to the page titled "Data Protection Declaration for Users in EU & EEA" and then clicking on "Български" or "français" or "nederlands" directs to empty pages (populated either by the generic message "This page does not exist yet." either by a message "translation to be completed").

8. Conclusion : the patch works like it should work. Additional work have to be done for completing translations of the GDPR declaration, but this is not what the patch is involved in.

9. Tested with Firefox Quantum 63.


Miscellaneous : that test report was written as a matter of exercise for me, in order to find in the future a trade-off between the quality of software testing required by CACert's policy and the quantity of work it requires from tester. Here, it might happen that the amount of paperwork coming with the patch acceptance far exceeds the quantity of work for writing the patch itself.

May it be enough for a second confirmation test by someone else to states that the same behaviour would have been observed, without more details? I hope so, in order to save time of the next tester.

GuKKDevel

2018-11-02 11:02

updater   ~0005640

if the new diff (https://bugs.cacert.org/view.php?id=1440#c5632; EU-EEE-DataProtectionDeclaration to EU-EEA-DataProtectionDeclaration) is installed, the wiki-page(s) must be renamed:
PrivacyEU-EEE-DataProtectionDeclaration to PrivacyEU-EEA-DataProtectionDeclaration

L10N

2018-11-05 23:43

reporter   ~0005656

The following links are now changed:
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/CZ
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/DE
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/EN
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/FR
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/NL
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/IT
including the internal links on the top of each page.

GuKKDevel

2018-11-06 10:54

updater   ~0005659

L10N proposed to solve bug-1423 i the same test as bug-1440;

Wenn du gerade den Datenschutzlink auf der Cacert.org Seite änderst,
könntest du gleich eine Zeile darüber bei de Sponsorenlogos beim Open
Network Architecture Logo den Link zu
http://www.openarchitecturenetwork.org/ entfernen?

Das Netzwerk existiert nicht mehr und der Link wird zu einer Bank in
Singapur umgeleitet, zu der CAcert keine Beziehung hat. Somit wäre
https://bugs.cacert.org/view.php?id=1423 auch gerade gelöst.

The branch is created and updated

sss

2019-09-21 15:44

reporter   ~0005839

tested on:
mozilla firefox 69.0.
i do not have wiki account yet.
certificate requested on click (but looks like it does not requested anymore after i logged in to mantis).
i do not see problem in certificate requesting, but if anonymous access to this page must be provided, in case of not providing login certificate page should be displayed too.

sss

2019-09-21 15:46

reporter   ~0005840

i have logged out from mantis and retry test, certificate does not requested anymore.

sss

2019-09-21 15:48

reporter   ~0005841

certificate requested again after browser restart, page works in both cases:
1. if i provide login certificate
2. if i decline and does not provide login certificate

SaT

2019-09-21 18:18

developer   ~0005842

Tested with FF 69.0 (64 bit) on Linux Mint 19.2. I have a Wiki account.
I startet FF and clicked the link, got a client certi dialog. I pressed ESC and got to the Wiki. Clicked "deutsch" and got to Datenschutzerklärung without more client cert dialog.
I restarted FF and clicked the link, this time I chose my certificate and got into the Wiki (login successful).
I restart FF a third time and opened the link as HTTP. The Wiki link is HTTPS, so it will always request a client cert.

I'm ok with this behaviour (as the privacy declaration can be accessed without certificate).
You could improve it only if the Wiki would allow HTTP and had no Strict-Transport-Security header.

SaT

2019-09-21 18:33

developer   ~0005843

Now tested on my LineageOS 14.1 phone (1080 x 1920). I have CAcert root certs installed.
First with FF 68.1.1: Works without client cert dialog, I get to the privacy declaration with 2 clicks.
Strange: Android browser shows the welcome page, but when I click the link it loads the Wiki, but does not display it. There is still the welcome page displayed.
I guess this is an Android/LIneageOS issue and no CAcert bug.

Ted

2019-10-02 19:26

administrator   ~0005849

So, I take this testreports that this procedure is acceptable. So now, reviews must be done (by the Software Assessors)...

egal

2021-04-05 17:38

administrator   ~0005973

review passed when using the code from test-server:
  <div id="siteInfo">
        <a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
        <a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> |
        <a href="https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration"><?=_("EU-EEA-DataProtectionDeclaration")?></a> |
        <a href="/index.php?id=51"><?=_("Mission Statement")?></a> | <a href="/index.php?id=11"><?=_("Contact Us")?></a> |
        ©2002-<?=date("Y")?> <?=_("by CAcert")?></div>
</div>

Ted

2021-04-11 14:31

administrator   ~0005978

Rebased bug-1440 to the current release branch.

Compared commits d328ebd6ad641a9caf4c80208a14d3b8f768edc0 (release) to cc57914d34e703c2abd085757bd91d9d6313e92e. The review is PASSED.

