View Issue Details

IDProjectCategoryView StatusLast Update
0001440Main CAcert Websitesource codepublic2019-10-02 19:26
ReporterGuKKDevelAssigned ToTed 
PriorityimmediateSeverityblockReproducibilityN/A
Status needs reviewResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0001440: link to EU-EEA-DataProtectionDeclaration
Descriptionwe need a link to the EU-EEA-DataProtectionDeclaration
Tagslegal requirement
Reviewed by
Test Instructions

Relationships

related to 0001423 needs reviewTed Link to an Asian Loan Bank 

Activities

GuKKDevel

2018-05-24 21:55

updater   ~0005590

https://github.com/CAcertOrg/cacert-devel/compare/release...GuKKDevel:bug-1440

Ted

2018-10-30 20:27

administrator   ~0005623

The target link is https://wiki.cacert.org/Privacy/EU-EEE-DataProtectionDeclaration

The pages in the WiKi were created by Etienne, with some help of others.

I asked Megan (our current Privacy Officer) for a statement, she confirmed that at least the english text is acceptable.

Sent a Mail to Etienne asking about the current status, and his opinion on access restrictions on these pages.

Ted

2018-10-30 22:23

administrator   ~0005625

Last edited: 2018-10-30 22:23

View 2 revisions

The fix is now installed on https://test.cacert.org and ready for testing.

GuKKDevel

2018-10-31 06:54

updater   ~0005627

did a short test.
irritating is that a certificate is asked for.
after giving one - connected with an account- , I am logged in to the wiki and the page is shown

cancel the certificate question the wikipage is shown

question:
can we at a later time integrate this pages into our online-directory?
or at least is the writing access to this wikipages restricted?

GuKKDevel

2018-10-31 13:43

updater   ~0005629

tested with kubuntu 18.04 and firefox.
same behavior with win10 and chrome
same behavior with win10 and opera

different behavior win10 and firefox there was no question for certificate

L10N

2018-10-31 22:59

reporter   ~0005630

tested with Vivaldi 2.0 on Lubuntu 16.04 LTS
it tells something about invalid certs, if I accept to proceed to an unsure site it works.
If Vivaldi works this way, Chrome and Chromium will probabely as well.

L10N

2018-10-31 23:12

reporter   ~0005631

Can the text of the link be changed from EU-EEE-DataProtectionDeclaration to EU-EEA-DataProtectionDeclaration?
(This is a typo in the wiki URL, as EEA is the European Economic Area) - apperas the text on pootle and can be corrected an translated there?

GuKKDevel

2018-10-31 23:34

updater   ~0005632

did the source change

diff-bug-1440-bug-1440 (1,000 bytes)
diff --git a/includes/general_stuff.php b/includes/general_stuff.php
index 891c4bf..9aca9ef 100644
--- a/includes/general_stuff.php
+++ b/includes/general_stuff.php
@@ -135,7 +135,7 @@ if(!function_exists("showfooter"))
   <div id="siteInfo">
        <a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
         <a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> |
-        <a href="https://wiki.cacert.org/Privacy/EU-EEE-DataProtectionDeclaration"><?=_("EU-EEE-DataProtectionDeclaration")?></a> |
+        <a href="https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration"><?=_("EU-EEA-DataProtectionDeclaration")?></a> |
         <a href="/index.php?id=51"><?=_("Mission Statement")?></a> | <a href="/index.php?id=11"><?=_("Contact Us")?></a> |
        &copy;2002-<?=date("Y")?> <?=_("by CAcert")?></div>
 </div>
diff-bug-1440-bug-1440 (1,000 bytes)

Golffies

2018-11-02 10:07

updater   ~0005639

Test report:

1. Tested URL: https://test.cacert.org

2. Hyperlink to GDPR visible in the footer of the main page with the label "EU-EEE-DataProtectionDeclaration".

3. Clicking on that link opens in the same window the page titled "PrivacyEU-EEE-DataProtectionDeclaration".
That page lists 7 languages, whom 4 of them make actually a GDPR declaration available.

4. Clicking on "english" opens in the same window the page titled "Data Protection Declaration for Users in EU & EEA". That page actually contains a declaration of CACert in regards of its users' rights and CACert's obligations under the general data protection regulation.

5. Coming back to the page titled "Data Protection Declaration for Users in EU & EEA" and then clicking on "česky" or "deutsch" directs in a similar way to the same declaration translated into theses respective languages.

6. Coming back to the page titled "Data Protection Declaration for Users in EU & EEA" and then clicking on "italiano" directs in a similar way to the same declaration partially translated into Italian, part of the declaration being displayed in English still.

7. Coming back to the page titled "Data Protection Declaration for Users in EU & EEA" and then clicking on "Български" or "français" or "nederlands" directs to empty pages (populated either by the generic message "This page does not exist yet." either by a message "translation to be completed").

8. Conclusion : the patch works like it should work. Additional work have to be done for completing translations of the GDPR declaration, but this is not what the patch is involved in.

9. Tested with Firefox Quantum 63.


Miscellaneous : that test report was written as a matter of exercise for me, in order to find in the future a trade-off between the quality of software testing required by CACert's policy and the quantity of work it requires from tester. Here, it might happen that the amount of paperwork coming with the patch acceptance far exceeds the quantity of work for writing the patch itself.

May it be enough for a second confirmation test by someone else to states that the same behaviour would have been observed, without more details? I hope so, in order to save time of the next tester.

