NOTA BENE - WORK IN PROGRESS - Your Inputs & Thoughts
To Brain CAcert Inc. - CAcert.org Members Association - To Brain CAcert Inc. Committee Meeting Agendas & Minutes - last meeting - next meeting
Agenda - Committee Meeting 2010-01-17 - 21:00 UTC & 2010-01-DD - HH:MM UTC
1 Preliminaries
- 1.1 Chair opens the Committee Meeting
1.2 Accept the Minutes of the last Committee Meeting
- 1.3 Ratify the Motions made since the last Committee Meeting
2 Businesses - Important Note: Acceptance of Businesses 48 Hours before beginning of Committee Meeting latest!
2.1 Oophaga letter added by Iang
- response
- publish?
2.2 annual report - added by Iang
- text of report over the period 20080701 - 20090630
- (wip).
- Forward-looking Statement on behalf of Current Board for next AGM
presentation of one text by Iang: AGM20100130 Committee Forward-Looking Statement (Plan for New Committee)
hugi: Is a forward-looking statement such as Iang's text above our task?
hugi: Could new board / committee felt patronized by such statement from actual board / committee?
hugi: Shouldn't this be declared as personal statement from a single community member on behalf of the AGM?
- text of report over the period 20080701 - 20090630
2.3 finances - added by Iang
- payments possible?
2.4 new members - added by Iang
- secretary to report on new applications
- accept new members
- (notifications sent out to recent new members?)
2.5 CCA Roll-Out Problem Quo Vadis? - added by hugi
- Software perspective:
- What are the next steps in detail (List)?
- Does a project planning with tasks step-by-step (= what), responsibilities (= who) for each step and deadlines or foreseen date of termination (= when) for each step exist?
- What are the detailed needs (List. Please, no bedtime reading or prose), in order to support the realization
2.6 Support News - added by Iang
- OTRS
- team
2.7 reserved, compressed into 2.2-b
2.8 Plan for Root Situation. - added by Iang
Discussion of m20100114.1
discussion policy group motion by Daniel: CAcert stops issuing Class3 certificates.
discussion of plan by Roberto & Dieter.
discussion of md5 eol from Mozilla Foundation
p20100113 from policy group
- motions, etc
2.N Business Next Number - added by YourName - Comment: Replace "Business Five" by Title of Business and add your Name
Additional Inputs - Comment: Replace "Additional Inputs"by Description of Business, Description of Reason-Why/Purpose, Additional Comments, Additional Documents, Additional Links, if useful for other Committee Members to prepare for Committee Meeting.
- et cetera
3 Question Time - Important Note: Questions from CAcert.org Community Members can be added until beginning of Committee Meeting! As well questions can be asked at "Question Time", without added Question here
- 3.1 "Question One"
- No question asked 2010-01-17
- et cetera
- 3.1 "Question One"
4 Closing
4.1 Confirm next Committee Meeting: Usually every 1st & 3rd Sunday of the month, 21:00 UTC.
- 4.2 Chair closes the Committee Meeting
- 4.3 Preparation of Minutes
Minutes - Committee Meeting 2010-01-17 & 2010-01-DD - HH:MM UTC
1 Preliminaries
1.1 Chair opened the Committee Meeting - Markl took the chair.
1.2 Accept the Minutes of the last Committee Meeting
- Motion m20100114.1 was deferred until item 2.8 of agenda.
1.3 Moved, Accept the minutes of the previous meeting. AYE: iang, Andreas, phidelta. Abstains: Mark (not at meeting). Chair declared it carried as m20100117.1.
2 Businesses
2.1 Oophaga's letter
The letter from Oophaga was tabled.
- 3 points were raised by Iang:
- Can we write a response?
- As a related topic, can we ask them to look at the Dutch Domain Registry issue?
- Can we publish the letter?
- Iang: in telephone call, suggested that the annual report be the more useful document to meet their needs for information.
- markl: practically this is a matter for the new Board. Their request was for future information, and we are closing for the AGM.
- this is a matter for the next board.
- Philipp: the way the letter was written, it seems to be a letter of demand. Andreas, Mark agreed.
- what was wanted (information) was not what was written (demand).
- so some answer is called for.
- is there a need for a letter if they've been told about report?
- Yes, something on the record (agreed: andreas, iang, phidelta.)
Markl reads out text: Thank you for your letter dated 28 December, 2009. We have received it, and will be forwarding it to the new board being elected on 30 January for further action. For information concerning the previous 12 months, please be sure to read the Annual Report that will be published at the time of the AGM.
- phidelta, iang, andreas, ernie: Aye (no vote recorded).
- Mark sends.
Editor's note: points 2,3 were not looked at.
2.2 annual report.
21:32 Iang asked to deal with b. Forward Looking Statement, first.
- Iang Prepared notes read in:
b. Forward looking statement. It was somewhat clear (to me?) that this has to be done, and I created a text to do this, for presentation to the board. I hereby present it to board..
But, before we discuss that text, we have received a challenge from Andreas. Andreas asks three things:
i. hugi: Is a forward-looking statement such as Iang's text above our task?
ii. hugi: Could new board / committee felt patronized by such statement from actual board / committee?
iii. hugi: Shouldn't this be declared as personal statement from a single community member on behalf of the AGM?
Andreas says that the Forward Looking Statement is not the task of the board. I think this is a major objection, and it blocks future work, so I ask that we resolve this question before moving on to other questions.
I claim the task of this board is to do a forward looking statement. My reasons:
the board has to provide guidance to the incoming board.
The board has to report to Association membership /as if/ it is the new board, because the new board cannot.
The members of the association deserve to receive a forward looking statement in order to inform them as to how the board, as a board, has worked. A board that cannot provide that should be voted out, in my opinion.
Andreas's statement is the same thing as saying: "We must provide NO guidance, NO vision, NO leadership to the next board." I can't see the difference between that and "We must not operate as a board."
Therefore, I move "RESOLVED, that the committee of CACert, Inc. customarily provides a Forward-Looking Statement into the annual report."
Discussion? (end)
- Mark points out the objections are about the form, not the content. The wording could be changed.
- Iang says that changing the wording is indeed what we should do, but that is not what Andreas entered into the agenda.
- Andreas says that, for the record, he is not saying, he is asking.
- Ernie asks about time-frame.
Mark points at removing the phrase "Plan for New Committee". More opinion, less prescription.
- Andreas: Any kind of report (= backword oriented) is fine by me.
- Iang notes that there is challenge here. andreasbuerki and Ernie have both stated that we should not have a forward looking statement
- Andreas and Ernie deny this. It depends how you word it, don't say task / plan.
Iang remarks that the preamble in each section makes it clear. "This Statement is forward-looking, and will need to be endorsed and/or adjusted by the Committee of AGM/AGM20100130. "
Andreas comments on the Mission. I'm not sure.
ernie: problem is, the outlook is not well "thought through" - and time-lines are to short, in my opinion
Andreas: Then I would strongly suggest we change the text in Mission as a starter
Markl: I'm not sure that there is anything in the actual "meat" of the statement that is controversial.. this statement is just a formal expression of our opinion of how the future of CAcert should be... we're entitled to express that opinion as the board, and have it recorded in the annual report.
Andreas: disagrees on the section "Mission". Ernie comments on how to deal with question-marks there.
- Mark: we can ask those questions, express our opinion, regarding mission.
Mark suggests replacing controversial text with "We recommend the new committee develops a plan including the following matters."
- Andreas, Ernie: OK.
- Markl: we are agreed that we can and should make a forward looking statement, and with these changes, the statement is OK?
- Ernie, Andreas, Iang: OK.
21:49 a. text of report over the period 20080701 - 20090630
- Iang prepared notes:
Notes were created over last month, by scanning maillists etc.
This topic was brought up over the last few meetings, and nobody volunteered to work on the job.
In discussions last week PD agreed to give it a go, but immediately fell sick with flu and is only out of that today. So not much has been done. So we are almost at square one.
- Markl: does anyone have the time to take up the task?
iang: maybe, if PD does not recover. "but I do not want to do it, for obvious reasons."
markl: "ok, so perhaps we can just keep an eye on whatever page in the wiki is being edited for it, give whatever input on the mailing list, and then just approve the final text?"
ernie: "is there some text from "nick" as the president ..."
- iang: another issue, being that we probably need a board meeting to approve the final text.