I noticed that https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/DE (and probably the translations as well) need an update to the new (swiss based) address of CAcert Inc, but this does not prevent the review.

Ted

2021-04-11 16:08

administrator   ~0005979

Patch request sent to critical team.

jandd

2021-04-12 07:41

administrator   ~0005980

@Ted where can I find a git branch containing commit cc57914d34e703c2abd085757bd91d9d6313e92e ? I would like to discuss how we do branching/releasing correctly and most importantly in a traceable manner in the future. Sending around individual patches may not be the best way to do this.

Ted

2021-04-12 16:10

administrator   ~0005981

Last edited: 2021-04-12 16:11

@jandd You can use "git show cc57914d34e703c2abd085757bd91d9d6313e92e" to get details on the commit (for example the branches where this commit is included),
you can usr "git checkout cc57914d34e703c2abd085757bd91d9d6313e92e" to get the code status after this commit, you can use it as one parameter for "git diff".

With Git Extensions you can explicitly search for the commit.

For github.com I did not find a way to easily search for a commit id (without knowing its branch)...

Does this answer your immediate question?

As I understand it, the commit id is one reliable mechanism to refer to a specific code state in git.
I'm very open to discuss alternatives to my current processes, but I guess this case is not the ideal place to do so... Should we try on cacert-devel@lists.cacert.org ?

jandd

2021-04-13 10:09

administrator   ~0005982

I just was not aware that searching for commit ids does not work on github. https://github.com/CAcertOrg/cacert-devel/compare/bug-1440 shows the change. Sorry for the noise :-)

git branch -a --contains cc57914d34e703c2abd085757bd91d9d6313e92e

showed me the relevant branch.

L10N

2023-09-15 21:59

reporter   ~0006190

at who it may concern: please close; it is implemented at cacert.org.

Issue History

Date Modified Username Field Change
2018-05-24 21:33 GuKKDevel New Issue
2018-05-24 21:55 GuKKDevel Assigned To => GuKKDevel
2018-05-24 21:55 GuKKDevel Status new => fix available
2018-05-24 21:55 GuKKDevel Note Added: 0005590
2018-10-30 20:27 Ted Note Added: 0005623
2018-10-30 20:27 Ted Assigned To GuKKDevel => Ted
2018-10-30 20:27 Ted Status fix available => needs review & testing
2018-10-30 22:23 Ted Note Added: 0005625
2018-10-30 22:23 Ted Note Edited: 0005625
2018-10-31 06:54 GuKKDevel Note Added: 0005627
2018-10-31 13:43 GuKKDevel Note Added: 0005629
2018-10-31 22:59 L10N Note Added: 0005630
2018-10-31 23:12 L10N Note Added: 0005631
2018-10-31 23:34 GuKKDevel File Added: diff-bug-1440-bug-1440
2018-10-31 23:34 GuKKDevel Note Added: 0005632
2018-11-01 05:16 GuKKDevel Summary link to EU-EEE-DataProtectionDeclaration => link to EU-EEA-DataProtectionDeclaration
2018-11-01 05:16 GuKKDevel Description Updated
2018-11-01 05:18 GuKKDevel Tag Attached: legal requirement
2018-11-02 10:07 Golffies Note Added: 0005639
2018-11-02 11:02 GuKKDevel Note Added: 0005640
2018-11-05 23:43 L10N Note Added: 0005656
2018-11-06 10:54 GuKKDevel Note Added: 0005659
2018-11-06 10:57 GuKKDevel Relationship added related to 0001423
2019-09-21 15:44 sss Note Added: 0005839
2019-09-21 15:46 sss Note Added: 0005840
2019-09-21 15:48 sss Note Added: 0005841
2019-09-21 18:18 SaT Note Added: 0005842
2019-09-21 18:33 SaT Note Added: 0005843
2019-10-02 19:26 Ted Status needs review & testing => needs review
2019-10-02 19:26 Ted Note Added: 0005849
2021-04-05 17:38 egal Note Added: 0005973
2021-04-05 17:38 egal Reviewed by => egal
2021-04-11 14:31 Ted Note Added: 0005978
2021-04-11 14:31 Ted Reviewed by egal => egal, Ted
2021-04-11 16:08 Ted Status needs review => ready to deploy
2021-04-11 16:08 Ted Note Added: 0005979
2021-04-12 07:41 jandd Note Added: 0005980
2021-04-12 16:10 Ted Note Added: 0005981
2021-04-12 16:10 Ted Note Edited: 0005981
2021-04-12 16:11 Ted Note Edited: 0005981
2021-04-13 10:09 jandd Note Added: 0005982
2023-09-15 21:59 L10N Note Added: 0006190
2023-09-16 12:07 jandd Status ready to deploy => solved?
2023-09-16 12:07 jandd Resolution open => fixed
2023-09-16 12:07 jandd Assigned To Ted => jandd
2023-09-16 12:07 jandd Status solved? => closed