View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001265 | Main CAcert Website | misc | public | 2014-04-08 15:30 | 2014-09-02 20:54 |
Reporter | NEOatNHNG | Assigned To | BenBE | ||
Priority | immediate | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2014 Q2 | ||||
Target Version | 2014 Q2 | Fixed in Version | 2014 Q2 | ||
Summary | 0001265: Notification about Heartbleed OpenSSL bug to members | ||||
Description | According to Arbitration a20140408.1 [1] we should notify "all current members, who have either have had an active server-certificate since 2011-12-01 or have activated the "general announcement"-flag." [1]: https://wiki.cacert.org/Arbitrations/a20140408.1 | ||||
Tags | No tags attached. | ||||
Reviewed by | NEOatNHNG, BenBE | ||||
Test Instructions | |||||
|
lll@s.d General Announcements true Language: germany no orgs Server Cert => OK ttt@s.d org Server Certs revoked Server certs Language: english General Announcements false => OK 50.feb14@a.c org Server Certs General Announcements false Language: french => OK 15.feb14@a.c General Announcements false Language: Dansk no server certs => OK 20.feb14@a.c General Announcements true Language: German no server certs => OK ==> OK test done |
|
I have written the mail script and executed it on the test server. It probably takes until 4:00 UTC to complete. Please review and set up some test accounts so we can do a final test run. |
|
The basic combinations are: - no reason for mail -> should get no mail - some kind of S(erver)-Cert, no announcement set -> should get 1 mail - no S(erver)-Cert, announcement set -> should get 1 mail - some kind of S(erver)-Cert, announcement set -> should get 1 mail Also: - If language DE, than mail in DE (if at all) - else, mail in EN (if at all) There are a lot of combinations possible, especially if one checks every other possible influence (kind of server cert, all possible combinations of announcements...) But in general those 4 mail combinations and the 2 language combinations should not be influenced by anything else or each other, so to test one of each of those categories should theoretically lead to no different answer, than if all possible subcategorie-combinations would be tested. At least if one consideres the nature of the script, there is no reason to believe, that other than the needed fields would be even looked at. At least if it passes the review. I currently cannot free the time to test all possible sub-combinations. (all kinds of Certs, revoked and expired, annoucement, EN) KatziAdm@cacert.org EN revoked and expired C and active Org S exp and revoked Org C all announcement EN-Mail -> OK (S certs, announcement, DE) obelix@acme.com DE C, S abgelaufen exp ORg S abg all announcement EN+DE-Mail -> OK (only annoucement) KatziTest1@cacert.org EN C revoked + expired no S, Org all announcement EN-Mail -> ok (only S-Cert as reason) 50.feb14@acme.com FR org S, no other no announcements EN-Mail -> ok (no reason) 15.feb14@a.c EN no certs no annoucnement no mail -> ok overall: OK I currently cannot free the time to test all possible sub-combinations. The most important ones were covered at least once. Not covered by this test is if the time restriction, that it will not be send to members because of server certificates that expired before Dez 2011. It is not possible to find according accounts in the huge amount of text accounts we have, in a sensible time frame. And it is not possible to fake those dates. To get the mail out has to be considered to be urgend. So I hope that this test can be considered to be enough. It covers the basic combinations. (update: checked the mail for the DE acc again - did not see the DE mail below the EN one, previously, even as it was there.) |
|
Comment of Arbitrator of a20140408.1: I only ruled about who should get informed by the script. As long as the persons who should get the mail provided by Arbitration get it either in EN or in their chosen language I consider my ruling met. The same goes for the greetings. I would accept a personal that usese the entries from the account or one that is the same for everybody. (As it was in the template provided from Arbitration.) It is up to software team to decide if/when those conditions are met. |
|
Mailing script reviewed: Review OK. Some minor changes in the text have been done, which should get a short OK from A or CM of a20140408.1 - otherwise ready to go. |
|
only text changes, looks ok |
|