"it is after all going out under our name, whether we are the subject of it or not"
markl: " yes, perhaps once the text is done, call a meeting with 48 hours notice?"
iang: "also, we need to leave room for preparation into a single cohesive document, plus time for members to read."
- ernie comments that she can help with text layout.
21:52 c. Team Reports. (out of sequence.)
markl: "team reports are on the agenda too, I think we should accept those as they are" iang, agreed.
- Chair calls to move on to next.
2.3 Finances
21:54
- Iang enters in:
Are payments possible? A month ago there was (informal?) news that the documents had finally arrived in Australia from Switzerland, and then no more news.
As far as I know, there are two creditors: Oophaga and myself.
Mark has a document for Ernie to sign. "the bank keeps finding road blocks to resolve... "
- once signed, we are good to go. Internet banking as well.
- both payments already authorised.
2.4 New Members
21:57 Secretary reports.
- Four new members, rolled into one motion:
"resolved that we accepts Michael Tänzer, Mathieu Simon, Tomáš Trnka and Dominik George as members of CAcert Inc."
All Aye, Chair declares the motion carried as m20100117.2.
2.5 CCA Roll-Out Problem Quo Vadis?
22:02
Andreas: "I have added this point in order to know, how we can help"
Mark: "this is a software problem right now, right?"
Iang: "around 80%, yes"
- Andreas agrees. How to help? Money?
mark: "they need technical will, by the sounds of it, andreas"
Iang: "no money needed as far as I can see."
mark: "it seems like a drum to beat in places where we might find people who can write the patches"
Andreas: "if we could say... this steps need that amount of hours / costs... there I see a chance to raise some bucks"
- (editor's note: holy war elided)
Mark: "except for the inference on that page of disabling old users who haven't agreed to the CCA"
- (editor's note: this point was not picked up)
- Iang enters a suggestion of a simple three step plan into the discussion:
- Software team.
- Software team.
- Software team.
- markl: PG proposed people for the Software Assessment team. A good step forward. Maybe patches will start to flow.
- iang: problem isn't "the patch" rather it is "the team".
- (phidelta commented that PG had requested board do the background check, but this later proved unfounded.)
iang: "demand exceeds supply, to large numbers" Andreas seeks clarification, Iang responds:
"the demand for patches is in the hundreds. the supply of patches is single figures"
- Andreas introduces the idea of a bug bounty
markl: "no, the system for end to end testing and installation of the patches needs to be in place"
iang: "andreas Baess has picked up this task"
markl: "we need working systems and processes, otherwise people will write one patch, see it goes nowhere, and not bother again"
- phidelta agrees.
markl: "ok, so maybe the first step is to lend Andreas Baess whatever assistance he requires to get that done"
u60 interjection of plausible merit: milestone for Andreas Baess comes up end-of-month.
andreas: "bug bounty sstem is a money collecting system"
markl: "I think this agenda item is the cart before the horse"
iang: "the developers are putting in days per patch. To make a patch bounty worthwhile you'd have to be paying 100++ euros"
andreas: "iang: right, something like that.... so the donators know, what they are donating for"
mark: "if anyone has any sources of donations that could help incentivise bug squashing, then by all means, go get it!" But there are probably better places to spend money.
iang: "we don't need to incentivise our patchers. they are already doing lots of work. what we need is to clear the roadblocks from in front of them"
- markl: agreed.
iang: "the biggest incentive is to show their patch, in production. there are rewards and there are rewards ..."
andreasbuerki: "I'll talk to the patchers myself... maybe they like the idea ;-)"
GolfRomeo: "Duane tried to do bug bounties but it didn't work"
- iang: people have invested in software. travel, food, etc. But not in developers as yet.
- costs were introduced:
- root creation, $20k
- Essen + Hamburg together cost Euros 1k, half on software, so 0.5k for 1 day.
- Innsbruck cost 1.5k. Food, transport, etc, 5 days.
phidelta "well we were asked to start background checks on new team members. So let's do that"
- team leader has to do the work here.
- Dirk Astrath, Markus Warg, Bernhard Froehlich and Alexander Prinsier were requested.
- PG proposed 2: Markus and Alexander.
- Dirk Astrath is now in SE's track as well.
- Some discussion on adding Ted, but no consensus.
- move on.
2.6. Support Team
22:24
- Iang enters prepared notes verbatim:
team is now in the process of switching to OTRS system. Latest status is that we are now processing most normal things through it.
Thanks to Mario and Nick for getting it going, and Daniel for switching the email over.
Implication here is that Support might see some disruption as the switchover happens.
Afterwards, we'll be looking to expand the use of the system to Arbitration. Later on, offered to other teams.
Team now stands at:
Systems Engineers: Werner, Marty, Michael, Wolfgang.
Triage: Joost, Faramir
New recruits: Alexander and Dirk (slightly delayed by OTRS switchover).
- no action, just FYI.
2.8 Plan for Root Situation
23:25
- Iang suggests prepared notes, enters verbatim:
Much discussion on the various and many groups.
But no clarity and no plan.
Proposed this board motion to clarify the need for a clear plan
I suggest we complete this motion here today, one way or another.
Policy group discussed a motion p20100113:
"CAcert stops issuing Class3 certificates."
Added to the general understanding by sparking some debate.
the wording was recognised as confusing.
But it did not achieve consensus, IMHO.
There is a document suggested by Roberto & Dieter
I think this is best seen as a set of requirements for the two Universities, in which case it serves our needs well.
(It is not quite a plan because it lacks the elements we would need: No team, impact, no indication as to how, and no reference to policy. Probably more.)
It essentially proposes to re-issue the Class 3 roots. This is controversial because:
we are already decided to stop using the existing structure
any new root would be chained off the existing Class 1, so this is not solving more than a small part of the issues.
Indeed, the proposal suggests closing off the Class 1, after signing a new Class 3... Any statement made over Class 1 will apply over Class 3.
security policy and CPS has rules about the creation of roots, which means that any root issued probably has to be done properly. (Or, see Peter's comments. Link on agenda.)
so the work may end up being the same as doing the full job.
Having said all this, *all options* are uncomfortable. There is no point in attacking one option, they all have issues. It is a comparison to search out the least bad approach as much as it is to find the best.
An intermediate path is suggested: simply stop issuing Class 3s. Pending some form of impact statement, this might be the easiest thing to do right now.
A smaller, perception move is to adjust warnings on the website so that people can make better informed choices. I think this can be done, and should be done. I think we would be wasting the board's time to start voting on such detailed issues.
New information from Mozilla, they will deprecate MD5 by end of 2010.
Specifically any roots with MD5 will be dropped.
(It is difficult to be precise about what this means.)
I suggest we do the same. That is,
Resolved, that the existing Class 1 and Class 3 are eol-end 2010, or sooner if possible.
Discussion.
- markl: we need a plan, and we need to reissue the roots correctly.
iang agrees, refers to motion
andreas: "bug 665 is the issue.... and it concerns CAcert as a whole"
markl: "whilst we should take the two universities' opinions and needs into account, I don't see why they should be raised to any higher level, especially if we're considering replacing the roots all together, because it would address their needs anyway"
- andreas: people are threatened by our slow time of reaction
markl: "bug 665 is a PR bug, not a technical one"
andreas: "PR or not... don't underestimate bad PR... ;-)"
markl: "almost every CA still has MD5 signed intermediates out there... so to talk of our slow reaction time... slow in relation to what?"
andreas: slowness "in relation to other CA's... "
iang: "Mozilla lists 7 with MD5 in the roots"
markl: but, "mozilla doesn't include intermediaries." Iang agrees, the relationship is tricky.
- markl: MD5s in roots is not the issue, self-sigs aren't important.
iang: "their (Mozilla's) response to dropping MD5 in the roots can be seen as PR response, as well ;-)"
Andreas: "question: do we really think we can solve the problem today? is this the place to solve it?" In this meeting.
markl: "the only reasonable way to solve this "problem" is to forget about it, and deal with the bigger problem of reissuing our root. reissuing our root addresses this PR fluff by coincidence"
andreasbuerki: "why not asking the policy group to come up with a more elaborated proposal?"
iang: "policy group already wrote their policies. If there is a flaw, we can talk about that, but nobody's mentioned on."
- iang: People are running around making pronouncements. We need to bring those to a point.
- Ernie asks Mark for a timeframe.
