NOTA BENE - WORK IN PROGRESS - Your Inputs & Thoughts
To Brain CAcert Inc. - CAcert.org Members Association - To Brain CAcert Inc. Committee Meeting Agendas & Minutes - last meeting - next meeting
Agenda - Committee Meeting 2010-01-03 - 21:00 UTC
1 Preliminaries
- 1.1 Chair opens the Committee Meeting
1.2 Accept the Minutes of the last Committee Meeting
- 1.3 Ratify the Motions made since the last Committee Meeting
2 Businesses - Important Note: Acceptance of Businesses 48 Hours before beginning of Committee Meeting latest!
2.1 Arbitration added by Iang
- Current status, report of Arbitrator's activity and recommendations for retirement.
Appointment of new DRO, including m20091226.1. straw poll also on private Arbitration list.
2.2 Support - added by Iang
- Report - OTRS, Training...
Motions on new Support Engineers - m20091224.3 m20091224.2 m20091224.1
2.3 AGM - added by Iang
- Consideration of Finance draft
Text main report. notes have covered main Board archive.
Request to team leaders and prior board members.
2.4 Membership Nomination(s) - added by Iang
- as received by secretary
2.5 Software Assessment - added by Iang
as discussed last time, progress update on m20091220.2
2.6 Domain Management, DNS + OCSP - added by Iang
confirm DNS + OCSP to critical team m20091231.1
- as discussed on board list, how we manage the domain
2.7 Assurance Plan for 2010 - added by Iang
- Spring Tour, Oz
2.x Business X - added by YourName - Comment: Replace "Business Five" by Title of Business and add your Name
Additional Inputs - Comment: Replace "Additional Inputs"by Description of Business, Description of Reason-Why/Purpose, Additional Comments, Additional Documents, Additional Links, if useful for other Committee Members to prepare for Committee Meeting.
- et cetera
3 Question Time - Important Note: Questions from CAcert.org Community Members can be added until beginning of Committee Meeting! As well questions can be asked at "Question Time", without added Question here
3.1 "Question One" added by YourName - Comment: Replace "Question One" by Your Question and add your Name
- et cetera
4 Closing
4.1 Confirm next Committee Meeting: Usually every 1st & 3rd Sunday of the month, 2100 UTC.
- 4.2 Chair closes the Committee Meeting
- 4.3 Preparation of Minutes
Minutes - Committee Meeting 2010-01-03
- Present: Nick, Philipp, Ernestine, Andreas, Guillaume, Iang.
- Apologies: Mark.
1 Preliminaries
- 1.1 21:03 Nick took the chair and opened the meeting. Apologies from Mark were recognised.
1.2 Nick moved that the minutes of the last Committee Meeting be approved. Philipp seconded, Ayes from Philipp, Iang, Nick, Guillaume, Ernie, Andreas. Chair declares the motion carried as m20100103.1.
- 1.3 No motions had closed since the last meeting, all open ones were recognised in the agenda.
2 Business
2.1 Arbitration
- 21:07 iang entered prepared notes, verbatim:
On the question of the background of DRO, 2 non-committee members and PD opined that the person should be an experienced Arbitrator, and probably active. I'm told 2 Arbitrators also said the same thing on the Arbitration list.
There was some discussion on how to choose or vote for the DRO on the Arbitration list, but no consensus emerged (apparently, I'm not on that list).
I suggest that there are two possible contenders: Ulrich and Lambert. Ulrich has more time and has done good work on the inside sorting out blockages, Lambert has more long-term experience with Arbitration, and also has a number of tough cases to his record.
I suggest Lambert because Lambert is only involved in Arbitration, and is not likely to pick up other work outside that domain. So let's use his experience where we can.
In contrast, Ulrich is involved in many other things, and there are big projects coming up this year that we want him on. So although he has done good work in Arbitration, I suggest we don't reward it by spreading him too thin, and instead reduce his role so as to free up time for other things.
- Discussion opened. Philipp confirmed that the comments were an accurate picture of the Arbitration list discussion.
- Nick preferred Ulrich because he was been doing most of the work of the DRO already.
Philipp suggested Lambert. But Ulrich to me is a fixer. He is the goto guy to fix big problems. He has helped with a lot of those and I hope he will do so in future. Concerned about spreading him too thinly.
- Guillaume suggested a co-chair.
- Nick asked if Lambert had been asked, Iang confirmed that he had been asked and was prepared to accept the role.
iang moved, that Lambert Hofstra be appointed as Dispute Resolution Officer, and further resolved that Nick Bebout's resignation is accepted, and he is thanked for efforts. Andreas Seconded, 6 ayes. Chair declared the motion carried as m20100103.2.
- iang mentioned some interim results of activity checks on Arbitrators, but asked whether we could ask Lambert to recommend resignations next meeting? Agreed.
2.2 Support
- 21:22 iang entered prepared notes, verbatim:
Three ABCs were completed on members Wolfgang, Martin, Michael. These are proposed to board for appointment as SEs. Some preliminaries are done, I am waiting on close of votes and confirmation, hopefully in this meeting. I have abstained on the vote.
This will also mean I need to bring in new Triage people in the next few weeks. One issue we have is too much German-ness. We need to cover other time-zones and languages.
The team has tried out a ticketing system called OTRS as set up by Mario, and has requested that the email address support@co now be copied across to OTRS so that we can do live testing with our real incoming support events. At least one of the proto-SEs has substantial experience in ticketing systems.
I have been using the fiddle system to do some basic testing of the training and documentation. It is a bit early to conclude because the software is a bit alpha and the user-interaction model needed changing. My intention is to broaden the questions as much as I can, and then create a formal Support Challenge through CATS. Then, I'll write the SE requirement that the proto-SE must have passed that Challenge.
As I say, this is an intention, it might take months to build up sufficient questions, and it is a moving target. So far I have 41, whereas the Assurance Challenge has a database of around 100 questions for a test of 25.
Nick moves that, Wolfgang, Martin, and Michael be appointed as Support Engineers. Ayes from Nick, iang, Philipp, Ernie. Abstains: Andreas, Guillaume. Chair declared the motion(s) carried, 4 Ayes, 2 Abstentions, as m20091224.3, m20091224.2, m20091224.1
2.3 AGM
- 21:30 Meeting welcomed the draft of the financial report.
- Iang mentioned comments sent, Ernie confirmed they were incorporated.
- Iang mentioned that Audit Budget still maintained some open amounts and according to general funding regimes, these should be spent, and a report submitted to funder.
- Iang mentioned he would write a report from Auditor.
- Ernie questioned this, asking if there was a current auditor.
- Iang said, no, there is no current auditor, this is the ex-auditor writing about the period in question.
- Andreas asked what the value is, and whether there is new information. Iang responded that it was for "completeness" and would just be a summary of previously published information.
some discussion that auditor's budget at AuditBudget are not part of the financial report because that budget is not reflected in the bank account statements.
- Ernie asked whether anyone else had read the financial report?
- Andreas, Philipp, Nick, confirmed they had read it.
- Discussion on when the figures become "final". Ernie points out that the figures should be presented to the members before the AGM.
- Philipp says "Now!"
Iang mentioned that it has been established over the last year that directors are directly responsible for the figures. They can't wave the responsibility over to the FCO or anyone. Although this situation is complicated, because we might or might not be able to take full responsibility for the last board.
- Andreas says that as we are the board in charge, we have to take the responsibility.
- Iang mentions that our view that the figures are final is different to accepting responsibility for the actions.
Philipp moves that, "resolve to approve the Financial Statement to be presented at the AGM as last sent by the Treasurer to the Board on 2010-01-03@3:57 CET." Nick seconds, all in favour. Chair declares the motion carried as m20100103.3
- Iang notes that errors can be corrected, Ernie states yes, but the members have to be notified.
- Discussion moved to setting a date for the AGM
- Saturday was agreed, following a doodle straw poll with 17 (Friday 10, Saturday 13).
- possibilities are 24th, 30th and 6th of Feb.
- 24th is ruled out as no time to submit rule changes.
- 30th gives only one week. Andreas notes that people are still on vacation. Iang notes that 1 week will be tight for discussion, but there has been plenty of warning.
Nick moves to call the AGM for Saturday, January 30th. All in favour. Chair declares it carried as m20100103.4.
- Iang introduced the topic of the main report. Entered verbatim:
Main report: I have summarized most of the board list traffic of the period FY08/09 into this page: AGM/AGM200911xx/notes Also see some comments about uncertain topics on the private list.
Team leaders (Events, Critical, Education) have made 3 reports here: AGM/TeamReports. I suggest we just add them in as is.
Members have also put in some personal reports here: AGM/MembersReport2009 I don't see an issue with adding them in as well.
- Who is to write the report?
- Iang indicated his time was limited.
- Andreas mentioned he is busy with business.
- Ernestine has done the finance part. Mentions that a native English speaker is best.
- Discussion produced no volunteers, agreed to defer the topic.
2.4 Memberships
- 22:04 Philipp presented a list of four membership applications from: Martin Schulze, Wolfgang Kasulke, Millis Miller, Gero Treuner.
Nick moved that they be admitted as members of the association. Andreas seconds, all in favour. Chair declares the motion carried as m20100103.5.
2.5 Software Assessment
- 22:06 iang reported he had talked to Philipp Guering earlier in the day:
Philipp G reports he has sent out invitations and questions, and received no replies. He also thinks that software assessment isn't the problem area, but rather it is software development. There aren't enough patches being offered.
- (Dirk confirmed that he had received a message from Philipp G that day but had no time to reply.)
- Andreas says that we need developers for patches.
the motion m200901220.2 was read into the meeting.
Request to propose new Software Assessment team members
That, the board is of the opinion that more software assessment members are needed, and, requests the Software Assessment Team Leader to propose new members (Dirk Astrath, Markus Warg, Bernhard Froehlich and Alexander Prinsier) for addition to the Software Assessment Team, and asks that ABCs be requested as soon as possible.
- Discussion opened.
- Iang describes background: that the the software assessment area is not well developed, and this limits the number of patches/developers. We need to boost up capability to deal with incoming patches. Lack of developers isn't the problem, or if it was, we have had years to fix it.
- Some discussion on what "as soon as possible" means.
- Iang suggests Board request the ABCs. They can be done in parallel, and even if the person is not eventually accepted into the team, ABCs work for other teams.
- Ernie disagrees, we have to wait for their answer.
- Philipp adds that Motion requests adding more software assessment members, where as Team Leader says the problem is lack of developers.
- Philipp suggests asking again, with more emphasis, including a deadline.
- Andreas says we have policies and we should stick to them.
Iang mentions that software assessment has been criticised as not following Security Policy. However it has been suggested that now is not the time to be over-bearing on filing disputes about that ... because we are likely to re-build that entire area.
- What then to do about the motion?
- Andreas says it is a motion and it is underway.
- Ernie says to wait until the responses come in.
- Philipp asks whether we need to place this before the next board.
- Iang suggests that we overturn the motion, which would leave it for the next board.
