View Issue Details

IDProjectCategoryView StatusLast Update
0000876Main CAcert Websitewebsite contentpublic2013-01-15 15:02
ReporteredgarwahnAssigned ToNEOatNHNG 
PriorityimmediateSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version 
Target VersionFixed in Version2010 Q4 
Summary0000876: NRP-DaL to be removed immediately
DescriptionMessage from IanG:
The policy group decision was pretty damning:

     "Further, that Non-related Parties - Disclaimer and Licence be withdrawn entirely and immediately, fully effective on finalisation of this motion. The purpose of the NRP-DaL is entirely replaced by the RDL."

I would think that linking to this document is a secondary issue. The document will also be linked to by many wiki and SVN pages, being our second tier documentation. And, also many other sources tertiary and below.

All these have to be cleaned up, sure. But that doesn't change the priorities. NRP-DaL to be withdrawn *entirely and immediatly*.
Additional InformationRemove the file /www/policy/NRPDisclaimerAndLicence.php from the source tree.

If possible send an email to some admin, including http referrer (to be able to fix links to that page over time) and display a decent error message. If not possible in short time, remove the file entirely.
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0000829 closededgarwahn NRP-DaL to be removed from website, replaced by RDL 
related to 0000941 needs workUli60 Policy Repository Migration 

Activities

edgarwahn

2010-10-07 08:00

developer   ~0001735

Removed the file from cacert-devel repository, pushed to cacert1.

http://cacert1.it-sls.de/policy/NRPDisclaimerAndLicence.php

Looks ok for me, so here is the first Ack for release.

edgarwahn

2010-10-07 08:33

developer   ~0001739

File replaced with an explanatory text and link to RDL.

edgarwahn

2010-10-07 08:33

developer   ~0001740

Reviewed, Ack to be released.

Uli60

2010-10-07 10:49

updater   ~0001741

About CAcert.Org
  + Policies

https://cacert1.it-sls.de/policy/
NRP-DaL is still on the Menu list
 * NRPDisclaimerAndLicence.php

 click on this link results in
"The document "Non Related Persons - Disclaimer And Licence" was replaced by the Root Distribution Licence, which can be found here. "
  thats ok
"can be found here" link
redirects to https://cacert1.it-sls.de/policy/RootDistributionLicense.php
this is ok.

Main website https://cacert1.it-sls.de/
lists the RDL, thats ok. Link works. Ok

Community Agreement https://cacert1.it-sls.de/policy/CAcertCommunityAgreement.php links:
NRP-DaL is named, but doesn't include links.

Root Certificate - page
links to RDL directly. Ok.

Join - no occurance of RDL or NRP-DaL

Add Email - no occurance of RDL or NRP-DaL
Create Client Cert - no occurance of RDL or NRP-DaL
Add Domains - no occurance of RDL or NRP-DaL
Add Server Cert - no occurance of RDL or NRP-DaL

So all seems to be ok ... except the menu link under Policies

edgarwahn

2010-10-07 11:19

developer   ~0001742

Regarding:

https://cacert1.it-sls.de/policy/ [^]
NRP-DaL is still on the Menu list
 * NRPDisclaimerAndLicence.php

As the file contents was replaced by the explanatory text + link to RDL, the FILE itself still exists. The index.php script placed in /policy/ just takes all file names als generates the link list automatically.

We can just ignore this, remove the NRP-DaL entirely or add the file name to an exclude list within the index script.

Uli60

2010-10-07 22:01

updater   ~0001746

in original bug filing it is reading
     "Further, that Non-related Parties - Disclaimer and Licence be withdrawn entirely and immediately, fully effective on finalisation of this motion. The purpose of the NRP-DaL is entirely replaced by the RDL."

I would think that linking to this document is a secondary issue.

thats one sidenote by the author .... I'm reading it as "if its too difficult to push the patch thru" ... but currently we've reached the essential milestone ... to push patches from Software-Assessment to Crititical Team ... so therefor this link has to be removed too ...

"NRP-DaL to be withdrawn *entirely and immediatly*."
is the goal ... leaving things open ... is one more point we have to check
again and again ... and users complaining again and again ...
remove all links also if its possible ... und removing the link is possible ...
so why leaving this link open ?!?

edgarwahn

2010-10-08 07:02

developer   ~0001748

Added filter to index.php to prevent NRP-DaL from being displayed when accessing www.cacert.org/policy.
The "sorry, page has gone look there" page is still there if the policy is accessed directly.

So no broken link, license is not displayed any longer. Still existing links in webdb, wiki and external sources can be fixed when found without a need to hurry.