Mark: "as quick as everyone works together to make it happen, you can make it quicker by helping write the procedures, helping secure funding for it, etc etc. the board here, right now, cannot do much of anything to make it quicker other than ask nicely"
- Andreas agrees.
Andreas: "to my knowledge a more detailed and described procedure is under way... why not to wait for that?"
- iang asks if this is information to be entered into the minutes. Later there is a confirmation.
andreas: "I wouldn't do a motion right now.... it would blocking future attempts ... give the community room... whatever, until a acceptable solution in accordance with the policies is on the table "
iang: "the other possibility is that we could simpley declare end-of-life for the existing roots, say, end of this month. Or end of this year ... to give the community room"
Guillaume: "wise move, let's define the end of life of the current roots"
- iang: asks whether we can enter andreas's news that there is a team and plan into the minutes.
- Andreas confirms.
iang: "and that would also clear the way for voting on m20100114.1."
Andreas: "is this thing good enough?... I mean, until now, nobody really cared about 665.... so no hurry"
markl: "I think we should literally forget about bug 665.. it is, honestly, crap... we have a way to fix it, which fixes a real problem as well, by reissuing roots."
- Andreas: I was advised to go to policy group. Iang asks for a reminder on the context. mark: context was bug 665.
iang: "ok, so maybe we were thinking at the time whether it was even possible to issue new roots from the existing Class 1. Yes, this is a policy question."
andreas: "andreasbuerki: but again, if we don't need to reissue NewRoots for that... why should we?"
- Iang summarises motions on the table, which remained unseconded.
Resolved, that the existing Class 1 and Class 3 are eol-end 2010, or sooner if possible.
Resolved, that the only roots issued should be a non-signing root, and multiple sub-roots.
markl: "we all accept the need to issue a new root, right?"
Andreas: "let's see which one's exactly?"
markl: "andreas: we need to issue a completely new root for audit" iang, andreas agrees.
andreas: "so I don't see the need for hurry"
markl: "so, that being the case, we shouldn't waste time putting lipstick on the pig that is the current root. if there are resources available to issue new roots off it, those same resources can be put in to play to issue new roots and we solve the PR problem, along with a much larger problem"
andreas: "We have even put on too much lipstick during the last root ceremony, a lot of costs and nothing to use"
- Iang raises objection, Guillaume also.
iang: "firstly, the costs were very efficiently used, secondly we got a lot of experience, and thirdly, Guillaume put no lipstick on and didn't submit a bill for any, either ;-)"
andreas: " OK, the last time it was an excercise.... ;-)"
iang: "indeed, without that exercise, we wouldn't know as much as we know now, and we may have actually made a big mistake .... in this current debate"
ernie: "iang, you are sure next time it will work ?"
iang: "ernie: nope, and neither is anyone ya gotta break some eggs to make an omelette"
markl: "anyone who tells you they are sure are lying to you :)"
ernie: "iang, how much risk 50/50 - and where is the risk it will not work?"
- mark proposes motion:
RESOLVED, that the existing root may not be used to sign any new sub-roots, and that the board receive reports from affected teams with a view to the issuing of a new offline root with multiple sub-roots.
- iang seconds. AYEs from: markl, Guillaume, iang, ernie, Andreas. Iang announces he holds the proxy for Philipp, and declares AYE for Philipp.
Chair declares the motion carried as m20100117.3.
andreasbuerki: "a note for the record: we need to think, as a community, how we can speed up reaction time in comparison to commercial CA's for needed correction."
- Iang suggests a three point action plan:
- Software team.
- Software team.
- Software team.
- andreas: on the wiki...
- Iang suggests a three point action plan:
Questions & Closing
22:54 Questions from Members solicited.
- iang: on behalf of Assurance team.
last meeting there was a motion m20100103.7 to earmark funds.
- motion was technically carried but with too many abstentions.
- therefore request for funds is withdrawn.
- practical import is that Iang will not be doing the ATEs in Australia as proposed.
markl: "so noted."
- iang: is a meeting proposed in order to approve the completed text of the AGM report?
- markl: propose when the text is completed, give it 48 hours.
Decisions Reached by Motion including Update since last Committee Meeting - Overview
m20100117.1 - Accept previous meeting\'s minutes.
m20100117.2 - Accept new members
m20100117.3 - No new subroots on current root, plan for new root
Meeting Transcript 2010-01-17
(22:05:42) markl: ernie,andreas,guillaume: anyone there? (22:05:51) andreasbuerki: here (22:05:57) ernie: yes (22:06:09) markl: ok, looks like Nick's not around, so unless there's an objection, I'll take the chair (22:06:09) andreasbuerki: yes, little hugi is here (22:06:26) iang: no objection (22:06:59) markl: I open the meeting, and move that we accept the minutes of the previous meeting at http://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20100103 (22:07:15) iang: seconded and AYE. (22:07:19) andreasbuerki: Aye (22:07:24) ernie: aye (22:07:25) markl: abstain, as I wasn't there (22:07:27) phidelta: aye (22:08:11) iang: GolfRomeo: ? (22:08:50) phidelta: BTW can someone take notes. I am in bed right now with a major cold. So if you don't get an answer I probably fell asleep. In which case Ian has my proxy. (22:09:05) markl: I declare it carried. (22:09:23) markl: there's one motion pending, https://community.cacert.org/board/motions.php?motion=m20100114.1 (22:09:39) andreasbuerki: as usual my transcript is runnin PD (22:09:49) phidelta: Thanks Andreas 22:10 (22:10:00) markl: it has only two votes on it right now, and the same topic is to be dealt with on the agenda.. do we want to skip doing anything with that motion until then? (22:10:02) iang: i beleive this is in the Agenda as point 2.8 (22:10:12) iang: i would say, skip this until 2.8 (22:10:21) markl: if there's no objections, it's skipped til 2.8 (22:10:27) andreasbuerki: agree (22:10:31) markl: next business... 2.1 Oophaga letter added by Iang (22:10:33) ernie: agree (22:11:27) markl: anyone have anything for that one... Ian? (22:11:28) iang: my prepared notes: (22:11:33) iang: Oophaga asks for a response from their letter. (22:11:33) iang: https://lists.cacert.org/wws/arc/cacert-board-private/2010-01/msg00003.html (22:11:34) iang: In my telephone call, I suggested they wait for the Annual Report, 30th. The annual report will likely include substantial better information than would be presented to anyone person alone, separately. (22:11:34) iang: https://lists.cacert.org/wws/arc/cacert-board-private/2010-01/msg00005.html (22:11:34) iang: Bert-Jaap agreed, and asked for a response outlining that, e.g., a letter indicating that the report is forthcoming. (22:11:34) iang: "8. For the letter, he suggested we send a response saying "this is what we can do", referring to the report, and adding that we can include in the report a forward looking statement, which could be delivered in some timeframe (which he described as being say February)." (22:11:35) iang: 1. Can we write a letter outlining this? Can someone else do this other than me, please? (22:11:36) iang: 2. Also, as a related topic, we recently received notification that the Dutch domain registry was seeking to charge CAs for access. Is it an idea to consult with Oophaga on this issue? Include it in the letter? (22:11:36) iang: 3. do we publish the letter? Bert-Jaap left it up to us. (22:12:22) iang: (end) (22:12:37) markl: I think practically this is mostly a matter for the new board. Oophaga is looking for things in the future, and right now, we're not much in the business of providing things in the future, given the AGM being so close. (22:13:03) ernie: I see it same way (22:13:27) phidelta: Agreed. However the way the letter was written, seems to me it was meant as: A letter of demand (22:13:32) markl: the letter didn't seem to ask for a review of the past, or for any immediate actions, but more what they want to see going forward (22:13:38) phidelta: And it contained threats (22:13:48) phidelta: I personally don't like the tone here (22:13:50) andreasbuerki: markl: agree (22:13:52) markl: yes, no mistaking they're putting down some demands for the future of their support (22:14:06) markl: but it's for support in the future, they're not making an immediate threat to withdraw support (22:14:22) markl: which is why I think it's more appropriately left to the next board, who *can* do something about the