- Philipp suggests the motion is not being followed.
- Ernie views it as a normal association issue, we have to wait.
- Philipp worries that the next board will forget the issue.
- Iang says this is unlikely because there is a new team of developers forming, and they are of the consensus that software assessment is a blocking situation.
- Iang suggests that leaving this to a new board effectively overturns the motion.
- Topic concluded with no action, and no motion proposed.
2.6 Domain Management, DNS + OCSP
22:35 Nick moves that, DNS + OCSP be moved to the critical team m20091231.1
- Philipp suggests Naye, and cannot see a good reason for it.
- OCSP and DNS are mentioned as typical attacks to worry about.
- Philipp mentions that OCSP is not mentioned in CPS, therefore is not an issue.
- Iang mentions that Mozilla are trying to make OCSP standard. They have not succeeded as yet, but may well do so by the time it becomes important to us.
- some discussion as to whether and where DNS is a real risk.
- Philipp mentions that the current roots will not be in OCSP, and that this is not a high priority for the critical team. There are more important things to do.
- Iang mentions that the task is just one of their worklist, and now they have got to it. It has been there for a long time, but other things are more important.
Philipp re-moves the motion. Seconded, all in favour. Chair declares the motion carried as m20091231.1.
- Discussion moved to the domain. iang entered prepared notes, verbatim:
As reported on the board list, I took over the GKG account by using the Support@co email address to change the password. I guess GKG is the domain registry or the agent, located in Texas. I attempted to change the email addresses but the interface only permits one email address across all contacts so I moved it back to support@
questions: 1st. One is, who is to control this account? Is it the board or can we give this task to the critical systems team?
2nd. Is the current registry GKG an appropriate place? Although there is nothing wrong known, it seems to be a discount provider in the USA. There might be a benefit in finding an agent / registry that is more likely to defend from some attacks? And has a more serious attitude to security. (Discussions with Alexander did not reveal any immediate options.)
As I understood it, it was the sense of previous boards that the registry should be one located in Australia. But I do not know anything about their progress.
- Discussion opened.
- Philipp prefers to leave the situations exactly as is.
- discussion circulated on whether the registrant was a direct registrar, or a reseller. Consensus was that it should be a direct registrar, and that location was unimportant.
- Confirmed that GKG is a direct registrar with the TLD.
- Who is to control the account?
- Possibilities include board, critical systems team, iang, Support Team, infrastructure team?
- Ernie: responsibility of board, we can delegate.
- Philipp suggests delegation to critical team. It was delegated to support@co but should now be changed.
- iang suggests that the future auditor might want to see the board control it directly as a means of dual control over the DNS.
- Nick observes that this will help to avoid accidents.
- Philipp suggests that moving it to critical team meets our requirements for control because once under Security Policy there will be 4 eyes / dual control required.
- consensus established on this view.
Iang moved that, "resolved, that the cacert.org domain and others be kept with a direct registrar, and that the current Registrar GKG is sufficient for the time being, and further resolved that the Registrar Account is critical, and should be run by the critical team according to the full regime of Security Policy." Seconded by Philipp, all in favour. Chair declared the motion carried as m20100103.6.
2.7 Assurance Plan for 2010
- 23:13 iang entered prepared notes, verbatim:
The Assurance team is having preliminary discussions about its programme for 2010. So far, it looks like this:
February
Fosdem (Belgium) for ATE review and co-audit "test script" plan for 2010
April
Europe I == NL, B, F, GB, (CH), A
March-May
Australia == Canberra, Sydney, other big cities, if reachable
May
Germany (2 weeks)
June
Europe II == DK (Kopenhagen), S (Malmoe), E (Barcelona)
Planning for European events is located here: Events. Note that Assurance Team were given the mission last year to export to other countries; also see the Events and Education Team Reports earlier mentioned.
Australian Events: I have done some calculations. Based on discount flights and *early bookings* it is theoretically possible to cover the big cities for around $aud 1000 in flight costs. Without flight costs, I would be more limited to trips around Canberra / Sydney axis, and asking for favours (petrol/car etc).
Question for board: do we think that it is reasonable to break out a small budget of say $1000 for a sprint around Australia to do ATEs, etc?
In terms of planning, I generally would want some months to notify people in Australia and build up the support for this.
- Discussion opens.
- Nick says events in the US would be nice.
- General support for that, but people in the USA have to organise.
- Ulrich as Events Officer mentions that there are few contacts in USA to organise events. At Fosdem we will try to contact other European countries.
- Iang adds: Australia is the base for the association. And, the new Associations Act requires 3 Australian directors as well as Public Officer.
- Ernie states that $1000 is approx 15% of yearly income.
Andreas requests a clear proposal. Philipp points to the URL of flight costs, calls it clear.
- Andreas asks how many assurers we expect for this?
Iang says that the plan would be Adelaide, Perth, Melbourne, Sydney, Canberra, Hobart and some options.
- Iang says that it is not reasonable to prepare the plan in advance because it depends on discount flights and acceptance by people who can support the on-ground costs.
- Philipp polls for consensus again.
- Andreas opposes.
- Iang points out that a clear plan will cost 5 times as much because flights will be booked much later, after approval, so will be expensive.
- Philipp suggests $1000 will not make a difference.
- Ernie says $1000 is not small, it is 15%.
- Iang says that funding is too low, there is room for improvement.
- Ernie points out that USA people donate much more.
- Iang mentions absence of any alternative to find more Australian Directors. Guillaume supports this.
- Andreas mentions that funding is dependent on clear goals.
- Ernie mentions that reincorporation is an issue because we don't know how much it costs.
- Iang objects that reincorporation cannot be entered into the discussion because there is no motion nor discussion on it.
- Fundraising could be done. ATEs, etc.
- Nick asks what areas are intended to visit.
- Iang says it is deliberately left flexible because need to ask for local on-ground support. When local people agree, can then set up the visit to that city.
- But, cannot mail out requests without firm support and commitment to go.
- This is how it was done in the 2009 Spring Tour; mailouts were done widely, and those that agreed to help were added to the list. But each time, a general commitment was made first.
- Andreas calls this "money in the cloud."
- Ernie reminds that the income is finely balanced with the hosting costs.
Philipp observes the chicken&egg problem. You can't ask people to organize an ATE until you know you can get there. But the board won't approve getting there until it's all set up.
- Discussion about how to do budgets...
- Nick asks for a motion. Iang indicates he abstains.
- Guillaume asks whether fewer destinations can be done.
- Iang says yes, it is just easier to cast the net widely, and take the best.
- Iang says that although Australia is very large, most people live in around 8 cities. Cover them, you cover the country.
Philipp moves, that the board: resolves to earmark AUD1000 to provide a budget for flights for an Australian Spring ATE tour. Whenever final plans have been made they need to be ratified before moneys are finally allocated. Nick seconds. Nick and Philipp vote Aye. Iang, Andreas, Ernie, Guillaume Abstain. Chair declares the motion carried as m20100103.7.
- Philipp comments on abstentions.
- Ernie states that she will not say yes until we know more about re-incorporation.
- Iang considers that the board has not reached consensus.
- Discussion over another motion, not reached.
3 Question Time
- 00:00 Ulrich asks for US and AU members to help with Support.
- Iang points out that we need those members because of the timezones.
Andreas asks for an announcement in blog & mailing list
- Ulrich points out that this requires interviews, recruiting, knowing the person.
- Andreas points out that we are on the Internet and we have to get in touch first.
- Ulrich points out this is best done at ATEs.
- Andreas announces he will not stand for re-election at the AGM.
4 Closing
- 00:09. Chair closes the meeting.
Decisions Reached by Motion including Update since last Committee Meeting - Overview
m20091224.1 - Appoint Michael Tänzer as Support Engineer
m20091224.2 - Appoint Wolfgang Kasulke as Support Engineer
m20091224.3 - Appoint Martin Schulze as Support Engineer
m20091231.1 - Move DNS and OCSP to critical
m20100103.1 - Board moves to accept the Minutes of the previous meeting
m20100103.2 - DRO Appointment
m20100103.3 - Approval of Financial Statement
m20100103.4 - AGM 2010-01-30
m20100103.5 - New Members
m20100103.6 - Handling of cacert.org
m20100103.7 - AU Spring ATE Tour
Meeting Transcript
(22:00:00) ernie: hi all (22:00:11) andreasbuerki: hi and happy new year (22:00:27) GolfRomeo: Happy new year too (22:00:41) iang: hi all, happy new decade (22:01:07) ernie: also happy new year (22:01:22) nb: happy new year (22:01:50) GolfRomeo: iang : sorry decade is for 2011 :) (22:02:08) iang: oh :-( (22:02:27) GolfRomeo: iang : same story with 2000 & 2001 :) (22:02:38) PhilippDunkel [phidelta@77.117.113.12.wireless.dyn.drei.com] hat den Raum betreten. (22:02:46) nb: we are waiting on just mark now i think (22:02:51) nb: should we delay a few minutes? (22:02:54) iang: GolfRomeo: I'm with the majority there (22:03:02) iang: nb: Mark sends apologies on list (22:03:04) PhilippDunkel: Hi All (22:03:11) iang: he will not be here (22:03:13) PhilippDunkel: Mark wrote a mail saying he cannot make it (22:03:23) nb: oh ok (22:03:27) ***nb calls the meeting to order (22:03:35) nb: # 1.2 Accept the Minutes of the last Committee Meeting (22:03:40) PhilippDunkel heißt jetzt phidelta (22:03:55) onekopaka_laptop [onekopaka@c-76-121-249-193.hsd1.wa.comcast.net] hat den Raum betreten. (22:04:09) iang: https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20091220 (22:04:17) ***nb moves the minutes be approved (22:04:26) phidelta: Second, Aye (22:04:28) iang: seconded, and Aye (22:04:30) nb: ay (22:04:32) nb: aye (22:04:50) Cameron [Cameron@cpc1-oxfd14-0-0-cust182.oxfd.cable.ntl.com] hat den Raum betreten. (22:05:02) GolfRomeo: aye (22:05:04) ernie: aye (22:05:07) andreasbuerki: aye (22:05:08) doris [doris@85-127-116-45.dynamic.xdsl-line.inode.at] hat den Raum betreten. (22:05:16) nb: I declare the motion carried. (22:05:19) nb: # 1.3 Ratify the Motions made since the last Committee Meeting (22:05:44) iang: i don't think there are any that were not done in the previous meeting itself? (22:06:08) nb: should we delay this since