• Advisory
• AMinutes20080105

Minutes Management Sub-Committee meeting 20080105

Present: teus, iang, evaldo. 20:00 to 22:50

Dispute resolution

• Need a name for the role.
  • Teus likes Dispute Resolution Coordinator: agreed, propose on policy
  • Teus name needs to go on organigram
  • arbitration list needs to be added on organigram
• List of Arbitrators
  • check list, 20 or so names
  • inform and ack members of the list, after tuesday.
  • email list creation is now done, password held by Teus, iang. Shall we change it?
• experiences with recent batch of Arbitrations
  • case manager
  • ask Greg for comments?
• update wiki with handled cases (Greg Rose) is done, had wiki problems
• ticketing system
  • having the virtual machine / virtual server allocated

  • http://bestpractical.com/rt/

  • this is the one that Freenode uses
  • its one of the best around
  • my proposal: Evaldo to set some ticket systems on his server and we choose what is best
  • requirements

    • progress & alarm

    • privacy: public page but private comments, change access rights
    • compatibility with support system
    • access control to read tickets, support for multiple queues (support, arbitration, ...)
    • consider other application such as the OA request tracking

Assurance

• CATS
  • sysadm / data access
    • resolved by giving Bernhard the MySQL access controls.
    • we still need an additional sysadm

    • evaldo to check with Bernhard about sysadm

  • CATS has been launched to main group
  • paper certs / PII storage problem
    • do request for PII at the end, not at the beginning?
    • there is no need to log it

    • msc20080106.1: User name, email & address data is not to be stored in the CATS database. This may mean for example that the information is gathered after the test, and mailed out to Poster + Assurer.

  • education maillist password reset, now held by Bernhard, Jens, Teus, iang.
• long debate on the privacy/public status of serial numbers in certs
  • Rasika reports that as they can be used to track people, they "are PII" according to some views.
  • yet they are probably public, as they are in certs meant to be delivered to others
  • need to establish a workable rule
  • move debate to policy group
• OA
  • Nld: first org is assured via teus/board decision;

    • one case has been CAcert board: Mercy4All.

    • board approved and acted as Org Assurer
    • need still exists for NL OA's
    • Teus has proposed that Oophaga and/or Teus be NL assurers, board is considering?

    • can Assurers be companies/organisations?

  • US
    • Greg S, no reply

    • question from RayJ in Col (sysadm who is a replacement for Adam

    • Cal, some connection? others?
  • who is oversighting the OA area?
    • ask JP some time.
    • who would we want for this?
  • another application for the ticketing system
• Assurance Policy needs review and feedback from policy list
  • only posted last week, so too early for much feedback
  • need list of changes to think about
  • vigourous debate about the requirement to add the email address to Assurance
• Code-signing policy
  • seems to be getting closer to consensus on policy group
  • needs abstract of discussion
  • writing up in Policy
  • income base for for-profit packages?

• Assurance promulgation plan now on wiki RolloutCommunityAgreement

  • because of NL move, not a high priority

  • iang to mail systems & marketing groups.

• CCA is entering final race to POLICY
  • 9th of January

  • teus to remind policy group

• 3rd wip of 3pv-DaL for vendors is in circulation
  • let's not drown out the policy group on this at the current time.

  • mention 3pv-DaL to pg who requested it earlier; iang

  • Teus asked about recursive distribution arrangements, noted in wip
• assurer mark for challenge passed assurers.
  • ask for this in the system as short term internal marketing to get Assurers to do the Challenge

  • Evaldo to file bug

• suggest that policy mailgroup be managed by M-SC and that trailer message be changed to highlight important votes in progress.

  • msc20080106.2 m-sc to manage the policy maillist directly, ask for password.

Systems

• Nld move / Philipp. Missing reports (also tonight?)
  • USB link cable asked for, unsure which in first request, now clarified
  • USB software exists in library form?
• and Rudi's (time commitment problems),
• create systems cmtee? (need input from Evaldo)
  • defer the creation until NL move
  • need solid starting point.
  • current situation is hopeless as a position to start from.
• alternate plan C: "project cachaça"
  • researching locations
• admin team: Daniel, Ted, ...
• bill to CAcert
  • Teus + Evaldo: should bill for 6 months.
  • to be submitted.
• request from philipp to do check on OCSP/CRL people?
  • not clear what check is required

  • evaldo to outline concerns in email to m-sc

House Style

• balls in air, defer
  • new logo incorporation
  • new style in web pages
  • new style development for wiki, blog
  • advertisement handling (google, text ref, buttons, logo's)
  • cert button

Admin

• organigram
  • Evaldo needs the file resent
• we need overview of decisions taken:
  • AGM, M-SC, Cmtee,

  • see DecisionNumbers

• policy proposals and running threads (multiple names, email poll, code signing, US subpolicy, assurance policy, ....
  • maybe we should track the policies with a tracking system as well!
• Wiki pages need updates....(new postbox address, wiki page widows, ...)

  • teus to write and ask about DocOffr Sebastian helping there

  • more people helping on the wiki?

Audit

• Complete criteria DRC-A set is now inserted into SVN, for PHP scripting
  • demo done of the test.php for browsing / searching
  • code is very simple, not well developed.
• Request to non-critical team for a TLS/cert login website like CATS (please, pretty please).

  • msc20080106.3 set up an account on existing webserver alongside CATS.

    • can get SSH to upload the data.
    • once set up, ask Philipp to allocate domain
    • Evaldo to create the cert.
• understanding/workplan for auditor
  • teus to respond to audit proposal
  • difficulties already apparent in NLnet agreement as phase 1 completion / phase 2 start requires move + dual.

  • teus to talk to ggr, outline the auditor's opinion.

• security manual
  • can now signal to external contractor that the money is approved by NLnet

  • teus: need to negotiate something, some understanding is needed

  • question: is Pat external to CAcert or "one of the community" ?

Committee meetings

• schedule (3 month period) committee (board) meeting to wrap up decisions taken
  • to get the decisions into the wiki page.
  • Teus + Evaldo to chase the board
• AGM minutes on desktop of Evaldo. Need review.
  • Teus to post to board.......