future (22:14:47) phidelta: So I think we do need some answer that basically outlines that they can go twiddle their thumbs for all we care. And that we might let them have a look at our annual report if they are nice 22:15 (22:15:21) markl: I'm not sure being so caustic is useful to our cause. (22:15:32) phidelta: And I personally think this is the right time to do this as we are the "old board" ;) (22:15:45) iang: I'm ok with the first 10 words of phidelta's comment ... (22:16:17) phidelta: @mark: Of course the measure of causticity needs to be fine tuned (22:16:29) markl: after re-reading the letter a few times, I think they just want to be sure that the project is moving forward, it doesn't seem like an entirely unreasonable request on it's face (22:16:30) andreasbuerki: their tone, should not provoke unthoughtful comments from our side (22:16:31) phidelta: @mark: and of course we shouldn't overdo it (22:16:35) iang: all I would suggest is a simple response outlining that the annual report is coming, this should address many of their questions, and a new board will probably look at the thing further (22:17:04) andreasbuerki: makes sense to me markl (22:18:05) markl: the letter asks for a response by 15 Feb (22:18:18) markl: or a reason why it cannot be provided in that time (22:18:27) ernie: markl, right (22:18:40) phidelta: @mark: right, prima facie it does not look unreasonable. But then there are several deadlines in there including a completed audit by summer. And that makes it go a bit beyond "not unreasonable" (22:18:41) iang: i talked to them a couple of days afterwards .. I mentioned tonight's board meeting, so I don't think they are necessarily hanging out for the 15th (22:18:44) ernie: means we could wait till annual-report (22:18:48) andreasbuerki: markl: May be you do your suggested letter... would be a curtesy (22:19:22) markl: I think it best to informally let them know that we've deferred future action to the next board and the AGM contains our report of activity for this past financial year? (22:19:46) andreasbuerki: something like that would be fine by me, markl (22:19:50) iang: informally == what? An email, a phone call? (22:19:54) phidelta: @mark: that has been done by Ian via Phone 22:20 (22:20:10) andreasbuerki: I would do a signed e-mail (22:20:21) markl: phidelta: if that's the case, then I think that is sufficient (22:20:36) phidelta: Point is: I don't think we should stand for this type of communications. You just don't send a formal letter like that. It's more than just impolite. (22:20:59) phidelta: And if we just accept it in stride we do set a precedent (22:21:11) phidelta: <End Of Bitching> (22:21:13) iang: i can see it from their point of view ... considering the events of the past ... not that I agree with it, but anyway (22:21:26) markl: phidelta: but of course they are free to withdraw their support with the appropriate notice in the contract we have with them... we have an agreement with them that outlines how they can withdraw support (22:21:27) andreasbuerki: phidelta: Maybe they would be in line with Dutch regulations, as a reason for this formal letter (22:21:35) iang: to that end, we've been exploring who we can invite to join the board from the Dutch Community (22:22:08) markl: I agree it would have been preferable if they'd approached us in a less formal way firstly (22:22:19) phidelta hat den Raum verlassen. (22:22:21) markl: but perhaps it's just their way of doing things (22:22:25) iang: right. but they didn't. whatever. Get over it :) (22:22:28) phidelta [phidelta@dsl-stat-43-2.mmc.at] hat den Raum betreten. (22:22:30) markl: exactly (22:23:01) iang: the letter does look decidedly Dutch :-) meanwhile, I do agree with phidelta that because of its formal nature, a response of some form, on the record, could be a good idea (22:23:03) markl: so, if they've been told that the annual report will answer some of their questions, and the rest is for the new board, what more do we need to do? (22:23:07) andreasbuerki: As said, I would give a first answer by signed e-mail... so they have something for their records (22:23:21) iang: nothing except put it on the record, AFAICS (22:23:32) markl: I think we should just formally acknowledge receipt, and refer it to the next board (22:23:52) andreasbuerki: that in any case (22:24:01) phidelta: Look I think there are 2 things here: (22:24:01) phidelta: 1. What they actually wanted (Information) (22:24:01) phidelta: 2. What they actually wrote ("We withdraw support if...") (22:24:36) iang: 1.b (communications + relationship) (22:24:49) markl: Thank you for your letter dated 28 December, 2009. We have received it, and will be forwarding it to the new board being elected on 30 January for further action. For information concerning the previous 12 months, please be sure to read the Annual Report that will be published at the time of the AGM. (22:24:55) markl: something like that? 22:25 (22:25:10) andreasbuerki: yep... at least i would do so (22:25:11) phidelta: If you actually just want info, then you just ask. But writing a letter like that is like killing the governors wife to encourage him to write you a pardon: VERY BAD FORM (22:25:39) andreasbuerki: phidelta... realx, we all know it now ;-) (22:25:48) iang: that is fine. (22:26:12) iang: it is bad form, but it is their bad form :) (22:26:18) phidelta: @markl: Good text for now. (22:26:23) andreasbuerki: iang: indeed... (22:26:37) markl: is everyone happy with that text? we could send it right now, and move on to the next item on the agenda (22:26:40) phidelta: @iang: and it's us who should say: we won't stand for that (22:26:42) phidelta: ;) (22:26:46) ernie: for me ok (22:26:54) andreasbuerki: fine by me, markl (22:27:18) iang: phidelta: this transcript will say something ;-) and the minutes no doubt. No need to declare war... (22:27:33) iang: ok by me. this is procedural, we don't need a motion? (22:27:41) markl: procedural I think will work fine (22:27:44) andreasbuerki: war makes only collater damage, what is not nessecary (22:27:52) markl: it's not a formal response as much as an acknowledgement of receipt (22:28:43) andreasbuerki: motion, why, if this transcript is good enough for the record? (22:28:53) iang: nod. (22:29:12) markl: I'm ready to hit send unless someone has an objection. (22:29:26) iang: i object if it hasn't been sent already :-) (22:29:40) phidelta: @markl: Sydney, it's a go. (22:29:42) andreasbuerki: Guiliaume.... do you agree? (22:29:48) markl: Guillaume is MIA 22:30 (22:30:00) andreasbuerki: MIA? (22:30:05) markl: MIA = missing in action (22:30:07) phidelta: Missing In Action (22:30:10) iang: missing-in-action, war talk (22:30:11) andreasbuerki: lol.... (22:30:35) markl: ok, mail is sent... next item 2.2 annual report - added by Iang (22:30:37) phidelta: Really means: He's dead but we don't have a body (22:31:03) iang: on 2.2., I would ask to deal with b. Forward Looking Statement, first. (22:31:08) andreasbuerki: huch.... a bunch of warriors here (22:31:13) ernie: phidelta, I thought you are sick :-) (22:31:24) iang: is that ok? (22:31:25) ernie: phidelta, you still in full action :-) (22:31:43) markl: fine with me (22:31:55) iang: my prepared notes: (22:31:56) andreasbuerki: why not to start with point 2.a? (22:32:01) iang: b. Forward looking statement. It was somewhat clear (to me?) that this has to be done, and I created a text to do this, for presentation to the board. I hereby present it to board: (22:32:01) iang: https://wiki.cacert.org/AGM/AGM20100130/ForwardLooking (22:32:01) iang: But, before we discuss that text, we have received a challenge from Andreas. Andreas asks three things: (22:32:02) iang: i. hugi: Is a forward-looking statement such as Iang's text above our task? (22:32:02) iang: ii. hugi: Could new board / committee felt patronized by such statement from actual board / committee? (22:32:02) iang: iii. hugi: Shouldn't this be declared as personal statement from a single community member on behalf of the AGM? (22:32:03) iang: Andreas says that the Forward Looking Statement is not the task of the board. I think this is a major objection, and it blocks future work, so I ask that we resolve this question before moving on to other questions. (22:32:04) iang: I claim the task of this board is to do a forward looking statement. My reasons: (22:32:04) iang: 1. the board has to provide guidance to the incoming board. (22:32:06) iang: 2. The board has to report to Association membership /as if/ it is the new board, because the new board cannot. (22:32:06) iang: 3. The members of the association deserve to receive a forward looking statement in order to inform them as to how the board, as a board, has worked. A board that cannot provide that should be voted out, in my opinion. (22:32:08) iang: 4. Andreas's statement is the same thing as saying: "We must