the other pending motions are on this meetings agenda anyway? (22:06:13) nb: or just skip it i suppose (22:06:13) iang: yes (22:06:17) Cameron: Yes (22:06:34) nb: FYI for spectators, only board members are to speak in here until time for questions (22:07:01) nb: # (22:07:01) nb: 2.1 Arbitration added by Iang (22:07:01) nb: 1. Current status, report of Arbitrator's activity and recommendations for retirement. (22:07:01) nb: 2. (22:07:01) nb: Appointment of new DRO, including m20091226.1. straw poll also on private Arbitration list. (22:07:01) magu_: nb i accept this (22:07:50) phidelta: Ok, (22:07:58) ***nb wonders if u60 might want to say something? (22:08:08) nb: about item 2.1.1 (22:08:23) iang: nb: i have something to say about DRO ... prepared notes (22:08:28) nb: iang, ok (22:08:44) iang: On the question of the background of DRO, 2 non-committee members and PD opined that the person should be an experienced Arbitrator, and probably active. I'm told 2 Arbitrators also said the same thing on the Arbitration list. (22:08:44) iang: There was some discussion on how to choose or vote for the DRO on the Arbitration list, but no consensus emerged (apparently, I'm not on that list). (22:08:45) iang: I suggest that there are two possible contenders: Ulrich and Lambert. Ulrich has more time and has done good work on the inside sorting out blockages, Lambert has more long-term experience with Arbitration, and also has a number of tough cases to his record. (22:08:45) iang: I suggest Lambert because Lambert is only involved in Arbitration, and is not likely to pick up other work outside that domain. So let's use his experience where we can. (22:08:45) iang: In contrast, Ulrich is involved in many other things, and there are big projects coming up this year that we want him on. So although he has done good work in Arbitration, I suggest we don't reward it by spreading him too thin, and instead reduce his role so as to free up time for other things. (22:08:53) iang: (end) (22:09:51) nb: I think iang has valid points, but I suggest Ulrich because Ulrich has already been doing most of the work of DRO, and as such I think he would do a great job as DRO. (22:10:22) phidelta: I second those thoughts. Also I have been privy to the discussion on the Arb-List and would agree that this is an acurate picture (22:10:41) nb: phidelta, so you are suggesting lambert too? (22:10:47) phidelta: @NB: Yes. (22:11:14) ***nb does not oppose, but thinks giving the position to the person who's been basically doing the job anyway would be wiser (22:11:23) nb: does lambert want it? (22:11:28) iang: I think both of them would make admirable choices, both are very considered in their case work (22:11:28) ***nb has not heard (22:11:32) nb: iang, i agree (22:11:40) phidelta: @NB: I agree with your thoughts. But Ulrich to me is a fixer. He is the goto guy to fix big problems. He has helped with a lot of those and I hope he will do so in future. (22:11:46) nb: phidelta, true. (22:11:57) GolfRomeo: Can't we do a co-chair for DRO ? (22:12:03) nb: GolfRomeo, i don't see why not (22:12:05) phidelta: If we now heap every "Officerdom" on him for every area he has ever touched, we will spread him too thinly (22:12:09) nb: phidelta, true (22:12:32) phidelta: I would dislike co chairs (22:12:33) ernie: did somebody ask lambert if he will do eventually this job? (22:12:48) iang: indeed it might be the first time we've had this discussion ... two equally competent people for a very important role (22:12:55) phidelta: But I do assume that any future DRO will have the help of all arbitrators (including U60) anyhow. (22:13:04) phidelta: After all the DRO is just a "primus inter pares" (22:13:05) iang: Yes, I and u60 have discussed this with Lambert, and he is ok with it (22:13:18) nb: anyone want to make a motion? (22:13:19) iang: he also was worried about taking the job from Ulrich (22:13:22) andreasbuerki: aain, we first ned to know, if the candiadates are willing to to the job.... (22:13:25) Cameron: Can I join cacert (22:13:46) nb: Cameron, please remain quiet until after the meeting (22:14:00) iang: (cameron: ask on the main list, not here :) ) (22:14:09) phidelta: @NB (Re: Cameron I'm handling it) (22:14:15) nb: phidelta, oh ok (22:14:47) iang: andreasbuerki: Lambert is willing to do the job (22:14:49) andreasbuerki: so, Ulrich and Lambert, are you both willing to do the job? (22:15:11) iang: but he isn't here right now I see ... I talked to him earlier and he is doing DIY -- sandpapering (22:16:16) andreasbuerki: so, lets do a vote (22:16:27) nb: andreasbuerki, would you like to make a motion? (22:16:59) andreasbuerki: no need... go ahead (22:17:09) ***nb doesn't want to move to accept my own resignation (22:17:22) ***nb thinks we need a motion to accept my resignation as DRO and to appoint lambert (22:17:24) nb: but could be 2 motions (22:17:26) nb: if you want (22:17:26) iang: resolved, that Lambert Hofstra be appointed as Dispute Resolution Officer, and further resolved that Nick Bebout's resignation is accepted, and he is thanked for efforts. (22:17:37) nb: iang, sounds fine (22:17:42) andreasbuerki: second that (22:17:45) nb: AYE (22:17:47) iang: aye (22:17:49) andreasbuerki: aye (22:17:52) GolfRomeo: aye (22:17:54) ***nb doesn't think its a CoI to vote on that (22:17:54) ernie: aye (22:18:17) iang: no, that's not really a conflict :) (22:18:26) iang: or, it is, but it is clearly managed (22:18:29) nb: yeah (22:18:42) phidelta: Aye (22:18:47) nb: I declare the motion carried. (22:19:04) nb: anything else on arbitration? (22:19:30) Uli: FYI: right back on keyboard (22:19:48) iang: i have seen some interim notes from u60 on ping checks on Arbitrators (22:20:23) iang: But actually we may be can just now hand the problem across to Lambert to recommend resignations next meeting? (22:20:29) nb: iang, sounds fine to me (22:20:49) iang: ok, i will communicate that to him, if no objections. no formal motion needed i think (22:21:01) phidelta: @IanG Agreed (22:22:37) nb: 2.2 Support - added by Iang (22:22:37) nb: 1. Report - OTRS, Training... (22:22:37) nb: 2. (22:22:37) nb: Motions on new Support Engineers - m20091224.3 m20091224.2 m20091224.1 (22:23:02) iang: ok, my report: (22:23:04) iang: Three ABCs were completed on members Wolfgang, Martin, Michael. These are proposed to board for appointment as SEs. Some preliminaries are done, I am waiting on close of votes and confirmation, hopefully in this meeting. I have abstained on the vote. (22:23:05) iang: This will also mean I need to bring in new Triage people in the next few weeks. One issue we have is too much German-ness. We need to cover other time-zones and languages. (22:23:05) iang: The team has tried out a ticketing system called OTRS as set up by Mario, and has requested that the email address support@co now be copied across to OTRS so that we can do live testing with our real incoming support events. At least one of the proto-SEs has substantial experience in ticketing systems. (22:23:05) iang: I have been using the fiddle.it system to do some basic testing of the training and documentation. It is a bit early to conclude because the software is a bit alpha and the user-interaction model needed changing. My intention is to broaden the questions as much as I can, and then create a formal Support Challenge through CATS. Then, I'll write the SE requirement that the proto-SE must have passed that Challenge. (22:23:05) iang: As I say, this is an intention, it might take months to build up sufficient questions, and it is a moving target. So far I have 41, whereas the Assurance Challenge has a database of around 100 questions for a test of 25. (22:23:10) iang: (end) (22:24:23) ***nb moves that Wolfgang, Martin, and Michael be appointed as Support Engineers (22:24:56) phidelta: MOTION: resolved that m20091224.3 m20091224.2 m20091224.1 be approoved. (22:25:18) nb: second phidelta motion (22:25:18) iang: that Wolfgang, Martin, and Michael be appointed as Support Engineers (confirming m20091224.3, m20091224.2, m20091224.1) (22:25:25) nb: or iang's or whoever's :) (22:25:36) iang: ok, whichever ... Aye to all three ;-) (22:25:50) nb: AYE (22:26:03) andreasbuerki: the motions are open until te 20100107 (22:26:04) GolfRomeo: Abstain (22:26:08) iang: whoever enters in the vote can adjust the text. (22:26:11) andreasbuerki: Absain (22:26:14) nb: andreasbuerki, we can go ahead and vote anyway (22:26:19) nb: since the web motions don't really matter (22:26:22) nb: only motions at meetings (22:26:25) andreasbuerki: as said, abastain (22:26:25) iang: is there a request for discussion on these motions? (22:26:32) nb: andreasbuerki, that is fine (22:27:12) phidelta: Aye (22:27:30) phidelta: (Please vote on the web-motions, so that they reflect your vote here) (22:27:37) ***nb thinks he already did (22:27:45) phidelta: (Doing it is a bit complicated for me right now) (22:28:04) nb: ernie, your vote? (22:28:22) ernie: aye (22:28:35) ***nb declares the motion carried by a vote of 4 Aye's and 2 Abstentions (22:28:54) ***nb moves that support@cacert.org be copied to OTRS (22:28:59) nb: or does that need a board motion? (22:29:08) iang: i don't think a board motion is needed for that (22:29:13) nb: ok, motion withdrawn (22:29:19) nb: anything else on support? (22:29:46) iang: i have no further requests (22:29:55) nb: 2.3 AGM - added by Iang (22:29:55) nb: 1. Consideration of Finance draft (22:29:55) nb: 2. (22:29:55) nb: Text main report. notes have covered main Board archive. (22:29:55) nb: 3. (22:29:57) nb: Request to team leaders and prior board members. (22:31:18) ernie: Consideration of finance draft - what did you mean? (22:31:24) Cameron: I can give some money into cacert (22:31:34) andreasbuerki: yeaaaah :-) (22:31:57) iang: well, Ernestine has sent around the draft of the financial report since our last meeting (22:32:17) iang: and as we've ended every meeting saying, let's wait for the draft ... it seems as though we should have something to say :) (22:32:37) GolfRomeo: yes we have the document thank you ! (22:32:44) andreasbuerki: the report looks quite final to me :-) (22:32:46) ernie: and if nobody will have any reservation to the figure-part, the figures are final (22:32:47) iang: lots of work there! (22:32:56) iang: here are my notes, prepared earlier: (22:33:00) iang: Finance. I have reviewed and sent comments, I guess they are incorporated in latest package from Ernestine. Most comments were related to either (a) confusion as to activities in earlier years or (b) my confusion as to which report I was reviewing. (22:33:01) iang: At some stage I'll write an Auditor's report, and include a summary of the AuditBudget page. However (my understanding is) as these expenditures were all delivered in aggregated expense requests to CAcert, they are not reflected in the formal CAcert financial report (not having bank account transfers to back them up). (22:33:01) iang: One issue for this current/next board (and therefore next year's annual report) is that the audit budget was still open / unexhausted as of 20090630. There remain 309.78 "expenses" and 820.98 "Work" to be spent. We may want to close those amounts some how by end of FY, by for example allocating those amounts to audit-relevant tasks. Technically, the way funding works (as far as I know it) we should deliver a final report to the (22:33:01) iang: funder stating that every penny has been spent (otherwise they ask for it back...). (22:33:04) ernie: iang: yes - it