Tested, looks good, so Ack from my side to put to live.

edgarwahn

2010-10-08 07:03

developer   ~0001749

Site note: the new text is not translated right now, needs to be pushed to translingo.

Uli60

2010-10-08 10:22

updater   ~0001750

http://cacert1.it-sls.de/policy/ no longer lists NRP-DaL
great ;)

direct link (from possible other sources)
http://cacert1.it-sls.de/policy/NRPDisclaimerAndLicence.php
displays link to the RDL. Link works.

so from my side, problem is solved.

edgarwahn

2010-10-15 08:59

developer   ~0001752

patch: git diff 5b265ec9f26db9fcc24cf8e6f596117403f3cd78..c6ed18141161adf6b17ea07d9c6a8eeb37f6eaa1

NEOatNHNG

2010-11-12 00:28

administrator   ~0001781

I've made some improvements:

- We don't need any dynamic content in this page so I stripped all PHP (this is also how it's done in the other policies)
- I fixed the HTML markup (missing opening html and body tags as well as missing header)

Changes available in branch bug-876, last commit 96448c95722cb358edc37ced9c70dc146dd5ad35 (will be in cacert-devel.git as soon as I'm able to push there)

NEOatNHNG

2010-11-12 09:00

administrator   ~0001782

OK, pushed and added to the test server. Please review and test.

Andreas Baess

2010-11-12 09:51

developer   ~0001783

I have found that NRP is mentioned on the following pages which need to be changed:

https://cacert1.it-sls.de/policy/CAcertCommunityAgreement.php

It may be also on capnew.php but I can't test this on the test system because of a missing logo (will open a seperate bug ticket for that)

NEOatNHNG

2010-11-12 10:19

administrator   ~0001784

Last edited: 2010-11-13 17:31

This is something the policy group has to do. In the WIP version of the document it already has been changed ( https://svn.cacert.org/CAcert/Policies/Agreements/CAcertCommunityAgreement.html ) but it has to be voted to draft and approved by the board to become policy. So we can't fix that one. capnew.php would be a different story.

Uli60

2010-11-15 17:17

updater   ~0001785

Results from visiting the website w/o login:
---------------------------------------------
Policies lists http://cacert1.it-sls.de/policy/

CAcert Policies
    * AssurancePolicy.php
    * CAcertCommunityAgreement.php
    * CertificationPracticeStatement.php
    * DisputeResolutionPolicy.php
    * OrganisationAssurancePolicy.php
    * PolicyOnPolicy.php
    * RootDistributionLicense.php

Thats as expected.

Direct link from an outdated document (like the CCA, capnew) ends on
http://cacert1.it-sls.de/policy/NRPDisclaimerAndLicence.php
as expected with a redirect link to new RDL
http://cacert1.it-sls.de/policy/RootDistributionLicense.php
Thats as expected.

Results from visiting the website w/ login:
---------------------------------------------
cannot find any link to NRP-DaL nor RDL
eg issue new cert doesn't include CCA agreement request and therefor no
link to NRP-DaL or RDL
Assure someone has no links to NRP-DaL or RDL
so this is out of scope of this bug#

Uli60

2010-11-15 17:33

updater   ~0001786

remark to comment (0001783)
capnew.php will no longer supported.
probably removal candidate.
There are known problems with the create pdf routine.
Design is somewhat complicated in the assurance process.
AP 4.5 - assurer has to check following points:
The CAcert Assurance Programme (CAP) form requests the following details of
each Member or Prospective Member:
 1. Name(s), as recorded in the on-line account;
 2. Primary email address, as recorded in the on-line account;
 3. Secondary Distinguishing Feature, as recorded in the on-line account
   (normally, date of birth);
 4. Statement of agreement with the CAcert Community Agreement;
 5. Permission to the Assurer to conduct the Assurance (required for privacy
   reasons);
 6. Date and signature of the Assuree.

The CAP form requests the following details of the Assurer:
 7. At least one Name as recorded in the on-line account of the Assurer;
 8. Assurance Points for each Name in the identity document(s);
 9. Statement of Assurance;
10. Optional: If the Assurance is reciprocal, then the Assurer's email address
   and Secondary Distinguishing Feature are required as well;
11. Date, location of Assurance and signature of Assurer.

On cap.php points 1-6 are in order top down except 2/3 and 4/5 switched
points 7-11 are all in the Assurers box

capnew.php has splitted Assurees part into 2 blocks 1-3 and 4-6
The Assurers part is arranged over all parts of the capnew
7 assurer block, 8 assuree block, 9 + 10 again in assurer block, 11 splitted onto top of capnew (location), date + signature into assurer block

so cap.php is more a straight top-down process conducted by AP.
capnew.php includes the possibility to add addtl. name variations on different ID doxs into the name fields, but there is no more a straight top-down logic within the cap form to follow AP points.