provide NO guidance, NO vision, NO leadership to the next board." I can't see the difference between that and "We must not operate as a board." (22:32:08) iang: Therefore, I move "RESOLVED, that the committee of CACert, Inc. customarily provides a Forward-Looking Statement into the annual report." (22:32:11) iang: Discussion? (end) (22:32:12) phidelta: @ernie: No this is what it's like when I'm sick. (22:32:16) markl: could I propose something before we get too far in to the debate about future statements? (22:32:22) ernie: phidelta, lol (22:32:46) andreasbuerki: For the record: Andreas ( Hugi) is not sayin, he is asking (22:32:53) markl: it seems most of the objections are not about the content, but about the form... if some wording got changed a little, to be less prescriptive, maybe that would address some peoples' concerns? (22:33:24) markl: for instance, removing phrases like "Plan for New Committee" (22:33:26) iang: markl: clearly, that is how we should deal with this. But that is not what Andreas entered into the agenda (22:33:49) ernie: and some time-frame (22:34:05) markl: in particular, this section -- "AGM20100130 Committee Forward-Looking Statement (Plan for New Committee)" (22:34:16) markl: could do with being reworded as opinion, rather than a prescription (22:34:18) andreasbuerki: Any kind of report (= backword oriented) is fine by me (22:34:52) iang: markl: I note that there is challenge here. andreasbuerki and Ernie have both stated that we should not have a forward looking statement (22:34:54) andreasbuerki: forward looking is fine as long it is clearly marked as a suggetion 22:35 (22:35:12) ernie: iang - not correct - (22:35:19) iang: well, if you are withdrawing that ... then I have no objection (22:35:19) andreasbuerki: depends how you word this forward looking statement (22:35:27) ernie: I was saying - don't say them task / plan for the comm..... (22:35:35) phidelta: So preparing a financial report is fine, but any type of budgeting is not? (22:35:54) phidelta: Or do you require a "If approved by later board" next to each budgeted item? (22:35:55) markl: simply by changing the introductory statement in that section to be something like "This forward looking statement is this board's opinion. It represents priorities we feel are important to the new board." (22:35:59) iang: well, that was never said .... the preamble in each section made it apparent (22:36:01) ernie: phidelta, only with the "know" fix-costs we have and know (22:36:12) andreasbuerki: budgeting is based on past figures... forward looking statement is based on what? (22:36:24) phidelta: On past decisions and events (22:36:31) iang: It says this: "This Statement is forward-looking, and will need to be endorsed and/or adjusted by the Committee of AGM/AGM20100130. " (22:36:33) markl: before we argue about this around in circles, would changing that text address Ernie's and Andreas' objections? (22:36:59) pemmerik [pieter@cc518889-b.hnglo1.ov.home.nl] hat den Raum betreten. (22:37:00) phidelta: Like: Yesterday there was an audit breakof so the next board will have to deal with the requests for a new audit (22:37:05) andreasbuerki: phidelta: are you sure... I'm not, when I read Mission (22:37:08) markl: iang: yes, but I think phrases like "We plan to do the following in the next 6 months" are what are causing controversy (22:37:37) iang: markl: of course, the text can be changed ... that's not at issue. (22:37:55) ernie: phidelta, problem is, the outlook is not well "thought through" - and time-lines are to short, in my opinion (22:37:56) markl: ernie, andreas: would changing that wording address the concern? (22:38:09) andreasbuerki: Then I would strongly suggest we change the text in Mission as a starter (22:38:10) iang: if the text needed review, then that could have been pointed out. Instead, what was pointed out was that the task is not one this board can take (22:38:34) ernie: markl, most of them - and the time-frame audit-ready mid 2010 (22:38:43) andreasbuerki: markl: As a starter as well fine by me (22:39:25) markl: I'm not sure that there is anything in the actual "meat" of the statement that is controversial.. this statement is just a formal expression of our opinion of how the future of CAcert should be... we're entitled to express that opinion as the board, and have it recorded in the annual report (22:39:28) andreasbuerki: iang: Sorry, not very understandable presented for me 22:40 (22:40:03) andreasbuerki: markl: But I will disagree on the Section Mission (22:40:06) ernie: and how we handle the questions-marks in the section"mission"? (22:40:29) markl: but I see the problem that the current wording around the content might seem a little prescriptive to the new board, so if we kept the content, and adjusted the wording in "AGM20100130 Committee Forward-Looking Statement (Plan for New Committee)" to be clear that we're merely expressing an opinion, then can we get some consensus? (22:40:36) markl: we can ask those questions (22:40:40) markl: they're just our opinion (22:40:48) markl: regarding mission (22:40:54) ernie: markl, yes (22:41:05) andreasbuerki: so we can say, it is our recommandation... not more or less (22:41:08) iang: well, it is easy enough to drop the part "(Plan for New Committee)" (22:41:45) iang: if that is of offense. Personally, if in a new committee, would like the old committee to be extremely clear. I would want the old committee to highlight it very plainly (22:41:51) markl: and remove "This Statement covers the period from the AGM/AGM20100130 to 30th June 2010, at which date that year's annual report will close, and be presented to the following AGM end of 2010. This Statement is forward-looking, and will need to be endorsed and/or adjusted by the Committee of AGM/AGM20100130. " and "We plan to do the following in the next 6 months: " (22:42:12) markl: and replace it with something like "We recommend the new committee develops a plan including the following matters." (22:42:27) markl: wouldn't that say basically the same thing, and make everyone happy? (22:42:36) andreasbuerki: markl: Sound very more polite and reasonable to me (22:42:52) markl: then, the entire document reads like the current board's opinion.. which is precisely what it is (22:42:53) ernie: markl, same thing, but much more polite (22:43:05) ernie: agree (22:43:14) andreasbuerki: And July 2010 I would leave ot (22:43:36) markl: so, are we all happy with the entirety of the statement if we make that change? (22:43:46) ernie: for me ok (22:43:52) andreasbuerki: if so, fine by me (22:44:40) andreasbuerki: a french saying: C'est le ton qui fait la musique (22:44:54) andreasbuerki: the tone makes the musique 22:45 (22:45:50) markl: so I think we all agree that we can and should make a forward looking statement like this now, right? (22:46:00) markl: and that, with those changes, the statement is ok? (22:46:04) ernie: yes (22:46:23) andreasbuerki: right, like this we discussed with the character of a recommandation (22:47:12) iang: i'm fine with it however. The work was simply a product for the board, it wasn't meant to be a controversy (22:47:28) ernie: iang, :-) (22:47:38) andreasbuerki: thank you for your work iang (22:47:46) iang: don't patronise me, andreasbuerki (22:48:04) andreasbuerki: huch... I just said thank you (22:48:31) iang: shall we move on? (22:48:37) markl: yes, lets.. (22:48:56) markl: has someone taken on the task of the actual annual report preparation? (22:49:03) GolfRomeo: Hello (22:49:10) andreasbuerki: hi MIA (22:49:19) markl: the WIP stuff seems generally non controversial, but I guess we need to approve a final report? (22:49:23) ernie: markl, I told philipp I will do, when I get text (22:49:36) iang: a. Main text. Notes were created over last month, by scanning maillists etc: (22:49:37) iang: https://wiki.cacert.org/AGM/AGM20100130/BoardActionNotes (22:49:37) iang: This topic was brought up over the last few meetings, and nobody volunteered to work on the job. (22:49:37) iang: In discussions last week PD agreed to give it a go, but immediately fell sick with flu and is only out of that today. So not much has been done. So we are almost at square one. 22:50 (22:50:31) markl: OK, does anyone have the time to take up the task? I don't at the moment, I'm tied up for the next few weeks. (22:51:03) ernie: iang, could you make the text? (22:51:04) iang: well, i might be able to do it one day this week, if Philipp doesn't get better. x8;x8; (22:51:43) iang: but I do not want to do it, for obvious reasons (22:51:47) markl: ok, so perhaps we can just keep an eye on whatever page in the wiki is being edited for it, give whatever input on the mailing list, and then just approve the final text? (22:52:09) iang: which brings up another issue: we probably need a board meeting to approve the final text (22:52:34) ernie: is there some text