was (22:33:18) ernie: iang - they are (22:33:37) ernie: audit-report ? (22:33:48) iang: ernie: yes, i have it all on the printer, haven't re-reviewed it. I think it is more important for others to read it than me to read it again ;) (22:33:51) ernie: did we have any audiotr at the moment? (22:34:01) iang: audit -- comment into the main text, not into the financial report (22:34:13) ernie: ahh -main Ok (22:34:27) iang: no auditor in sight ... but there was an auditor for that period, so he could be asked to write something ... (or he could be not asked...) (22:34:45) iang: point being, it seems that the audit financials do not enter the financial report at all (22:34:59) andreasbuerki: what does an auditors report help? (22:35:10) ernie: no - financial report are figures, and my commetns you have seen (22:35:18) andreasbuerki: is there something we dont know yet? (22:35:34) iang: andreasbuerki: completion for the main text, only. It will just be a summary of previously published info (22:35:40) phidelta: @AB: I thinke we "know it all" now ;) (22:36:12) nb: FYI I just read Mark's email in which he appointed the chair as proxy to vote in accordance with his votes on the online system and announce that he has voted Aye to appoint the new support engineers (22:36:16) ernie: did anybody else read the financial report beside iang (22:36:16) andreasbuerki: somehow I shate your opinion phil... ;-) (22:36:38) andreasbuerki: yes, me.... (22:36:48) ernie: and the others? (22:37:16) phidelta: I read it (22:37:20) ernie: :-) (22:37:23) nb: yes, although not in great depth (22:37:31) ernie: nb, lol (22:37:39) doris: i read it, but i'm not allowed to talk about it (22:37:50) doris: :) (22:37:57) ernie: so - when we will decide that the figures are final? (22:38:18) ernie: normally memebers will receive before the AGM (22:38:20) phidelta: Now! (22:38:23) iang: as a side note ... it has been established over the last year that directors are directly responsible for the figures. they can't wave the responsibility over to the FCO or anyone (22:38:46) iang: (In Australia, I mean.) (22:38:57) andreasbuerki: I'll take that responsibility (22:39:04) ernie: iang, therefore people could read - and say if they will agree - that's the normal way (22:39:12) iang: right (22:39:30) ernie: so - everybody will agree - and the draf will be final? (22:39:40) iang: although this situation is complicated, because we might or might not be able to take full responsibility for the last board (22:39:40) phidelta: Exactly (22:39:48) ernie: or some reservations? beside my remarks already in the comment (22:40:09) ernie: iang, we have to send something to the trade register (22:40:19) iang: however, our interpretation of the figures can be considered final. which is different to taking responsibility for the actions (22:40:26) ernie: anyway which period we are in the board (22:40:34) andreasbuerki: as we are the board in charge, I think we have to take that responsibility and I'm willing to take it (22:40:38) phidelta: And to cement this in, we should "resolve to approve the Financial Statement to be presented at the AGM as last sent by the Treasurer to the Board on 2010-01-03@3:57 CET" (22:40:45) nb: phidelta, second (22:41:12) iang: if we find a mistake or new information, we can always resolve to replace that, right? If so, fine, AYE. (22:41:23) phidelta: Right and Aye (22:41:38) GolfRomeo: aye (22:41:39) ernie: iang - we can - but we hve to inform members (22:41:49) ernie: after AGM we cann't change (22:41:50) andreasbuerki: aye (22:41:51) ernie: aye (22:42:28) iang: after the AGM, sure. I'm just thinking in the run-up to the AGM as we work on the whole report (22:42:46) iang: phidelta's motion passes? (22:42:51) phidelta: @NB: I assume your second is an Aye (22:42:52) nb: oh sorry (22:42:54) nb: aye (22:42:57) ***nb declares it carried (22:44:26) nb: do we want to set a date for the AGM? (22:44:36) iang: i would say so (22:44:41) ernie: hope so :-) (22:44:45) phidelta: YES!!!!! (22:44:51) iang: although it might be fun to deny that ... just for the fireworks season ;-) (22:44:53) andreasbuerki: enfin... (22:45:07) iang: we're agreed on Saturday? (22:45:23) GolfRomeo: finalement ! (22:45:24) iang: (as opposed to a Sunday or a Friday) (22:45:45) andreasbuerki: what is the result of doodle?... the members vote? (22:46:03) iang: slight preference for Saturday (22:46:44) iang: http://doodle.com/4xx9bbmwkdpwpcec (22:46:53) Werner [neoatnhng@dsl73bB020.sdtnet.de] hat den Raum betreten. (22:47:10) andreasbuerki: so we talk about Saturday, January 30? (22:47:53) iang: I think the 24th is out (22:48:01) ***nb moves to call the AGM for Saturday, January 30 (22:48:07) iang: even tho it is 3 weeks, we need at least a week for the rule changes (22:48:19) iang: i would prefer two weeks ... for rule changes (22:48:30) iang: but maybe one week would work as an effective filter ;-) (22:49:07) andreasbuerki: and maybe not.... we don't know (22:49:20) andreasbuerki: and some people are still on holliday (22:49:35) iang: well, we do know that we didn't have enough time last SGM to do effective discussion in ... 3 days? (22:49:52) iang: and we've discussed this heavily over the last month ... and still haven't resolved a lot (22:50:28) andreasbuerki: it is still new year and x-mas.... so a lot of people are not even around (22:50:58) iang: so what is likely to happen is that we see a rush of rule changes submitted towards end of this week ... and there will be no time to think up new ones, once the rule changes have been seen (22:51:14) andreasbuerki: if the chose the 30, we have until the 9 of Janaury time to discuss (22:51:15) iang: on the other hand, people have had plenty of warning. (22:51:19) dirk_virtuell [dirk@89.244.100.99] hat den Raum betreten. (22:51:34) andreasbuerki: let's be fair (22:52:16) iang: fair means? (22:52:53) andreasbuerki: what could we loose, if we set it to February 6, so everybody has enought time (22:53:00) ***nb thinks people have had enough notice already (22:53:09) GolfRomeo: nb : right ! (22:53:26) andreasbuerki: so you suggest the 30? (22:53:48) ***nb has already moved the 30th (22:54:00) andreasbuerki: is this a motion? (22:54:13) ***nb moves to call the AGM for Saturday, January 30 (22:54:14) Uli: Feb 5-7th -> Fosdem Brussel (22:54:14) iang: i think it is clear that people have had a month to talk about this, and all the way back to the SGM if we really want to read the history (22:54:54) iang: u60: i think I'm the only one that might be effected by that (22:54:56) andreasbuerki: ok, then we go for it and are done (22:55:20) iang: second Nick's motion, and Aye (22:55:25) GolfRomeo: aye (22:55:25) andreasbuerki: aye (22:55:33) ernie: aye (22:55:59) iang: phidelta: can you get an announcement out quickly? (22:56:04) nb: aye (22:56:22) phidelta: Yes (22:56:30) andreasbuerki: preferably on memebrs list and in the blog... :-) (22:56:30) Cameron: u60 is that ok now (22:56:37) phidelta: I'll send an email with the motion to the members list (22:57:10) andreasbuerki: no blog?.... would be a nice move :-) (22:57:31) phidelta: Aye (22:57:44) ***nb declares it carried (22:57:56) nb: anything else for this topic? (22:58:09) iang: yes, the main report: (22:58:11) iang: Main report: I have summarized most of the board list traffic of the period FY08/09 into this page: https://wiki.cacert.org/AGM/AGM200911xx/notes Also see some comments about uncertain topics on the private list. (22:58:11) iang: Team leaders (Events, Critical, Education) have made 3 reports here: https://wiki.cacert.org/AGM/TeamReports I suggest we just add them in as is. (22:58:11) iang: Members have also put in some personal reports here: https://wiki.cacert.org/AGM/MembersReport2009 I don't see an issue with adding them in as well. (22:58:28) iang: Question is, who is available to work on the main report? (22:58:49) phidelta: (Of course I'll do the Blog as well) (22:58:58) andreasbuerki: thx Phil :-) (22:59:38) iang: my time is probably limited ... (I also have to do an ex-Auditor's thing) (22:59:57) andreasbuerki: I'm busy with buiness (23:00:50) iang: Mark mentioned he might have time after 2nd Jan. But hard to ambush him when he isn't here :) (23:01:01) iang: Ernestine has done the finance part ... (23:01:36) ernie: think somebody native-e have to do :-) ... could bring it in form if you like (23:01:50) iang: I could certainly write the report. But this would look bad to some people. (23:02:42) iang: well, perhaps we have to defer this for lack of answers? (23:02:43) Cameron hat den Raum verlassen (quit: Quit: Leaving). (23:03:45) iang: chair? defer and move on? (23:04:24) phidelta: Agreed: Defere & Move (23:04:38) nb: yes, defer (23:04:39) phidelta: (I may be able to help but cannot commit right now) (23:04:46) nb: 2.4 Membership Nomination(s) - added by Iang (23:04:47) nb: * as received by secretary (23:04:56) nb: phidelta, do you have a list of pending nominations? (23:05:09) phidelta: As per my list there are: (23:05:09) phidelta: Martin Schulze (23:05:09) phidelta: Wolfgang Kasulke (23:05:10) phidelta: Millis Miller (23:05:10) phidelta: Gero Treuner (23:05:18) phidelta: That still lack board approval (23:05:33) phidelta: I hope I have not overlooked anyone (23:05:34) iang: the first two, Martin and Wolfgang, just got appointed as SEs (23:05:35) andreasbuerki: fine, second and aye (23:05:46) ***nb moves they be admitted as members of the association (23:05:56) iang: Aye (23:05:57) andreasbuerki: second and aye (23:05:58) nb: aye (23:06:06) phidelta: This is on the first two? (23:06:06) GolfRomeo: aye (I don't know them) (23:06:09) phidelta: What ist hte motion (23:06:11) nb: phidelta, all of them (23:06:16) ernie: aye (23:06:17) phidelta: Aye (23:06:17) andreasbuerki: aye on all of them (23:06:36) ***nb declares it carried (23:06:54) nb: 2.5 Software Assessment - added by Iang (23:06:55) nb: * (23:06:55) nb: as discussed last time, progress update on m20091220.2 (23:07:08) pemmerik [pieter@cc518889-b.hnglo1.ov.home.nl] hat den Raum betreten. (23:07:19) iang: Philipp reports he has sent out invitations and questions, and received no replies. He also thinks that software assessment isn't the problem area, but rather it is software development. There aren't enough patches being offered. (23:07:35) iang: I talked to him today over skype, he wasn't going to be available for this meeting. (23:08:16) dirk_virtuell: @iang: i got the message from philipp today, but had no time to reply today ... i'll reply in the next days ... (23:08:37) iang: have you had any other messages from him? (23:08:51) iang: he didn't tell me he mailed out today :) (23:09:04) andreasbuerki: yup, we need developers for patches, patches, patches.... (23:09:39) iang: The motion reads: (23:09:39) iang: Request to propose new Software Assessment team members (23:09:39) iang: That, the board is of the opinion that more software assessment members are needed, and, requests the Software Assessment Team Leader to propose new members (Dirk Astrath, Markus Warg, Bernhard Froehlich and Alexander Prinsier) for addition to the Software Assessment Team, and asks that ABCs be requested as soon as possible. (23:10:21) iang: now, one of the reasons we have too few patches and developers is that the software assessment area & practice is not well developed (23:10:54) andreasbuerki: curious for a technical project.... (23:10:55) iang: in order to boost up the capability to deal with incoming patches, we probably need more