GuKKDevel

2018-11-02 11:02

updater   ~0005640

if the new diff (https://bugs.cacert.org/view.php?id=1440#c5632; EU-EEE-DataProtectionDeclaration to EU-EEA-DataProtectionDeclaration) is installed, the wiki-page(s) must be renamed:
PrivacyEU-EEE-DataProtectionDeclaration to PrivacyEU-EEA-DataProtectionDeclaration

L10N

2018-11-05 23:43

reporter   ~0005656

The following links are now changed:
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/CZ
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/DE
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/EN
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/FR
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/NL
https://wiki.cacert.org/Privacy/EU-EEA-DataProtectionDeclaration/IT
including the internal links on the top of each page.

GuKKDevel

2018-11-06 10:54

updater   ~0005659

L10N proposed to solve bug-1423 i the same test as bug-1440;

Wenn du gerade den Datenschutzlink auf der Cacert.org Seite änderst,
könntest du gleich eine Zeile darüber bei de Sponsorenlogos beim Open
Network Architecture Logo den Link zu
http://www.openarchitecturenetwork.org/ entfernen?

Das Netzwerk existiert nicht mehr und der Link wird zu einer Bank in
Singapur umgeleitet, zu der CAcert keine Beziehung hat. Somit wäre
https://bugs.cacert.org/view.php?id=1423 auch gerade gelöst.

The branch is created and updated

sss

2019-09-21 15:44

reporter   ~0005839

tested on:
mozilla firefox 69.0.
i do not have wiki account yet.
certificate requested on click (but looks like it does not requested anymore after i logged in to mantis).
i do not see problem in certificate requesting, but if anonymous access to this page must be provided, in case of not providing login certificate page should be displayed too.

sss

2019-09-21 15:46

reporter   ~0005840

i have logged out from mantis and retry test, certificate does not requested anymore.

sss

2019-09-21 15:48

reporter   ~0005841

certificate requested again after browser restart, page works in both cases:
1. if i provide login certificate
2. if i decline and does not provide login certificate

SaT

2019-09-21 18:18

reporter   ~0005842

Tested with FF 69.0 (64 bit) on Linux Mint 19.2. I have a Wiki account.
I startet FF and clicked the link, got a client certi dialog. I pressed ESC and got to the Wiki. Clicked "deutsch" and got to Datenschutzerklärung without more client cert dialog.
I restarted FF and clicked the link, this time I chose my certificate and got into the Wiki (login successful).
I restart FF a third time and opened the link as HTTP. The Wiki link is HTTPS, so it will always request a client cert.

I'm ok with this behaviour (as the privacy declaration can be accessed without certificate).
You could improve it only if the Wiki would allow HTTP and had no Strict-Transport-Security header.

SaT

2019-09-21 18:33

reporter   ~0005843

Now tested on my LineageOS 14.1 phone (1080 x 1920). I have CAcert root certs installed.
First with FF 68.1.1: Works without client cert dialog, I get to the privacy declaration with 2 clicks.
Strange: Android browser shows the welcome page, but when I click the link it loads the Wiki, but does not display it. There is still the welcome page displayed.
I guess this is an Android/LIneageOS issue and no CAcert bug.

Ted

2019-10-02 19:26

administrator   ~0005849

So, I take this testreports that this procedure is acceptable. So now, reviews must be done (by the Software Assessors)...

Issue History

Date Modified Username Field Change
2018-05-24 21:33 GuKKDevel New Issue
2018-05-24 21:55 GuKKDevel Assigned To => GuKKDevel
2018-05-24 21:55 GuKKDevel Status new => fix available
2018-05-24 21:55 GuKKDevel Note Added: 0005590
2018-10-30 20:27 Ted Note Added: 0005623
2018-10-30 20:27 Ted Assigned To GuKKDevel => Ted
2018-10-30 20:27 Ted Status fix available => needs review & testing
2018-10-30 22:23 Ted Note Added: 0005625
2018-10-30 22:23 Ted Note Edited: 0005625 View Revisions
2018-10-31 06:54 GuKKDevel Note Added: 0005627
2018-10-31 13:43 GuKKDevel Note Added: 0005629
2018-10-31 22:59 L10N Note Added: 0005630
2018-10-31 23:12 L10N Note Added: 0005631
2018-10-31 23:34 GuKKDevel File Added: diff-bug-1440-bug-1440
2018-10-31 23:34 GuKKDevel Note Added: 0005632
2018-11-01 05:16 GuKKDevel Summary link to EU-EEE-DataProtectionDeclaration => link to EU-EEA-DataProtectionDeclaration
2018-11-01 05:16 GuKKDevel Description Updated View Revisions
2018-11-01 05:18 GuKKDevel Tag Attached: legal requirement
2018-11-02 10:07 Golffies Note Added: 0005639
2018-11-02 11:02 GuKKDevel Note Added: 0005640
2018-11-05 23:43 L10N Note Added: 0005656
2018-11-06 10:54 GuKKDevel Note Added: 0005659
2018-11-06 10:57 GuKKDevel Relationship added related to 0001423
2019-09-21 15:44 sss Note Added: 0005839
2019-09-21 15:46 sss Note Added: 0005840
2019-09-21 15:48 sss Note Added: 0005841
2019-09-21 18:18 SaT Note Added: 0005842
2019-09-21 18:33 SaT Note Added: 0005843
2019-10-02 19:26 Ted Status needs review & testing => needs review
2019-10-02 19:26 Ted Note Added: 0005849