from "nick" as the president ... (22:52:37) iang: it is after all going out under our name, whether we are the subject of it or not (22:52:42) markl: team reports are on the agenda too, I think we should accept those as they are (22:52:54) markl: iang: yes, perhaps once the text is done, call a meeting with 48 hours notice? (22:53:05) iang: markl: my thoughts exactly, we accept the team reports as are. (22:53:32) markl: ok, do we have consensus on that and can we move forward? (22:53:37) iang: also, we need to leave room for preparation into a single cohesive document, plus time for members to read. (22:54:38) ernie: iang, I will make this single doc, as I said before - but need the text .... (22:54:45) markl: ok, next then... 2.3 finances - added by Iang (22:54:59) iang: a. Are payments possible? A month ago there was (informal?) news that the documents had finally arrived in Australia from Switzerland, and then no more news. 22:55 (22:55:00) iang: a. As far as I know, there are two creditors: Oophaga and myself. (22:55:12) iang: (end) (22:55:19) markl: have a document for Ernie to sign.. the bank keeps finding road blocks to resolve... once this document is signed, we're good to go, Ernie will have internet banking (22:55:29) markl: expect to have payments flowing by the end of the week (22:56:14) markl: both payments are already authorised by motions of the previous board (22:56:21) iang: ok (22:56:30) markl: so as soon as we have access, we should be able to make payment (22:56:54) markl: ok, next item... 2.4 new members - added by Iang (22:57:05) iang: the situation with the payments is obviously tortuous. We should promote the rule change (22:57:27) phidelta: there are 3 open (22:57:54) phidelta: Michael Tänzer, Mathieu Simon, Tomáš Trnka (22:58:00) markl: can we roll 'em up into a single motion? (22:58:06) markl: any of them controversial to anyone? (22:58:20) iang: fine by me, none are controversial to me (22:58:22) andreasbuerki: nope, all fine by me (22:58:49) ernie: what is dominik george (22:58:55) markl: seems there's another.. Dominik George? (22:58:55) ernie: *with* (22:59:09) ernie: markl, right (22:59:24) ernie: I have seen application - because I noted in my list (22:59:28) andreasbuerki: everybody is welcome... we need memebrship fees... ;-) (22:59:44) phidelta: Yes i overlooked DG (22:59:52) phidelta: his stuff is here (22:59:57) ernie: ok 23:00 (23:00:01) iang: so he's good for the same motion? (23:00:02) andreasbuerki: they make more than 10% of our income (23:00:14) ernie: for me yes (23:00:31) phidelta: So it is resolved that we accepts Michael Tänzer, Mathieu Simon, Tomáš Trnka and Dominik George as members of CAcert Inc. (23:00:35) andreasbuerki: DG is fine by me (23:00:49) phidelta: seconds? (23:00:49) andreasbuerki: second and aye (23:00:51) iang: aye (23:00:57) phidelta: aye (23:01:00) markl: aye (23:01:04) ernie: aye (23:01:15) andreasbuerki: MIA Guillaume? (23:02:06) markl: I declare the motion carried. (23:02:12) markl: next... 2.5 CCA Roll-Out Problem Quo Vadis? - added by hugi (23:02:23) andreasbuerki: yep... (23:02:44) andreasbuerki: I have added this point in order to know, how we can help (23:03:06) GolfRomeo: (aye) (23:03:09) andreasbuerki: what are the next steps.... a detaled list would be helful (23:03:11) markl: this is a software problem right now, right? (23:03:20) ***GolfRomeo is reading previous log (23:03:24) iang: markl: around 80%, yes (23:03:27) markl: all the policies support the changes? (23:03:30) andreasbuerki: yes, in my humble understanding (23:03:30) iang: yes (23:03:49) markl: except for the inference on that page of disabling old users who haven't agreed to the CCA (23:04:00) andreasbuerki: how can we help? does cerain steps need money? (23:04:14) markl: they need technical will, by the sounds of it, andreas (23:04:18) iang: no money needed as far as I can see. But donations are always welcome (23:04:43) andreasbuerki: Donations need always to be in realtion to a well defined task, iang 23:05 (23:05:00) markl: holy wars after the meeting please :) (23:05:11) andreasbuerki: so, the sposor know, what he is danating for (23:05:23) andreasbuerki: lol...don't worry (23:05:23) phidelta: can we have an unholy war though? (23:05:24) iang: you'd better tell all the people sending in donations, then :) (23:05:27) markl: I'm not sure what we can do here about the CCA issue, it seems like a drum to beat in places where we might find people who can write the patches (23:05:38) markl: phidelta: aren't they all? :) (23:05:51) iang: markl: perhaps I can cut short this with a simple three step plan: (23:06:01) iang: 1. Software team. (23:06:02) iang: 2. Software team. (23:06:02) iang: 3. Software team. (23:06:02) phidelta: @markl: Yes they most certainly are (23:06:05) andreasbuerki: now it becomes philosophically...g* (23:06:06) markl: iang: lol (23:06:27) markl: I'm looking thru http://wiki.cacert.org/Brain/Study/COrbitCA and I think Ian is right, everything screams software (23:06:27) andreasbuerki: difficult to sell.... (23:06:48) iang: I actually did bang the drum at the old board about this for 2 years on the CCA issue ... and the old board wasn't able to resolve it (23:06:52) markl: I notice that PG proposed people for the software assessment team, which is an important step on the way (23:07:05) andreasbuerki: if we could say... this steps need that amount of hours / costs... their I see a chance to rise some bucks (23:07:06) markl: hopefully that will soon mean that patches start to flow into the production system (23:07:19) iang: now we are here, it is clear that the problem isn't a patch, it's the team ... is not capable of providing patches in an efficient manner (23:07:21) phidelta: yes and he requested to go with background (23:07:31) phidelta: so let us do that (23:07:35) iang: demand exceeds supply, to large numbers (23:07:55) markl: Dirk tells me testing is an issue, that test1 is having issues, too (23:08:00) andreasbuerki: what do you mean by that, iang? (23:08:36) iang: the demand for patches is in the hundreds. the supply of patches is single figures (23:09:10) andreasbuerki: ok... right... so some kind of bug bounty system might be a starter...? (23:09:39) markl: no, the system for end to end testing and installation of the patches needs to be in place (23:09:53) iang: markl: andreas Baess has picked up this task (23:09:58) markl: we need working systems and processes, otherwise people will write one patch, see it goes nowhere, and not bother again 23:10 (23:10:17) phidelta: @markl: exactly (23:10:19) markl: ok, so maybe the first step is to lend Andreas Baess whatever assistance he requires to get that done (23:10:34) andreasbuerki: bug bounty sstem is a money collecting system (23:10:38) markl: I think this agenda item is the cart before the horse (23:10:42) iang: andreasbuerki: the developers are putting in days per patch. To make a patch bounty worthwhile you'd ahve to be paying 100++ euros (23:10:45) u601: one comment: andreas baess has one milestone end of this month! (23:10:51) phidelta: Well and we could fix te asessment team right now ;) (23:11:22) andreasbuerki: iang: right, something like that.... so the donators know, what they are donating for (23:11:27) markl: because until we have the infrastructure to make changes to the system, the actual changes are rather immaterial (23:11:34) iang: he is currently working well with the various people. The thing we need to work on now is to build up the assessment team so it is ready to work with a new infrastructure (23:11:50) andreasbuerki: at least we can try.... we will not loose anything in doing so (23:12:28) iang: yes we will. we will lose time and opportunity (23:12:29) markl: if anyone has any sources of donations that could help incentivise bug squashing, then by all means, go get it! (23:12:45) andreasbuerki: iang: nope.... (23:12:55) markl: same with any other monetary support you can get... develop proposals, whatever is needed (23:12:59) markl: but it's not the problem right now (23:12:59) iang: we don't need to incentivise our patchers. they are already doing lots of work (23:13:01) andreasbuerki: or do you really think, we get the chicks for free? (23:13:13) iang: what we need is to clear the roadblocks from in front of them (23:13:17) markl: iang: understood (23:13:24) andreasbuerki: iang: so can give them reward... what is wrong with that? (23:13:25) iang: the biggest incentive is to show their patch, in production (23:13:45) iang: there are rewards and there are rewards ... (23:14:04) andreasbuerki: iang: I'll talk to the patchers myself... maybe thei like the idea ;-) (23:14:14) markl: if someone's got some spare bags of money that can only be used for bug bounties, then sure, lets do it.. but there are probably better places to spend money within CAcert than on that... and it's not the problem