people, just to put heads together, and build a system. (23:11:10) nb: second and aye (23:11:35) iang: hence the previous motion: let's build / fix the software assessment team (23:11:42) ernie: iang, ..."built a system" ? (23:11:58) iang: talking about the lack of developers isn't really going to help. If we had a lack of developers, why didn't we spend the last N years fixing it? (23:12:13) iang: by system, I mean the whole process, not a technical system. (23:12:28) iang: process of adding in patches, allocating assessors, testing, fixing (23:12:33) ernie: iang, ahh (23:12:49) andreasbuerki: ask the community, why not... ;-) (23:13:10) iang: oh we have, the answer hasn't always been polite ;-) (23:13:49) iang: my question right now is whether we request the ABCs now (23:13:55) andreasbuerki: and the answer was? (23:14:32) andreasbuerki: the ABC is part of the motion (23:14:40) iang: the good thing about the ABCs is that they are not exactly wasted, although they are a lot of work. They can also be used for support and critical sysadm uses. And they'll be required for software assessment anyway (23:14:51) andreasbuerki: and asks that ABCs be requested as soon as possible. (23:15:07) iang: andreasbuerki: exactly ... and when does ASAP expire? (23:15:37) andreasbuerki: you voted for the motion, I was not at the meeting... ;-) (23:15:54) iang: the sense of the meeting was that it should be done before the next meeting (23:16:13) iang: so perhaps we need to give a helping hand, and request them? (23:16:33) ernie: iang, request whom? (23:16:46) iang: request the ABCs are conducted on the 4 proposed members (23:17:04) iang: it's a dispute filed (through Support and then to Arbitration) (23:17:10) ernie: mhh - if the proposed members received, we havet ot wait till they send answer (23:17:14) andreasbuerki: so, you would like to expand the motion with a date? (23:17:26) iang: then the Arbitrators have to schedule them across their case load (23:17:35) iang: but they won't start doing that until the see the filings (23:17:41) phidelta: Just FYI: the AGM has been announced via Mailing-List & Blog (23:18:05) iang: andreasbuerki: no, i'm not interested in passing a motion that defines ASAP ... we might as well set PI to be 3 (23:18:11) phidelta: Well the motion requested the Team leader to ask for this and he has not yet done so (23:18:29) phidelta: Rather he said that SA is not the problem (23:18:47) ernie: phidelta, but dirk received - he has done in this case (23:18:50) phidelta: So we can either replace the Team Leader or ask him again with slightly more emphasis (23:19:17) phidelta: I personally suggest that we ask again with more emphasis like: (23:19:18) andreasbuerki: why are we in such a hurry... let's take time (23:19:39) iang: we will take time, which is why we want the admin parts done quickly (23:19:48) iang: it will take around 2 months to get through these ABCs, my guess (23:20:12) ernie: iang, this we already know last time ... (23:20:13) andreasbuerki: so what.... (23:20:15) iang: we only got through the 3 ABCs for the SEs because we were able to meet up physically and make it happen in the German event (23:20:22) phidelta: resolved that the SA team leader request the approval of at least 1 more team member by January 30th. Failure to comply is equivalent to immediate outster :D (23:21:14) iang: phidelta: well, we could do that .... but you might get the wrong guy requested on 30th ;-) (23:21:24) andreasbuerki: we have policies and should stick to them... my humble opinion (23:21:35) phidelta: Well then at least we have a request ;) (23:21:50) iang: ok, andreasbuerki, but be careful what you wish for, old chinese curse ;-) (23:21:56) nb: do any of the policies say that it has to be the SA team leader to request the ABCs (23:22:24) iang: the motion effectively was to turn a blind eye over certain practices for a limited amount of time ... if we don't follow the motion with full speed, we're back to the policies. (23:22:43) iang: It is the team leader who should do the process (23:23:06) andreasbuerki: so let's do him the work.... no need for hurry (23:23:23) iang: the current situation is that it is not clear that any software assessment is currently meeting Security Policy (23:24:33) iang: however it has been suggested that now is not the time to be over-bearing on filing disputes about that ... because we are likely to re-build that entire area. (23:25:50) iang: so, is it the sense of the board to do nothing? (23:26:15) phidelta: Well it isn't my sense. (23:26:47) ernie: iang, not today - wait till the 3 people have answered to the questions (23:26:50) andreasbuerki: it has ben done a motion and it is under way... (23:27:05) phidelta: I would rather we as the board move that the next board investigate this issue. (23:28:01) andreasbuerki: sounds good to mee (23:28:10) phidelta: I just don't want this to get lost due to inaction by us (23:28:24) iang: what's to investigate? the work isn't being done, there isn't much else to say?? (23:28:46) phidelta: So we just put it onto the next Agenda for the Board Meeting in February? :) (23:28:54) ernie: phidelta, think it ia not a inaction - we maybe come out a little bit to late - now the AGM will come, but the AGM is not reason to stress (23:29:13) phidelta: The AGM is the problem here. (23:29:38) phidelta: I'm reluctant to stress before it, but fear that waiting for the next board will just cause unecessary dely (23:29:59) phidelta: In my opinion, the motion from the last meeting is not being worked on, but rather being ignored (23:30:13) iang: we could over turn the motion ... that would leave it for the next board (23:30:17) phidelta: After all we clearly asked PG to request these Team adfditions (23:30:25) phidelta: He has had 2 weeks to do so (23:30:29) ernie: phidelta, I dont' see the problem, sorry - with this circumstance we have to live :-) as any other association too (23:30:30) phidelta: And he has not done it (23:30:47) ernie: phidelta, but dirk said - he received- means he has done (23:30:58) phidelta: So to me that says he is simply ignoring the existing motion (23:31:15) phidelta: Dirk has said he has spoken to PG (23:32:04) phidelta: Sorry "Received Invitations and Questions" (23:32:11) phidelta: That's not what was asked (23:32:22) phidelta: We asked for s statement by PG to the board (23:32:32) phidelta: Has anyone on the board heard from PG (23:32:33) phidelta: ? (23:32:42) nb: i have not (23:33:01) iang: i talked to him today, my summary is as above (23:33:18) phidelta: Anyhow. I don't want to stress on this issue now, but I would hate for the AGM to come and go. And afterward the issue is simply forgotten (23:33:45) iang: phidelta: the issue won't be fogotten, because there are now a team of software developers building up (23:33:57) andreasbuerki: if it is important, it will not be forgotten... ;-) (23:34:02) phidelta: That summary was "He also thinks that software assessment isn't the problem area, but rather it is software development." (23:34:15) iang: but it has become clear that they won't get anywhere until they get a proper software assessment process in place (23:34:18) ernie: phidelta, if the new board will see in a other way - we cann't change this circumstance - to stress now isn't a way to solve (23:34:42) phidelta: As they say: "Let the minutes show..." ;) (23:34:47) phidelta: Next topic? (23:34:49) iang: a new board is a new board. what you are suggesting overturns the motion of the last meeting (23:35:13) andreasbuerki: I don't think so (23:35:20) nb: 2.6 Domain Management, DNS + OCSP - added by Iang (23:35:20) nb: * (23:35:20) nb: confirm DNS + OCSP to critical team m20091231.1 (23:35:20) nb: * as discussed on board list, how we manage the domain (23:35:39) iang: chair: are you closing discussion on the last topic? (23:36:37) nb: unless someone has a motion, yes (23:37:59) phidelta: @2.6: I have only witnessed OCSP discussions in the policy list not he board list (23:38:26) phidelta: Am I missing something (23:38:27) phidelta: ? (23:38:38) iang: i should be on the board list (23:38:49) phidelta: Subject: ? (23:39:31) iang: "request to extend scope of CAcert critical systems" (23:40:02) ***nb moves that DNS and OCSP be added to the critical systems (23:40:11) nb: phidelta, email should be from wytze (23:40:43) Uli: Di 29.12.2009 15:23 (23:40:47) iang: that, we confirm m20091231.1 (23:41:11) iang: point of procedure: is there any point in duplicating the motions when the one in the system is good enough? (23:41:15) phidelta: Got it (23:41:42) phidelta: No there is no reason to duplicate (23:41:51) phidelta: And I would vote Naye (23:42:01) iang: ok, can we discuss: why is this? (23:42:13) phidelta: To quote you: " I can't see a good reason for not doing this." (23:42:27) phidelta: I would say: "I can't see a good reason to do this" (23:42:29) iang: which is to say, it's a good thing to do (23:42:44) nb: because if someone takes over our dns, they can do ANYTHING (23:42:47) iang: well, OCSP is a potential attack vector (23:42:52) nb: they could set up a fake cacert that takes peoples passwords (23:42:53) phidelta: Well not quite (23:42:55) iang: as is DNS (23:43:03) phidelta: If someone takes over DNS they take over DNS (23:43:10) phidelta: No more no less (23:43:27) phidelta: And OCSP is not even hinted at in the CPS so it is a convenience service only (23:43:29) iang: which can be used to take over email addresses and the like, and craft accounts with false domains in it (23:43:42) iang: because the checking is primarily email based, which can be intercepted by DNS attacks (23:44:02) phidelta: @IanG: Why would it be any more possible to take over email addresses? (23:44:25) phidelta: If I wanted to do that all I have to do is alter the DNS records that are downstream (23:44:33) iang: phidelta: as an aside, mozilla are trying to make OCSP their standard, and not care at all about CRLs. They haven't succeded yet, but by the time we get there it is possibly obligatory (23:44:45) phidelta: THe root DNS for cacert.org need not even be involved (23:45:05) phidelta: To believe that moving DNS in house will make a difference in terms of security is not understandin g DNS (23:45:16) iang: i agree that it is a bit messy trying to work out what the real attacks and risks are likely to be (23:45:29) andreasbuerki: and Opera is as well a heavy user of OCSP, aren't they? (23:45:39) phidelta: So DNS does not make a difference in terms of security (23:45:58) phidelta: Now for OCSP, why does it need to be critical right now with these current roots (23:46:08) phidelta: These roots will never be in mozilla (23:46:10) iang: opera has already switched on some OCSP, as have most others ... but Opera has a particular flaw/fix that interferes with CAcert's OCSP ... I don't know that they are "big" (23:46:31) phidelta: The only reason to do this now is because Wytze is bored and wants to do this. (23:46:47) iang: phidelta, your summary is a bit ... sweeping (23:46:51) phidelta: I have no problem with that, but I think there might be better things for those resources (23:47:18) andreasbuerki: Heard just, thet a lot of mobile browsers are Opera (23:47:36) andreasbuerki: means, browsers for mobile devices (23:47:43) iang: as for OCSP, it is basically on the work list of the critical team to do this, and they have asked to resolve this question now (23:47:44) phidelta: I simply see no reason why we would want to do this now. (Admittedly I see no strong reasons