Uli60

2010-11-19 15:13

updater   ~0001789

Notifications to testteam sent by email
 * 2010-11-12 (english)
 * 2010-11-16 (english)
 * 2010-11-19 (german)

INOPIAE

2010-11-22 04:37

updater   ~0001793

I found no link on the main pages that can be reached over the menue in http://cacert1.it-sls.de/index.php without and with login.
But I discovered the following:
On https://cacert1.it-sls.de/policy/CAcertCommunityAgreement.php the NRP is mentioned but not linked.
ON https://cacert1.it-sls.de/policy/CertificationPracticeStatement.php there is the link COD4 that points to the NRPDisclaimer

NEOatNHNG

2010-11-23 15:42

administrator   ~0001794

@INOPIAE

But apart from that everything is OK, right?

Those two pages are policies and can only be fixed in the policy group, as clarified above.

NEOatNHNG

2010-11-23 15:58

administrator   ~0001795

Note to Software Assessors:

My changes still need review. Patch of the whole changes can be shown by doing

$ git diff your_name_for_cacert-devel/release your_name_for_cacert-devel/bug-876

Where your_name_for_cacert-devel is replaced with the remote alias you have chosen for cacert-devel.git (if you cloned from it it's "origin" by default). Make sure you have the latest changes ("git fetch your_name_for_cacert-devel").

To only show the changes I have done:

$ git show d385b7b2647355444a08b3b7f16924dc106f8a34

edgarwahn

2010-11-23 16:08

developer   ~0001796

Looks ok for me, code "adds" the removal of all dynamic php and renders the document as 100% static content.

NEOatNHNG

2010-11-23 16:19

administrator   ~0001797

Mail sent to Critical Admins

pemmerik

2010-11-23 23:10

reporter   ~0001798

Last edited: 2010-11-23 23:11

Looked ad all the links, For the Add ... links: did not actially Finnish the Add action.

There are still some references to the NRP-DaL from the Policy's, and some links (COD4) from http://cacert1.it-sls.de/policy/CertificationPracticeStatement.php:

http://cacert1.it-sls.de/policy/CAcertCommunityAgreement.php
5. "Non-Related Person" ("NRP"), being someone who is not a Member, is not part of the Community, and has not registered their agreement. Such people are offered the NRP-DaL another agreement allowing the USE of certificates.
6. "Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"), another agreement that is offered to persons outside the Community.

1.1 Agreement
....
Your agreement is effective from the date of the first event above that makes this agreement known to you. This Agreement replaces and supercedes prior agreements, including the NRP-DaL.

http://cacert1.it-sls.de/policy/CertificationPracticeStatement.php
1.3.5. Other participants
....
Non-Related Persons (NRPs). These are users of browsers and similar software who are unaware of the CAcert certificates they may use, and are unaware of the ramifications of usage. Their relationship with CAcert is described by the Non-related Persons - Disclaimer and Licence (COD4). No other rights nor relationship is implied or offered.

COD4 => http://www.cacert.org/policy/NRPDisclaimerAndLicence.php

1.6. Definitions and acronyms
Non-Related Persons. ("NRPs") are general users of browsers and similar software. The NRPs are generally unaware of CAcert or the certificates that they may use, and are unaware of the ramifications of usage. They are not permitted to RELY, but may USE, under the Non-Related Persons - Disclaimer and Licence (COD4).

4.5.2.b Who may rely
....
NRPs may not rely. If not related to CAcert by means of an agreement that binds the parties to dispute resolution within CAcert's forum, a person is a Non-Related-Person (NRP). An NRP is not permitted to rely and is not a Relying Party. For more details, see the NRP - Disclaimer and Licence (COD4).

9.7. Disclaimers of Warranties
Persons who have not accepted the above Agreements are offered the Non-Related Persons - Disclaimer and Licence (COD4). Any representations and warranties are strictly limited to nominal usage. In essence, NRPs may USE but must not RELY.

9.8.1 Non-Related Persons
CAcert on behalf of related parties (RAs, Subscribers, etc) and itself disclaims all liability to NRPs in their usage of CA's certificates. See COD4.

http://cacert1.it-sls.de/policy/DisputeResolutionPolicy.php
2.2 Preliminaries
....
Any parties that are not Users and are not bound by the CPS are given the opportunity to enter into CAcert and be bound by the CPS and these rules of arbitration. If these Non-Related Persons (NRPs) remain outside, their rights and remedies under CAcert's policies and forum are strictly limited to that specified in the Non-Related Persons -- Disclaimer and Licence. NRPs may proceed with Arbitration subject to preliminary orders of the Arbitrator.