The script has been installed on the production server on April 9, 2014. See also https://lists.cacert.org/wws/arc/cacert-systemlog/2014-04/msg00003.html Execution of the script has been started on April 9, 2014, 10:45 CEST. Final results will be reported after completion of the script run. |
|
After running the script for some 28 hours, we are probably only still somewhere halfway (over 90.000 mails have been sent, userid is around 164000). Sending out these mails at a rate of 1 mail/second is too slow with our current membership numbers I'm afraid. While this limitation of 1 msg/second was needed in the past due to the rather modest capacity of the old webserver, the new server is mostly idling under such a load. So I've taken the liberty to increase the sending rate to 10 msgs/second, by adding a "if ($count % 10 == 0)" in front of the sleep(1). After this speed up, the sending process completed on April 10 at 18:37 CEST. |
|
The script has been running from April 9, 10:45 until April 10, 18:37 CEST. A total of 168977 messages has been sent out, for a total userid base of 290146 entries. According to the postfix mail statistics, a total of 170213 e-mails were sent during this period (including regular webdb service mails). For 22414 e-mails out of these delivery problems were reported. At this moment (April 11, 11:30 CEST) there are still some 3700 e-mails queued for possible delivery later (the regular queue size is more like 50 - 100 e-mails). For future mass-mailings like this, it is recommended to increase the sending rate from 1 msg/second to 10 msg/second, so the available server resources are used better and the mailing can complete within a number of hours rather than days. |
Date Modified | Username | Field | Change |
---|---|---|---|
2014-04-08 15:30 | NEOatNHNG | New Issue | |
2014-04-08 15:30 | NEOatNHNG | Assigned To | => NEOatNHNG |
2014-04-08 15:31 | NEOatNHNG | Status | new => needs work |
2014-04-09 01:35 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 7a291246 |
2014-04-09 01:35 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable b4584939 |
2014-04-09 01:35 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 165628b7 |
2014-04-09 01:35 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 0331f388 |
2014-04-09 01:35 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable b5da37ca |
2014-04-09 01:35 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 13aa009d |
2014-04-09 01:40 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 3638be04 |
2014-04-09 01:40 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 26a30db1 |
2014-04-09 03:05 | MartinGummi | Note Added: 0004697 | |
2014-04-09 03:05 | MartinGummi | Note Edited: 0004697 | |
2014-04-09 03:35 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 71f46c65 |
2014-04-09 03:35 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 8db0a228 |
2014-04-09 03:37 | NEOatNHNG | Reviewed by | => NEOatNHNG |
2014-04-09 03:37 | NEOatNHNG | Note Added: 0004698 | |
2014-04-09 03:37 | NEOatNHNG | Assigned To | NEOatNHNG => BenBE |
2014-04-09 03:37 | NEOatNHNG | Status | needs work => needs review & testing |
2014-04-09 06:39 | Eva | Note Added: 0004699 | |
2014-04-09 06:40 | Eva | Note Edited: 0004699 | |
2014-04-09 06:48 | Eva | Note Edited: 0004699 | |
2014-04-09 06:57 | Eva | Note Added: 0004700 | |
2014-04-09 07:02 | Eva | Note Edited: 0004699 | |
2014-04-09 07:23 | Eva | Note Edited: 0004699 | |
2014-04-09 07:33 | BenBE | Reviewed by | NEOatNHNG => NEOatNHNG, BenBE |
2014-04-09 07:33 | BenBE | Note Added: 0004701 | |
2014-04-09 07:33 | BenBE | Priority | urgent => immediate |
2014-04-09 07:33 | BenBE | Status | needs review & testing => needs testing |
2014-04-09 07:37 | MartinGummi | Note Edited: 0004697 | |
2014-04-09 07:40 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 7013a435 |
2014-04-09 07:40 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable e5c83c7a |
2014-04-09 07:45 | MartinGummi | Note Added: 0004702 | |
2014-04-09 07:45 | MartinGummi | Status | needs testing => ready to deploy |
2014-04-09 09:01 | wytze | Note Added: 0004703 | |
2014-04-09 09:01 | wytze | Note Edited: 0004703 | |
2014-04-11 09:43 | wytze | Note Added: 0004713 | |
2014-04-11 09:51 | wytze | Note Added: 0004714 | |
2014-04-11 09:51 | wytze | Status | ready to deploy => solved? |
2014-04-11 09:51 | wytze | Fixed in Version | => 2014 Q2 |
2014-04-11 09:51 | wytze | Resolution | open => fixed |
2014-09-02 20:54 | INOPIAE | Status | solved? => closed |