not to either.) (23:48:08) ***nb thinks that both of them should be critical, for the reasons ian stated (23:48:11) iang: they asked. are we going to say no, because we don't know what their Gant chart says???? (23:49:11) phidelta: Ok, in that case: Resolved that, following Security Policy 9.4, DNS and OCSP are critical (23:49:12) phidelta: services, and should be run by the critical team according to the full (23:49:12) phidelta: regime of Security Policy. (23:49:12) phidelta: Infrastructure team and Markus Kainz are thanked for their years of help (23:49:13) phidelta: in this. (23:49:13) phidelta: It is expected that there is a timeline and handover, but no details nor (23:49:13) phidelta: deadline is set here. (23:49:19) iang: actually as far as I know, it's been a standing request since earlier in the year when we discussed it. What was clear was that in the buildup of the critical team ... we didn't want to do things like move servers around arbitrarily (23:49:29) ***nb seconds (23:49:30) iang: servers and/or services. (23:49:33) nb: AYE (23:49:44) GolfRomeo: aye (23:49:53) iang: aye (23:49:53) andreasbuerki: aye (23:50:05) ernie: aye (23:50:38) phidelta: Aye (23:50:41) ***nb declares the motion carried. (23:50:51) nb: # (23:50:51) nb: 2.7 Assurance Plan for 2010 - added by Iang (23:50:51) nb: * Spring Tour, Oz (23:51:08) iang: hold on! there is also discussion about domain (23:51:37) iang: As reported on the board list, I took over the GKG account by using the Support@co email address to change the password. I guess GKG is the domain registry or the agent, located in Texas. I attempted to change the email addresses but the interface only permits one email address across all contacts so I moved it back to support@ (23:51:37) iang: questions: 1st. One is, who is to control this account? Is it the board or can we give this task to the critical systems team? (23:51:37) iang: 2nd. Is the current registry GKG an appropriate place? Although there is nothing wrong known, it seems to be a discount provider in the USA. There might be a benefit in finding an agent / registry that is more likely to defend from some attacks? And has a more serious attitude to security. (Discussions with Alexander did not reveal any immediate options.) (23:51:38) iang: As I understood it, it was the sense of previous boards that the registry should be one located in Australia. But I do not know anything about their progress. (23:51:43) nb: oh sorry (23:52:10) ***nb does not think the location matters much (23:52:17) nb: i've had dealings with quite a few registrars (23:52:23) phidelta: @NB: agreed (23:52:39) phidelta: Unless there is a VERY good reason to change this. Don't touch it (23:52:43) iang: i think the main horror stories have been with godaddy ... but i've not followed it (23:52:58) phidelta: I am a registrar ;) (23:52:58) nb: iang, you are pretty much correct (23:53:02) iang: there is a VERY good reason: we are supposed to prepare the CA for another audit ;-) (23:53:05) nb: phidelta, a registrar, or a reseller? (23:53:22) nb: phidelta, /me is a reseller, being a icann-accredited registrar requires $$$$$ (23:53:30) ***nb likes resellerclub (23:54:00) phidelta: We are accredited for AT EU and a few others. And resellers for most others (23:54:11) nb: phidelta, nice! (23:54:28) phidelta: Anyhow. I really don't think it makes any difference where the domain is. (23:54:30) ernie: iang, it's not the questio where the registrant is located, question is, is he direct reseller - or the reseller of the reseller (23:54:44) nb: gkg is a registrar IIRC (23:54:55) pemmerik hat den Raum verlassen. (23:55:00) nb: ernie, which is what you are calling a direct reseller i think (23:55:05) iang: well, there are two questions: location, and how to control. Wytze has grumbled that anyone with access to support can take over the domain. So, I proved him right .... (23:55:08) nb: registrar are ones the deal directly with the domain registry (23:55:27) phidelta: The problem is that the "Owner" is support@ (23:55:28) nb: iang, what about making the email address for it critical-admin@ or whatever (23:55:29) ernie: therefore he signed a contract, (23:55:33) phidelta: Whixh we should change (23:55:40) iang: ernie: that would be a third question, yes :) (23:55:49) nb: iang, although theoretically email admins could take over the domain no matter what we do (23:55:51) phidelta: But that we should do independently of whether we change registrar (23:56:00) phidelta: @NB: Right ;) (23:56:05) ***nb sees no good reason to change registrars (23:56:11) ernie: iang, and in this contracts are written, he is following the wished of his customer (23:56:44) ernie: iang, and somwhere he made a deposit ... you don't get registrar without money (23:56:53) ***phidelta has been screaming about support@ being in the root cert and many other places for ages (23:57:10) nb: yeah, being a icann accredited registrar costs lots of money (23:57:15) ernie: iang, problems you normally have with reseller of the reseller and reseller (23:57:18) iang: phidelta: we should introduce you to our project to re-issue those roots (23:57:21) nb: ernie, agreed (23:57:23) ernie: nb, right (23:57:29) nb: iang, i thought we already did? (23:57:34) nb: but just hadn't implemented them yet (23:57:48) iang: well, let's not add that to the agenda :) (23:57:59) GolfRomeo: phidelta : support@ was removed in the new 2008 Root certificates (23:58:01) phidelta: @NB: Nope so far we declined to do so (23:58:15) nb: phidelta, didn't they generate roots in 2008? (23:58:17) iang: so, it is the sense here that it matters less where the agent is located, than if the agent is a full registrar listed with ICANN? (23:58:25) nb: iang, i would agree (23:58:29) phidelta: And I agree that we should start a task-force to reissue and deploy within 18 months (23:58:29) phidelta: (Root Certs that is) (23:58:40) ernie: iang, yes (23:58:43) nb: i would also suggest not using godaddy, but that is not a problem, since we aren't using them currently anyway (23:58:44) iang: and that GKG is a full registrar? And this is good enough for now? (23:58:53) phidelta: @GR: I know, and I am glad about it :D (23:59:33) iang: ok, so that just leaves the question of who controls the account (23:59:49) phidelta: It doesn't even matter much if the registrar is full registrar or not. The issue is simply who controlls the account (23:59:50) iang: board? critical systems team? iang? Support Team? infrastructure team? (00:00:01) phidelta: Since even resellers are bound by contracts (00:00:05) ernie: iang, normally the board are responsible - in my opinion - if we delegate or not, it's upt to us (00:00:18) iang: so ... what's our opinion on delegation? (00:00:31) phidelta: Well we do controll it right now and have delegated to support@ which was fine for now but should be changesd (00:00:41) andreasbuerki: delegation is ok... to whom? (00:00:44) iang: and what's our opinion on separation of concerns, 4 eyes, etc ... thinking forward to how the next audit will think about it? (00:00:45) phidelta: I suggest we delegate to the critical team (00:00:47) ernie: phidelta, not only - because the reseller of reseller don't sign the same contract (00:01:02) phidelta: Since they have us by the proverbial balls already ;) (00:01:13) andreasbuerki: phil....agree (00:01:41) phidelta: @ernie: They in effect do, as the responsibilities are passed along in the contracts and the forum for arbitration remains the same: ICANN (00:02:00) ernie: iang, I never have seen a registrar where 4 eyes doing - only, that the "owner" will receive mail after a change (00:02:19) phidelta: @iang: 4 Eyes as with everything else under SP (00:02:25) ernie: phidelta, but the don't make the same depot of money (00:02:54) iang: well, there is also the control over DNS. If the DNS is pointed to in the GKG account, we have a measure of dual control (00:03:09) ernie: phidelta, I direct registrar have a lot to loose - a reseller whereever he is located in the row not very much (00:03:38) phidelta: @ernie: the reason for the depot is because the direct registrars are nationally diverse. Resellers are resellers of a registrar within the same jurisdiction. So the point really is moot (00:03:38) iang: nb: can you confirm that GKG is a direct registrar for .org ? (00:03:58) nb: iang, yes (00:03:59) nb: i did (00:04:03) iang: ok (00:04:06) nb: Sponsoring Registrar:GKG.NET, INC. (Formerly GK Group L.L.C.) (R164-LROR) (00:04:20) nb: to have your name in the whois as the actual sponsoring registrar, means that you are the direct registrar (00:04:30) nb: (thats from the results i get when i whois cacert.org) (00:04:43) iang: ok (00:05:13) iang: so is there any sense in us having some dual control over the primary DNS servers? (00:05:33) phidelta: Wow! I just got a google alert that the CAcert Blog Post about the AGM has just been indexed! They are fast!!! (00:05:43) nb: i would say so, even to help eliminate accidents (00:05:49) iang: auditor will say "yes" but to some extent this is because the possibility is there, not because it necessarily is a good idea (00:05:49) nb: I accidentally broke fedoraproject.org DNS one day (00:06:10) nb: having 2 people look at changes would be a good thing to avoid something like that happening to us (00:06:13) phidelta: @iang: that is what we have just voted to do in the prior motion (00:06:47) phidelta: Everything under SP is dual control or 4 Eyes (00:06:58) iang: do you mean, within critical team they will do dual / 4 so we don't need to do it? (00:07:13) phidelta: So if we put DNS & the Domain under the critical-team/SP that is what we are achieving (00:07:41) phidelta: Yes, because that is what they are supposed to do according to SP with everything they are handed (00:08:30) iang: ok (00:08:38) iang: does everyone else see it that way? (00:09:02) andreasbuerki: agree (00:09:16) ernie: see it same way, if I understand SP right (00:09:29) iang: ok, some text then (00:09:40) iang: resolved, that the cacert.org domain and others be kept with a direct registrar, and that the current Registrar GKG is sufficient for the time being, (00:09:40) iang: and further resolved that the Registrar Account is critical, and should be run by the critical team according to the full regime of Security Policy. (00:09:48) phidelta: How about: resolved that administration of the cacert.org domain is handed over to the critical admin team under security policy. (00:10:01) phidelta: @Iang yours is better (00:10:24) iang: @phidelta, i copied from the other motion :) (00:10:24) phidelta: second (00:10:31) iang: aye (00:10:44) ernie: aye (00:10:47) phidelta: aye (00:11:09) nb: aye (00:11:43) GolfRomeo: aye (00:12:02) iang: ok, i think that solves the issues, and we now have a clear path ahead! (00:12:19) phidelta: andreas? (00:13:02) andreasbuerki: aye (00:13:09) ***nb declares it carried. (00:13:17) nb: # (00:13:18) nb: 2.7 Assurance Plan for 2010 - added by Iang (00:13:18) nb: * Spring Tour, Oz (00:13:41) iang: ok here goes: (00:13:47) iang: The Assurance team is having preliminary discussions about its programme for 2010. So far, it looks like this: (00:13:47) iang: February: Fosdem (Belgium) for ATE review and co-audit "test script" plan for 2010 (00:13:47) iang: April Europe I == NL, B, F, GB, (CH), A (00:13:47) iang: March-May Australia == Canberra, Sydney, other big cities, if reachable (00:13:48) iang: May Germany (2 weeks) (00:13:48) iang: June Europe II == DK (Kopenhagen), S (Malmoe), E (Barcelona), (00:13:48) iang: Planning for European events is located here: https://wiki.cacert.org/Events Note that Assurance Team were given the mission last year to export to other countries; also see the Events and Education Team Reports earlier mentioned. (00:13:50) iang: https://dev.fiddle.it//ozspring.png (00:13:50) iang: Australian Events: I have done some calculations. Based on discount flights and *early bookings* it is theoretically possible to cover the big cities for around $aud 1000 in flight costs. Without flight costs, I would be more limited to trips around Canberra / Sydney axis, and asking for favours (petrol/car etc). (00:13:52) iang: Question for board: do we think that it is reasonable to break out a small budget of say $1000 for a sprint around Australia to do ATEs, etc? (00:13:52) iang: In terms of planning, I generally would want some months to notify people in Australia and build up the support for this. (00:13:54) iang: (end) (00:14:20) nb: what about the US? (00:14:35) nb: it'd be nice if we could ever have any kind of events (00:14:38) iang: i'm willing to come to the US if you pay the flight ;-) (00:14:51) nb: yeah, the budget is the hard part (00:15:01) iang: the thing is ... we have to use the assets that we have. In Oz, I'll have time. But not money. (00:15:33) iang: In this up-coming spring, Ulrich and his team will have time and cars ... so they can cover things over a longer period -- weekends and so forth (00:16:01) ernie: what is with US ? (00:16:07) iang: but USA and Australia are too big to use cars to cover the country (00:16:22) ernie: iang, I'm not speaking to cover country - sorry (00:16:25) iang: also, same with Latin America, which we would like to do (00:16:40) iang: ernie, i don't understand what you mean? (00:16:46) ernie: iang, but we could try to start somewhere (00:17:10) Uli: at Fosdem, we can meet people from around europe (00:17:31) ernie: iang, what I mean is, to find in US people which will do some events - organize by themselves - as a lot of other people also do (00:17:36) Uli: there are no or to less contacts to build up a team for the US right now (00:17:46) iang: sure ... it is primarily up to them I think (00:17:56) ernie: iang, I'm not speaking from a "tour" because we don't have the money for such things (00:18:41) iang: the thing with Australia is that we have two strategic interests: one is that it is the base of the association, which leads to the second: in the new Associations Act we will require (I think) 3 directors and public officer. (00:18:44) Uli: at last assurance minitop we've discussed the Nucleus program (00:18:47) phidelta: As much as I would like to discuss the US, it is not the topic right now. (00:19:20) ernie: phidelta, no - not a topic, but we must consider too (00:19:22) phidelta: The topic right now is whether we want to give Ian a budget for an AU tour which he has proposed to do when he is ther. (00:19:42) iang: nb: best thing is to talk to u60 and get ideas about how to build up that team (00:19:48) ernie: for how much budget he is asking ? (00:20:16) phidelta: roughly $1000 for a few flights within AU. He has the trip there covered already (00:20:40) andreasbuerki: if their is budget... (00:20:41) phidelta: iang: Question for board: do we think that it is reasonable to break out a small budget of say $1000 for a sprint around Australia to do ATEs, etc? (00:20:46) iang: see https://dev.fiddle.it//ozspring.png for my spreadsheet of example flights (00:20:48) ernie: iang, what's your request, when you need - where you plane to go? (00:21:16) andreasbuerki: what is this fiddle thing?.... your private site? (00:21:18) ernie: phidelta, for us $1'000 isn't small :-) (00:21:20) iang: as above, the request is whether we can allocate a budget of (say) $1000 to cover a bunch of flights around australia (00:21:53) andreasbuerki: would say make a clear proposal as in every project (00:21:53) onekopaka_laptop hat den Raum verlassen (quit: Ping timeout: 180 seconds). (00:21:54) phidelta: @ernie: I was quoting Ian ;) (00:21:58) iang: (it's a site with HTTPS that requires cert to access ... i'll ditch the graphic after the meeting) (00:22:11) ernie: phidelta, ahh - sorry - saw only small :-) (00:22:43) iang: andreasbuerki: I can make a clear proposal, but the bottom line is simple: 1000 gets me the flights to cover most of the territory. (00:23:14) andreasbuerki: sorry, that I can't approve as a resposible board meber (00:23:26) iang: so what I would like to see now is a sense of the board as to whether you wish to pursue this path or not (00:23:58) andreasbuerki: I cant aswer that as long i don't know the use of proceeds (00:24:06) iang: because there is no point in me doing all the work if you want to sign off on each payment ... because that will take too long ... discount flights and all that (00:24:14) iang: flights in australia (00:24:14) ernie: $1'000 is approx 15% of our yearly income, (00:24:29) iang: flights in australia is the use of the proceeds (00:24:55) phidelta: Have a look at the URL https://dev.fiddle.it//ozspring.png it states clearly what the money will be used for. Flights to do a bunch of ATEs (00:25:10) iang: it is approximately 600 euros (00:25:22) ernie: iang, not each expense - but I plan - where are you going, you many cities, how much people yu think - the see an average cost for each new assurer (00:25:31) ernie: *but a* (00:26:24) iang: my plan would be Adelaide, Perth, Melbourne, Sydney, Canberra, Hobart and some options (00:26:57) andreasbuerki: and for these we get back in return what?... how many new assurers? (00:26:58) iang: however I do not intent to lay out the path at all ... because what I also have to do (as well as find the cheap flight) is find people in the city who can support the on-ground costs. (00:27:24) andreasbuerki: for your interest... here in CH we din't spent one lausy $ until now (00:27:27) phidelta: That means 6+ cities. Let's assume on average 20 people per city. That would actually put AU on the map If only half became assurers (00:27:40) iang: the main reason I suggest for this is that we need to build up our assurer and member base for the association .. so we can get those three directors and comply with the Act (00:27:53) ernie: iang, headline in the rows should be great - for better reading, for people they don't know the sheet (00:28:24) iang: assurers can be estimated.... we can take the numbers from the Spring Tour (00:28:45) ***nb just realized, we still need to talk about reincorporation sometime (00:28:51) phidelta: I have seen it for the first time 5 minutes ago and got it. But then I guess I am a genius ;) (00:29:03) ernie: nb, think we have to do when mark is here (00:29:08) phidelta: @NB: That would be a topic for the next board I think (00:29:27) iang: concur (00:29:27) nb: yeah (00:30:30) ernie: nb, but we must consider, that me must eventually do reincorporation- and we don't knew how much expenses we have to allocate (00:30:35) phidelta: The question remains: Are we fundamentally inclined to provide some budget for the AU tour or not. (00:30:59) andreasbuerki: if we have budget and a clear plan (00:31:11) ernie: phidelta, I'm not against, but we have first to know - when we must do a reincorporation - and how much it will be (00:31:11) phidelta: If yes then Ian continues planning and presents an itinerary. (00:31:11) phidelta: In not then that's the end of it. (00:31:50) andreasbuerki: I have made my statements (00:32:07) iang: andreasbuerki: a clear plan will cost around 5 times as much, because it will involve having all the flights booked much later, at full prices (00:32:13) phidelta: @ernie: I agree that that would be a good thing to know. But I think +-$1000 will not make any difference in whether we can reincorporate or not (00:32:45) ernie: 1'000 will be 15% of the "normal" income from us, it's not so small you think (00:33:34) iang: 1000 is not a small amount ... but obviously it also puts the question on why we have so little funding coming through ... there is room for improvement (00:33:39) phidelta: Ok, so to sum up we have 2 against it and 1 for it. (00:33:39) ernie: the other reason why I'm asking regarding the US is, we receive much more per donator then from other countries (00:33:55) phidelta: Then there is NB and GR who have not said anything (00:33:59) iang: but also, the new Act requires those 3 australian directors ... and I haven't got too many other ideas about how we find them (00:34:01) andreasbuerki: funding can only be improved with clear goals.... like wikipedia (00:34:12) nb: ernie, I have been thinking about contacting some other assurers that are kind of near me, and seeing if we can plan a few events (00:34:13) ernie: and as long mark haven't get all documents from robertC, we never know what will come up there (00:34:59) nb: hopefully the only cost would be maybe hotel room and gasoline for a few assurers (since we would need at least 3 to have enough to fully assure people to 100) (00:35:00) andreasbuerki: cool nick.... I love the us, they have the biggest $ average per donations (00:35:01) ernie: nb, should be great, the US will donate us the double average amount then other countries (00:35:09) phidelta: @ernie: If we stopped everything everytime until we know everything, then we will never get anything done (00:35:11) GolfRomeo: my guess we should find a way to have AU directors (00:35:30) ernie: phidelta, point is, we don't get money very fast (00:35:43) ***nb hasn't put together a proposal since I haven't got anything other than "I'd like to do this" (00:35:47) phidelta: @ernie & @ab: donations per person are completely irrelevant (00:35:57) iang: ernie: how much money is in the bank account? (00:35:59) ernie: phidelta, and we haven't really a filled bank-account (00:36:08) phidelta: It only means that that would be a good place to ask for money (00:36:27) ernie: iang, point is, what we need in the next month, and what will be after FCST on the account (00:36:31) ernie: you see in the FCST (00:36:45) phidelta: The point here is if we want to spend some money on 6+ ATEs or not (00:36:47) ernie: this is without reincorporation - only the fees we know (00:37:04) iang: so there is no short term problem (00:37:26) ***nb thinks we could try to fundraise more too (00:37:34) iang: i don't think we can bring reincorporation into the discussion. there has been no motion, and no membership approval of that, so as far as I can see, it is just blue sky (00:37:41) ernie: iang, problem not, but we have to see that it will stay "no problem" (00:37:44) nb: i.e. collect donations at the ATE, put a note on the blog or front page asking for donations more (00:37:50) ***phidelta agrees with NB, but again that's not the issue (00:37:51) nb: or send a nice email to mailing lists (00:37:53) nb: phidelta, true (00:37:55) iang: we don't need any money for reincorporation because we have not decided to do it (00:38:18) ***nb is generally in favor of ATE's (00:38:21) iang: ernie: not a short term problem, which means we have a year or so to fix it (00:38:25) phidelta: @iang: concur (00:38:26) andreasbuerki: nb... again, I clar plan and we can find money (00:38:42) nb: I am fairly neutral to this so far (00:38:48) phidelta: @ab: concurr, but again that's not the issue right now (00:38:50) nb: iang, do you have a plan of what areas you plan to visit? (00:39:04) iang: no, explicitly not (00:39:10) andreasbuerki: phidelta... it was ment for nb ;-) (00:39:22) ernie: iang, if the membership-fees will be dropped - we will get a problem (00:39:26) iang: i can't plan the cities because I have to contact all the people in australia and give them a proposal (00:39:49) nb: i would say ask iang to contact the people and see if he can arrange places to go (00:40:00) nb: before we actually approve spending money (00:40:04) iang: and then, I can't contact people until I have some certainty about the offer. So it will go the same way as it went in the spring tour: I mailed everyone, and got 80% of the places I wanted (00:40:17) ernie: iang, mean long-term, and we can pay the hosting from the money we will have (00:41:07) andreasbuerki: so it is money in the cloud... sorry, this don't support (00:41:10) iang: ernie: yes, i know the money is tight. is there an alternative? (00:41:43) ernie: iang, and if have to do the reincorporation in the next six month, we will have a problem - depends which kind of legal entity will be reincorporated (00:41:49) iang: andreasbuerki: no, this is how budgets work. You give a budget on a rough plan, and then check the results. (00:41:57) phidelta: I see a chicken-egg thing here. You can't ask people to organize an ATE until you know you can get there. But the board won't approve getting there until it's all set up (00:42:09) ernie: phidelta, at the moment yes (00:42:21) iang: phidelta, yes that is the problem (00:42:30) andreasbuerki: not the budgeting process I do... this is amateur, sorry (00:42:50) andreasbuerki: and i come from industry, not from fantasy land (00:42:56) nb: I would be in favor of approving it, given a few more details of where it would be paying to travel to (00:43:10) phidelta: All that is being asked of us it to approve a budget. If nothing gets set up then no money is spent. That is how you usually solve these issues. (00:43:12) nb: not necessarily set in stone details (00:43:31) ernie: nb, right (00:43:36) andreasbuerki: if it is a frozen budget.... maybe (00:43:59) phidelta: Adelaide, Perth, Melbourne, Sydney, Canberra, Hobart and some options (00:44:05) phidelta: That has already been stated (00:44:07) andreasbuerki: and frozen means not to be released upon clear plan on the table (00:44:24) phidelta: @AB: Noone has ever asked anything more (00:44:26) andreasbuerki: phidelta.... are you doing the trip? (00:44:54) phidelta: No I am not, but I find this discussion aggravating (00:45:03) phidelta: I donÄt really care one way or the other. (00:45:31) phidelta: But I find the way you do "professional" budget discusssions annoying (00:45:49) nb: does someone want to draft a motion? (00:45:51) phidelta: Where I come from you discuss a a proposal in a very early stage (00:45:58) phidelta: You give the plannign go ahead (00:46:07) andreasbuerki: it is my last one with this board phil... (00:46:09) phidelta: (That's what is asked rioght now) (00:46:17) ***nb would support a tentative $1000 budget (00:46:23) phidelta: And then planning goes on (00:46:50) phidelta: After that a concrete proposal is put on the table and unless it differs significantly from the original idea it is approved (00:46:59) nb: phidelta, agreed (00:47:31) andreasbuerki: as said, frozen until detailed plaining and goals (00:47:46) andreasbuerki: we need to know, what we get in return (00:48:18) andreasbuerki: and now... a motion or what? (00:48:36) nb: yes someone needs to make a motion (00:48:50) iang: not me, and I will abstain (00:48:52) GolfRomeo: could we have fewer destinations ? 3 or 4 ? the critical goal is to recruit new AU board members. Maybe Ian can find enough candidates in the bigger cities (00:49:20) andreasbuerki: Romeo... this is up to ian.... ;-) (00:49:31) iang: GolfRomeo: yes, fewer destinations can be done .... it's just easier to cast a wide net and take the best (00:49:45) phidelta: The board: resolves to earmark AUD1000 to provide a budget for flights for an Australian Spring ATE tour. Whenever final plans have been made they need to be ratified before moneys are finally allocated. (00:49:49) iang: the thing is, although Oz is huge in space, the people are centrally located in only around 8 cities (00:49:55) phidelta: How about that? (00:50:05) iang: so if you cover them, you pretty much cover the country (00:50:14) nb: phidelta, secodn (00:50:24) phidelta: @IanG: Can you live with that motion? (00:50:41) ernie: iang, I think it's not possible to cover AUS with one trip :-) (00:50:45) iang: I suspect so ... (00:50:54) iang: ernie: i am proposing exactly that (00:51:16) iang: in terms of population centers that is (00:51:27) iang: not in terms of tourist destinations ;-) (00:51:52) phidelta: There is a motion and it has been seconded and I am very tired ;) (00:51:59) nb: AYE (00:52:01) iang: abstain (00:52:01) andreasbuerki: Abstain (00:52:09) ernie: abstain (00:52:09) GolfRomeo: abstain (00:52:54) nb: phidelta, your vote? (00:53:01) phidelta: Aye (00:53:12) nb: I declare the motion carried, 2 Ayes and 4 Abstentions (00:53:39) nb: iirc, abstentions do not count for a quorum right? (00:53:47) nb: do not count for a majority i mean (00:54:10) phidelta: I find the number of abstains to a simple earmark interesting. (00:54:13) phidelta: @NB: yes (00:54:43) nb: does anyone have any further business? (00:54:50) ernie: I will not say yes, before we know more about reincorporation (00:54:51) iang: clearly, there isn't the consensus of the board here (00:54:59) andreasbuerki: Maybe it expresses something to think about ;-) (00:55:01) iang: so I will have to think about this ... (00:55:08) nb: iang, then do we want to move to reconsider? (00:55:14) phidelta: I have always thought that abstentions under are rather cowardly unless there is a clear conflict of interrest. But then I guess I'm just macho about voting. (00:55:24) phidelta: @ernie: then say no (00:55:32) phidelta: @nb: no (00:55:53) ***nb is not really comfortable with having a motion pass with 2 ayes and 4 abstains (00:56:07) ernie: phidelta, why no - I'm not against the idea - I'm only thinking about, if we need money for something else (00:56:07) andreasbuerki: the rules are the rules nick (00:56:28) phidelta: @NB: I am quite comfortable with it. As I said: abstains are agreements for cowards ;) (00:56:31) nb: andreasbuerki, i know, another motion would have to be passed to overturn the first (00:56:32) nb: phidelta, true. (00:56:38) iang: ernie: if you think the reincorporation is important, put it on the agenda. Otherwise, leave it off (00:57:09) nb: I just thought i'd mention, I'm going to look at possibly having a couple ATEs in my area (00:57:14) nb: if i can get ahold of a few other assurers (00:57:21) ernie: iang, I could also think in advance, without to have it on the agenda (00:57:29) nb: It should not involve any flights (00:57:43) iang: ernie: what you can't do is assume costs in advance without some discussion to the board (00:57:46) nb: possibly money for gasoline and hotel room (00:57:47) phidelta: @NB: where exactly are you located ? (00:57:53) nb: phidelta, southwestern indiana (00:58:04) andreasbuerki: *chilling* (00:58:04) nb: evansville is a fairly big city, and is really near me (00:58:06) ernie: iang, tja, I think you will not really hear :-) (00:58:11) iang: and there has been zero, no talk in this board about reincorporation (00:58:19) nb: and iirc there is several assurers near bloomington and indianapolis (00:58:38) nb: it'd be nice to have ATE in Evansville, Bloomington and Indianapolis (00:58:47) ernie: iang, and it depends which kind of entity will be done - same or a limited by guarantee (00:58:59) iang: other wise I could do the same thing, and block all sorts of other things ... just because I know a private project that might one day be on the board's agenda (00:59:02) andreasbuerki: nb.... make a plan and a budget... (00:59:06) nb: andreasbuerki, i know (00:59:10) nb: i wasn't asking for a motion (00:59:18) nb: just mentioning that i'm looking into it (00:59:19) GolfRomeo: anyway we need to be extra careful on expenses, we are not rich enough (00:59:21) phidelta: So Cincinnati or St. Louis would be good target (00:59:34) andreasbuerki: and as said nb... i love the US.... the biggest average per donation spendings ;-) (00:59:36) nb: phidelta, yeah, i can look at those to (01:00:04) iang: chair: I think we are done, questions from members? (01:00:06) andreasbuerki: anyting more? (01:00:12) nb: Any questions from members? (01:00:20) andreasbuerki: Just to make it public and for the record, I will not be anymore longer avalaible for CAcert Inc. as memeber of the next board and hereby resign. (01:00:23) Uli: yup ... sec (01:00:34) nb: andreasbuerki, resign now or resign after the AGM? (01:00:44) andreasbuerki: after AGM (01:01:00) nb: andreasbuerki, ok, that doesn't technically need a resignation since our terms expire anyway (01:01:02) iang: which is to say, you won't be standing for re-election? OK (01:01:04) nb: but duly noted (01:01:31) andreasbuerki: exactly... the floor is for the ones who need it (01:02:32) andreasbuerki: Ulis question? (01:02:36) Uli: one note about support ... request to AU, US members to find personal for support .... (01:03:03) iang: good point ... time zones for following the requests coming in would be good (01:03:04) andreasbuerki: what about an announcement in the blog and on the mailing listst? (01:03:11) iang: can do (01:03:27) iang: i can look at doing that after I've got the new SEs in (01:03:28) Uli: finding people needs interviews before ... (01:03:35) Uli: for recruiters (01:04:27) Uli: means, if you know somebody you can ask for the job, you have to talk with him, if he is the right person ... (01:04:31) Uli: then nominate (01:05:02) andreasbuerki: of course, later yes.... but we are on the internet and have to get in touch first (01:05:12) iang: true ... it takes a fair amount of work to bring in the people ... it turns out that most of the Triage people were mates of Uli :-) (01:05:51) nb: anything else? (01:05:52) Uli: so talking with AU, US guys, instruct them to find people around they know about .... (01:05:57) Uli: best on ATEs ,-) (01:06:09) iang: another motivation for Nick :) (01:06:17) Uli: 'cause they are community members and assurers (01:06:27) Uli: and know a little bit of CAcert system ... (01:06:48) andreasbuerki: as assurers they are community members (01:06:57) Uli: yup (01:07:16) Uli: so on ATEs you'll find assurers, not proposed members (01:07:53) andreasbuerki: are you talking now about CAcert Inc. members? (01:08:01) Uli: and this is the proposed target group of people we have to contact for such jobs like SE, CM, A (01:08:18) Uli: about Community Members (01:08:44) andreasbuerki: so about all assurers (01:08:44) Uli: they'll probably become Inc members too ;) (01:09:00) andreasbuerki: If they whish so of course (01:09:03) ernie: did we have already the motion for the new members (inc) (01:09:06) nb: any further business for the board? (01:09:11) nb: ernie, yes it passed (01:09:20) ***nb suggests moving discussion to #cacert (01:09:21) andreasbuerki: I guess we are done (01:09:22) ***nb declares the meeting adjourned.
Original Place Meeting Transcript SVN CAcer.org Website - Comment: Replace in original .txt file YYYYMMDD by the real date of the meeting and after that cancel this comment.
Inputs & Thoughts
YYYYMMDD-YourName
Text / Your Statements, thoughts and e-mail snippets, Please
YYYYMMDD-YourName
Text / Your Statements, thoughts and e-mail snippets, Please
Category or Categories