Question:
RDL states:
THIS LICENSE SPECIFICALLY DOES NOT PERMIT YOU TO RELY UPON ANY CERTIFICATES ISSUED BY CACERT INC. IF YOU WISH TO RELY ON CERTIFICATES ISSUED BY CACERT INC, YOU MUST ENTER INTO A SEPARATE AGREEMENT WITH CACERT INC.

RDL does not state NRP's may use cert from CAcert as did the NRP-DaL,
is the permission tu Use stated somewhere else?

NEOatNHNG

2010-11-24 08:53

administrator   ~0001799

@pemmerik:
I think the permission to copy also means that you may decode and verify it which is enough to use it, but that's something that belongs to the policy group ( cacert-policy@lists.cacert.org ). Also all pointers from other policies to the NRP-DaL have to be fixed by the policy group.

If you repeat your request there you will probably get an answer.

wytze

2010-11-29 16:50

developer   ~0001810

Applied fix to production system and committed it to CVS.
See https://lists.cacert.org/wws/arc/cacert-systemlog/2010-11/msg00002.html

Andreas Baess

2010-11-29 19:35

developer   ~0001811

Issue is closed as change is applied to production site.

Issue History

Date Modified Username Field Change
2010-10-06 14:19 edgarwahn New Issue
2010-10-06 14:20 edgarwahn Relationship added related to 0000829
2010-10-07 08:00 edgarwahn Note Added: 0001735
2010-10-07 08:33 edgarwahn Note Added: 0001739
2010-10-07 08:33 edgarwahn Note Added: 0001740
2010-10-07 10:49 Uli60 Note Added: 0001741
2010-10-07 11:19 edgarwahn Note Added: 0001742
2010-10-07 22:01 Uli60 Note Added: 0001746
2010-10-08 07:02 edgarwahn Note Added: 0001748
2010-10-08 07:03 edgarwahn Note Added: 0001749
2010-10-08 10:22 Uli60 Note Added: 0001750
2010-10-15 08:59 edgarwahn Note Added: 0001752
2010-11-12 00:28 NEOatNHNG Note Added: 0001781
2010-11-12 09:00 NEOatNHNG Note Added: 0001782
2010-11-12 09:51 Andreas Baess Note Added: 0001783
2010-11-12 10:19 NEOatNHNG Note Added: 0001784
2010-11-13 17:31 NEOatNHNG Note Edited: 0001784
2010-11-15 17:17 Uli60 Note Added: 0001785
2010-11-15 17:33 Uli60 Note Added: 0001786
2010-11-19 15:13 Uli60 Note Added: 0001789
2010-11-22 04:37 INOPIAE Note Added: 0001793
2010-11-23 15:42 NEOatNHNG Note Added: 0001794
2010-11-23 15:58 NEOatNHNG Note Added: 0001795
2010-11-23 16:07 NEOatNHNG Status new => needs work
2010-11-23 16:07 NEOatNHNG Assigned To => NEOatNHNG
2010-11-23 16:08 edgarwahn Note Added: 0001796
2010-11-23 16:08 NEOatNHNG Status needs work => needs feedback
2010-11-23 16:19 NEOatNHNG Note Added: 0001797
2010-11-23 23:10 pemmerik Note Added: 0001798
2010-11-23 23:11 pemmerik Note Edited: 0001798
2010-11-24 08:53 NEOatNHNG Note Added: 0001799
2010-11-29 16:50 wytze Note Added: 0001810
2010-11-29 16:52 wytze Resolution open => fixed
2010-11-29 17:16 NEOatNHNG Status needs feedback => solved?
2010-11-29 19:35 Andreas Baess Note Added: 0001811
2010-11-29 19:35 Andreas Baess Status solved? => closed
2011-06-19 16:12 NEOatNHNG Source_changeset_attached => cacert-devel release d385b7b2
2011-06-19 16:46 NEOatNHNG Source_changeset_attached => cacert-devel release 01fd34e2
2011-06-19 16:46 NEOatNHNG Source_changeset_attached => cacert-devel release d385b7b2
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release 01fd34e2
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release d385b7b2
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 01fd34e2
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 96448c95
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release d385b7b2
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release d407985f
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 8561bf19
2013-01-10 10:48 Werner Dworak Relationship added related to 0000941
2013-01-15 15:02 Werner Dworak Fixed in Version => 2010 Q4