at hand (23:14:48) andreasbuerki: markl: just define the palce and add a price tag... ;-) (23:14:57) ernie: markl, no it's not the problem ... (23:14:58) iang: some people have invested money in the software, but I never heard of anyone paying a developer ... instead people paid to have developers transported, fed, etc (23:14:59) andreasbuerki: bug bounty is not limited to bugs 23:15 (23:15:00) GolfRomeo: Duane tried to do bug bounties but it didn't work (23:15:23) markl: andreas: root creation, $20k (23:15:52) iang: Essen + Hamburg together cost Euros 1k, half on software (23:16:12) iang: 1.5k was the Innsbruck bill. Food, transport, etc. (23:16:27) markl: anyway, this is now far removed from getting people to agree to the CCA (23:16:35) ernie: right (23:16:47) andreasbuerki: right, markl (23:16:52) iang: well. the problem is: we will keep taking the good ship CAcert onto the rocks of Software ... (23:17:11) andreasbuerki: Guillaime... let's talk about that later or in private (23:17:21) markl: the actions that need to be taken to improve the ability of the software teams are being undertaken, and until they finish, I'm not sure there's any action here to take (23:17:57) phidelta: well we were asked to start background checks on new team members. So let's do that (23:18:09) iang: nod, this is a good suggestion (23:18:10) markl: PG did that already (23:18:15) iang: Philipp has proposed 2 (23:18:17) markl: he is the one who asks the arbitrators, right? (23:18:18) iang: there are two others (23:18:24) markl: not us.. we just approve 'em after that (23:18:28) iang: team leader is supposed to make the running, yes (23:18:38) phidelta: he asked the board to do that. All he did is ask them their qualifications (23:19:01) markl: no, he cc'ed support (23:19:02) iang: phidelta: sorry, PG asked the board to do it? (23:19:08) iang: if so, let's do it. (23:19:17) markl: which is the way to ask for such things, iirc? (23:19:19) phidelta: to start off the arbitrators (23:19:19) iang: (ABCs are filed through support as ordinary disputes) (23:19:20) GolfRomeo: Andreas : ok 23:20 (23:20:07) phidelta: and PG did not send them into support but asked the board to do that (23:20:19) ernie: phidelta, no he sent to support (23:20:23) ernie: and to board (23:20:30) markl: he sent to support@ as well as us (23:20:37) iang: these were requested by board: Dirk Astrath, Markus Warg, Bernhard Froehlich and Alexander (23:20:38) iang: Prinsier (23:20:45) phidelta: ok, ignore this delirious fool (23:21:02) iang: https://community.cacert.org/board/motions.php?motion=m20091220.2 (23:21:05) ernie: ****Therefore please start the arbitrated Background Checks on Alexander (23:21:05) ernie: Prinsier and Markus Warg now. he wrote (23:21:46) phidelta: ok, ignore this delirious fool (didn't see that support was in there) (23:21:55) iang: As I understand it, these two are now in the Queue for ABC. (23:22:08) andreasbuerki: fool?... which one? I'm naive... :-) (23:22:09) ernie: I understand it the same way (23:22:22) iang: Also, as it happens, so is Dirk Astrath ... apparently he got bored and applied for Support Engineer's role (23:23:05) markl: OK, so there's movement there, and nothing on the agenda regarding messing with that, and it's no longer about the CCA stuff, so lets move on to the next item? (23:23:10) iang: Which would leave Bernhard Froehlich. He was the one who took over CATS, and got the famous end-of-life-to-most-Assurers patch going (23:23:42) phidelta: yes, according to PG Ted is way too busy already (23:23:50) iang: well, unless we think it useful to just add Bernhard, sure. I don't think we can address the CCA patch here. (23:24:11) iang: phidelta: ok, I wasn't aware of that info. we're done then. (23:24:33) markl: ok, next... 2.6 Support News - added by Iang (23:24:38) andreasbuerki: seems we cant really help... :-( (23:24:52) iang: a. team is now in the process of switching to OTRS system. Latest status is that we are now processing most normal things through it. (23:24:52) iang: * Thanks to Mario and Nick for getting it going, and Daniel for switching the email over. (23:24:52) iang: * Implication here is that Support might see some disruption as the switchover happens. (23:24:53) iang: * Afterwards, we'll be looking to expand the use of the system to Arbitration. Later on, offered to other teams. (23:24:53) iang: b. Team now stands at: (23:24:54) iang: i. Systems Engineers: Werner, Marty, Michael, Wolfgang. (23:24:54) iang: i. Triage: Joost, Faramir (23:24:56) iang: i. New recruits: Alexander and Dirk (slightly delayed by OTRS switchover). (23:24:56) iang: (end) 23:25 (23:25:12) markl: ok.. just a report, no action? (23:25:18) iang: yes, easy! (23:25:28) markl: easy peasy... next item... 2.8 Plan for Root Situation. - added by Iang (23:26:00) iang: I have many prepared words, if desired :) (23:26:22) markl: if you so desire (23:26:23) andreasbuerki: and if not?...joking (23:26:37) iang: if not, you'll have to prepare something ;-) (23:26:40) iang: ok here goes: (23:26:41) phidelta: oh the burning desire (23:26:46) iang: a. Much discussion on the various and many groups. (23:26:46) iang: * But no clarity and no plan. (23:26:46) iang: * Proposed this board motion to clarify the need for a clear plan: (23:26:47) iang: https://community.cacert.org/board/motions.php?motion=m20100114.1 (23:26:47) iang: * I suggest we complete this motion here today, one way or another. (23:26:48) iang: a. Policy group discussed a motion (23:26:49) iang: * "CAcert stops issuing Class3 certificates." (23:26:49) iang: * Added to the general understanding by sparking some debate. (23:26:50) iang: * the wording was recognised as confusing. (23:26:50) iang: * But it did not achieve consensus, IMHO. (23:26:52) iang: a. There is a document suggested by Roberto & Dieter: (23:26:52) iang: https://lists.cacert.org/wws/arc/cacert-sysadm/2010-01/msg00054.html (23:26:54) iang: * I think this is best seen as a set of requirements for the two Universities, in which case it serves our needs well. (23:26:54) iang: * (It is not quite a plan because it lacks the elements we would need: No team, impact, no indication as to how, and no reference to policy. Probably more.) (23:26:56) iang: * It essentially proposes to re-issue the Class 3 roots. This is controversial because: (23:26:56) iang: i. we are already decided to stop using the existing structure (23:26:58) iang: i. any new root would be chained off the existing Class 1, so this is not solving more than a small part of the issues. (23:26:58) iang: i. Indeed, the proposal suggests closing off the Class 1, after signing a new Class 3... Any statement made over Class 1 will apply over Class 3. (23:27:00) iang: i. security policy and CPS has rules about the creation of roots, which means that any root issued probably has to be done properly. (Or, see Peter's comments. Link on agenda.) (23:27:00) iang: i. so the work may end up being the same as doing the full job. (23:27:02) iang: a. Having said all this, *all options* are uncomfortable. There is no point in attacking one option, they all have issues. It is a comparison to search out the least bad approach as much as it is to find the best. (23:27:02) iang: a. An intermediate path is suggested: simply stop issuing Class 3s. Pending some form of impact statement, this might be the easiest thing to do right now. (23:27:04) iang: a. A smaller, perception move is to adjust warnings on the website so that people can make better informed choices. I think this can be done, and should be done. I think we would be wasting the board's time to start voting on such detailed issues. (23:27:04) iang: a. New information from Mozilla, they will deprecate MD5 by end of 2010. (23:27:06) iang: i. Specifically any roots with MD5 will be dropped. (23:27:06) iang: i. (It is difficult to be precise about what this means.) (23:27:08) iang: i. I suggest we do the same. That is, (23:27:08) iang: Resolved, that the existing Class 1 and Class 3 are eol-end 2010, or sooner if possible. (23:27:10) iang: (end) (probably blocked by filters now......) (23:27:46) markl: doesn't this again all hinge on another matter... having a plan to generate new roots? (23:28:16) pemmerik hat den Raum verlassen. (23:28:38) markl: and being that we need to reissue the roots correctly already... (23:28:59) iang: yes, this what I asked in the motion above, and https://community.cacert.org/board/motions.php?motion=m20100114.1 (23:29:03) markl: I think we should develop a plan for the new roots, and ignore the distractions along the way 23:30 (23:30:01) markl: that resolution looks good to me, except i dont understand the first sentence? (23:30:18) matSim hat den Raum verlassen. (23:30:46) iang: CH team is ... (I guess) Ernie, Andreas, the 2 University people, Matheiu ... correct me if I am wrong (23:31:03) andreasbuerki: ch team is