View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001308||Main CAcert Website||source code||public||2014-09-25 11:37||2014-10-03 07:49|
|Priority||urgent||Severity||minor||Reproducibility||have not tried|
|Product Version||2014 Q3|
|Target Version||2014 Q3|
|Summary||0001308: Mail regarding error message sent to wrong recipient|
|Description||When there is a problem while generating a certificate the user gets a message displayed and a mail is to one developer.|
The recipient should be firstname.lastname@example.org and critical admins.
|Additional Information||includes\general.php line 648|
|Tags||No tags attached.|
|Test Instructions||see https://bugs.cacert.org/view.php?id=1308#c5037|
||I pushed the fix to https://github.com/INOPIAE/CAcert/commit/bfcd949d1d08dda439a64ea336dec1fd6878353d|
New fix with change of sender address available at:
Why should it go to critical and support? Either certificate issues are a support case (what they are not without the user asking support from my point of view) or they are a critical team issue. But why should it be both?
What will be archieved by providing both teams with this kind of sensible data automatically?
To test: the signer on the test server needs to be stopped.
Test to create and renew each type of certificate
Comment to 5036
In the discussion between criticals, support and software it was decided to send the mail to both teams (critical and support) so both teams are informed about the problem.
The data transmitted contains only the type of certificate that failed and the serial number of the certificate. This information is valuable for both teams for early diagnosis and support case handling.
I triggered a mail, and the mail got sent out to email@example.com
I do not see why support needs this information. Support should only get active when triggered by a user who mentiones a problem. The user can give support all the required information, if needed, as the user gets the mail.
I also do not see, why critical team should get such a mail, as critical team should check the log regularly, anyway.
Especially if we send unencrypted mails I do not see how we would improve the security by this, which is the only reason to send personal identifiable information like serial numbers to other members.
|2014-09-25 11:37||INOPIAE||New Issue|
|2014-09-25 11:37||INOPIAE||Assigned To||=> INOPIAE|
|2014-09-25 11:54||INOPIAE||Note Added: 0005030|
|2014-09-25 11:54||INOPIAE||Assigned To||INOPIAE => BenBE|
|2014-09-25 11:54||INOPIAE||Status||new => fix available|
|2014-09-28 14:33||INOPIAE||Note Added: 0005034|
|2014-09-30 20:11||Eva||Note Added: 0005036|
|2014-09-30 20:12||INOPIAE||Note Added: 0005037|
|2014-09-30 20:13||INOPIAE||Test Instructions||=> see https://bugs.cacert.org/view.php?id=1308#c5037|
|2014-09-30 20:15||BenBE||Source_changeset_attached||=> cacert-devel testserver-stable b6510d1f|
|2014-09-30 20:15||INOPIAE||Source_changeset_attached||=> cacert-devel testserver-stable 8df3cb21|
|2014-09-30 20:15||INOPIAE||Source_changeset_attached||=> cacert-devel testserver-stable bfcd949d|
|2014-09-30 20:30||INOPIAE||Note Added: 0005039|
|2014-09-30 20:38||felixd||Note Added: 0005040|
|2014-09-30 21:25||BenBE||Source_changeset_attached||=> cacert-devel testserver-stable d1f414b2|
|2014-09-30 21:25||INOPIAE||Source_changeset_attached||=> cacert-devel testserver-stable 107e96ed|
|2014-10-01 04:57||Eva||Note Added: 0005041|