Open eCard Development Center: Issueshttps://dev.openecard.org/https://dev.openecard.org/favicon.ico?16330801422013-03-30T12:40:01ZOpen eCard Development Center
Redmine Open eCard - Bug #212 (Closed): NoScript Firefox add-on reports XSS attempt: "Eine verdächtige An...https://dev.openecard.org/issues/2122013-03-30T12:40:01ZAndreas Kuckartz
<p>This at least needs to be documented so that the user knows what is happening and what can be done.</p> Open eCard - Bug #179 (Rejected): Users need to be made aware of serious errorshttps://dev.openecard.org/issues/1792013-03-12T08:40:24ZAndreas Kuckartz
<p>Currently even serious errors such as "Internal TLS error, this could be an attack" are hidden in the log. There is no such info visible in the user interface. This is important for security and other reasons.</p> Open eCard - PartnerIssue #177 (Closed): "Login Test" on https://eid.services.ageto.net/eid/ fail...https://dev.openecard.org/issues/1772013-03-09T09:59:06ZAndreas Kuckartz
<p>The "Login Test" on this page seems to access a URL starting with "http://localhost:24727/eID-Client?tcTokenURL=https....":<br /><a class="external" href="https://eid.services.ageto.net/eid/">https://eid.services.ageto.net/eid/</a></p>
<p>But it does not activate the Open eCard client. Instead I see this error in Chromium after clicking on "Start eID":</p>
<p>"Keine Daten empfangen<br />Die Webseite kann nicht geladen werden, da der Server keine Daten gesendet hat.<br />Vorschläge:<br />Laden Sie diese Webseite später erneut.<br />Fehler 324 (net::ERR_EMPTY_RESPONSE): Server hat die Verbindung geschlossen. Es wurden keine Daten gesendet."</p>
<p>Who is responsible for this problem, server or client ?</p> Open eCard - Bug #165 (Closed): Oracle Java security riskshttps://dev.openecard.org/issues/1652013-01-11T19:10:18ZAndreas Kuckartz
<p>Several organisations including the BSI have today recommended deactivating Java. This is the second time in a few months that this happened due to an unresolved grave Oracle Java security issue.</p>
<p>It is therefore necessary to think about methods to protect Open eCard users and the software against such issues.</p> Open eCard - Bug #162 (Closed): Accessing nikolaus page with httpshttps://dev.openecard.org/issues/1622013-01-03T12:18:20ZAndreas Kuckartz
<p>Accessing these URLs results in errors:<br /><a class="external" href="https://www.openecard.org/nikolaus">https://www.openecard.org/nikolaus</a><br /><a class="external" href="https://www.openecard.org/jnlp">https://www.openecard.org/jnlp</a><br />(No errors using http instead of https)</p>
<p>Fehler: Gesicherte Verbindung fehlgeschlagen</p>
<p>Ein Fehler ist während einer Verbindung mit <a class="external" href="http://www.openecard.org">www.openecard.org</a> aufgetreten.</p>
<p>Der OCSP-Server hat unerwartete/ungültige HTTP-Daten geliefert.</p>
<p>(Fehlercode: sec_error_ocsp_bad_http_response)</p>
<p>Die Website kann nicht angezeigt werden, da die Authentizität der erhaltenen Daten nicht verifiziert werden konnte.<br />Kontaktieren Sie bitte den Inhaber der Website, um ihn über dieses Problem zu informieren. Alternativ können Sie auch die Funktion im Hilfe-Menü verwenden, um diese Website als fehlerhaft zu melden.</p> Open eCard - Feature #153 (Rejected): Install web conferencing softwarehttps://dev.openecard.org/issues/1532012-10-29T16:00:49ZAndreas KuckartzOpen eCard - Feature #146 (Rejected): Provide AppArmor policyhttps://dev.openecard.org/issues/1462012-10-13T10:23:11ZAndreas Kuckartz
<p>This is relevant for some users of Linux distributions, Ubuntu in particular.</p> Open eCard - Feature #145 (Rejected): Provide SELinux policyhttps://dev.openecard.org/issues/1452012-10-13T10:19:54ZAndreas Kuckartz
<p>This is relevant for some users of Linux distributions.</p> Open eCard - Feature #144 (Rejected): Debian: support debsig-verifyhttps://dev.openecard.org/issues/1442012-10-13T10:10:41ZAndreas Kuckartz
<p>debsig-verify helps to verify signatures for a Debian format package</p> Open eCard - Feature #141 (Closed): Debian packageshttps://dev.openecard.org/issues/1412012-10-04T10:57:07ZAndreas Kuckartz
<p>The Debian packages will also be upstream for other Linux-distributions based on Debian. These include not only Ubuntu but many more Linux distributions (<a class="external" href="http://www.debian.org/misc/children-distros">http://www.debian.org/misc/children-distros</a>).</p>
<p>Some quality criteria which I consider to be important for all packages:</p>
<ul>
<li>Should comply with the Debian Policy (<a class="external" href="http://www.debian.org/doc/debian-policy/">http://www.debian.org/doc/debian-policy/</a>)</li>
<li>Should be "Lintian clean". Lintian is a tool which can check for Debian Policy violations. The current version of Lintian should not report errors or warnings for a package (<a class="external" href="http://lintian.debian.org/">http://lintian.debian.org/</a>)</li>
<li>Should fullfill criteria of "Debian main": A main condition is that there are no dependencies from proprietary packages such as Oracle Java. Dependencies from OpenJDK are ok. Another potential issue might be dependencies from proprietary card reader drivers. (See also <a class="external" href="http://xkcd.com/797/">http://xkcd.com/797/</a> :-)</li>
</ul>
<p>While no new packages will be accepted into the upcoming release 7.0 (Debian Wheezy) one aim will be to get our packages included with the Debian release 8.0 (Debian Jessie).</p>