your term, iang (23:31:13) iang: CH team is my term, yes :-) (23:31:20) iang: but you are welcome to it (23:31:20) andreasbuerki: bug 665 is the issue.... (23:31:38) andreasbuerki: and it concerns CAcert as a whole (23:31:47) markl: whilst we should take the two universities' opinions and needs into account, I don't see why they should be raised to any higher level, especially if we're considering replacing the roots all together, because it would address their needs anyway (23:32:06) andreasbuerki: what is threatenign the people in general, is our time of reaction (23:32:07) markl: bug 665 is a PR bug (23:32:09) markl: not a technical one (23:32:22) iang: on the latter point, yes, it would address their concerns fully (assuming it all works) (23:32:33) markl: almost every CA still has MD5 signed intermediates out there (23:32:47) andreasbuerki: markl: PR or not... don't underestimate bad PR... ;-) (23:32:51) markl: so to talk of our slow reaction time... slow in relation to what? (23:32:52) iang: Mozilla lists 7 with MD5 in the roots (23:33:12) markl: mozilla doesn't include intermediaries (23:33:17) andreasbuerki: in relation to other CA's... (23:33:40) iang: (yes ... it isn't really clear how to relate their new eol date ... but it is a data point.) (23:33:48) markl: MD5s in roots is not the issue.. self-sigs are unassailably secure, because they don't do anything when the cert is included in the trusted store (23:34:18) iang: markl: their response to dropping MD5 in the roots can be seen as PR response, as well ;-) (23:34:22) andreasbuerki: question: do we really think we can solve the problem today? (23:34:30) andreasbuerki: is this the place to solve it? (23:34:34) iang: "today" ? (23:34:45) iang: "place" do you mean, in this meeting? (23:34:48) markl: the only reasonable way to solve this "problem" is to forget about it, and deal with the bigger problem of reissuing our root (23:34:58) andreasbuerki: why not asking the policy group to come up with a more elaborated proposal? 23:35 (23:35:09) GolfRomeo: ya (23:35:11) markl: reissuing our root addresses this PR fluff by coincidence (23:35:13) andreasbuerki: yep, in this meeting (23:35:19) ernie: markl, from which time-frame we are speaking here? (23:35:34) iang: andreasbuerki: policy group already wrote their policies. If there is a flaw, we can talk about that, but nobody's mentioned on. (23:35:43) Nik hat den Raum verlassen (quit: Ping timeout: 180 seconds). (23:35:46) markl: as quick as everyone works together to make it happen (23:35:57) ernie: markl, :-) (23:36:08) markl: you can make it quicker by helping write the procedures, helping secure funding for it, etc etc (23:36:14) iang: well, the problem is, I see a lot of people running around making pronouncements. So, we need to bring those pronouncements to a point. (23:36:16) andreasbuerki: to my knowledege a more detailed and described procedure is under way... why not to wait for that? (23:36:19) markl: the board here, right now, cannot do much of anything to make it quicker other than ask nicely (23:36:53) ernie: :-) (23:36:55) iang: ok, is that something that you are entering to the board's attention? For the minutes? (23:36:56) andreasbuerki: agree, markl (23:36:57) markl: I think that we should endorse reissue of a non signinging root, and multiple sub roots as the "one true way", and be done with it (23:37:25) GolfRomeo: markl: ok (23:37:29) iang: markl: I agree with that. But unfortunately, that's now what the team(s) are thinking x1c; (23:37:55) andreasbuerki: markl: and add as long their is no better or more pragmatic solution on the table... (23:37:57) iang: and, if we have consensus, I will be the first to write that motion. (23:38:33) andreasbuerki: I wouldn't do a motion right now.... it would blocking future attempts (23:38:43) iang: the other possibility is that we could simpley declare end-of-life for the existing roots (23:38:48) andreasbuerki: give the community room... (23:38:58) iang: say, end of this month. Or end of this year ... to give the community room (23:39:31) GolfRomeo: iang : wise move, let's define the end of life of the current roots (23:39:35) andreasbuerki: whatever, until a acceptable solution in accordance with the policies is on the table 23:40 (23:40:16) iang: andreasbuerki: you haven't answered my question about whether you are telling us about this new team / plan? (23:40:32) iang: I would like a clear signal from you so as to put it in the minutes (23:40:48) andreasbuerki: they are workin on that and it's an informal team (23:40:50) iang: and that would also clear the way for voting on https://community.cacert.org/board/motions.php?motion=m20100114.1 (23:41:41) andreasbuerki: is this sing good enough?... I mean, until now, nobody really cared about 665.... so no hurry (23:41:57) markl: I think we should literally forget about bug 665.. it is, honestly, crap... we have a way to fix it, which fixes a real problem as well, by reissuing roots (23:42:02) iang: So, we have three things on the table. m2010014.1 (23:42:07) andreasbuerki: abd you board collegues told me, go to plicy group (23:42:22) iang: Then, Resolved, that the existing Class 1 and Class 3 are eol-end 2010, or sooner if possible. (23:42:29) ernie: markl, in the meantime I understood this in the same way (23:42:49) iang: And, Resolved, that the only roots issued should be a non-signing root, and multiple sub-roots. (23:43:06) iang: andreasbuerki: can you remind us of the context of that? (23:43:32) andreasbuerki: when I first rised the question.... (23:43:54) andreasbuerki: http://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20091115 (23:43:54) markl: last time Andreas brought up bug 665, we told him to bring it to the attention of the policy group, because this place is not the first place to discuss things like that (23:44:08) andreasbuerki: markl: yep (23:44:10) iang: ok, so maybe we were thinking at the time whether it was even possible to issure new roots from the existing Class 1. Yes, this is a policy question. 23:45 (23:45:04) andreasbuerki: but again, if we don't need to reissue NweRoots for that... why should we? (23:45:18) iang: well, that looks like bad information. I think a better statement would have been, show us the plan, and make sure the policy (group) are ok with it. (23:45:43) markl: because it takes people who could be working on new roots away from that task (23:45:59) andreasbuerki: and this plan is under way... and it takes time.... so no need for any motion right now in my humble opinion (23:46:27) markl: we all accept the need to issue a new root, right? (23:46:33) markl: ignoring bug 665 for the moment (23:46:33) andreasbuerki: let's see which one's exactly (23:46:57) markl: andreas: we need to issue a completely new root for audit (23:47:01) iang: sorry, andreasbuerki , you mean, they are working on a plan for us, right? (23:47:09) andreasbuerki: markl: yes (23:47:25) andreasbuerki: iang: that was my understanding (23:47:28) iang: markl: yes. It's essential, there is no way out of it. (23:47:37) andreasbuerki: so I don't see the need for hurry (23:47:42) iang: andreasbuerki: thanks, just didn't want to get the wrong impression (23:47:45) markl: so, that being the case, we shouldn't waste time putting lipstick on the pig that is the current root (23:48:06) GolfRomeo: :) (23:48:18) markl: if there are resources available to issue new roots off it, those same resources can be put in to play to issue new roots (23:48:27) markl: and we solve the PR problem, along with a much larger problem (23:48:32) iang: markl: something like: resolved, that the existing root may not be used to sign new sub-roots? (23:48:32) andreasbuerki: We have eventputted too much lipstick during the last root ceremony (23:49:37) andreasbuerki: a lot of costs and nothing to use (23:49:45) iang: i object to that! 23:50 (23:50:01) GolfRomeo: me too :) (23:50:12) markl: how about something like this.... RESOLVED, that the existing root may not be used to sign any new sub-roots, and that the board receive reports from affected teams with a view to the issuing of a new offline root with multiple sub-roots. (23:50:16) pemmerik [pieter@cc518889-b.hnglo1.ov.home.nl] hat den Raum betreten. (23:50:29) iang: firstly, the costs were very efficiently used, secondly we got a lot of experience, and thirdly, Guillaume put no lipstick on and didn't submit a bill for any, either ;-) (23:50:38) andreasbuerki: OK, the last time it was an excercise.... ;-) (23:51:03) iang: indeed, without that exercise, we wouldn't know as much as we know now, and we may have actually made a big mistake .... in this current debate (23:51:04) ernie: iang, you are sure next time it will work ? (23:51:10) iang: ernie: nope (23:51:16) andreasbuerki: loooooool (23:51:26) iang: and .. neither is anyone ;-) (23:51:37) iang: ya gotta break some eggs to make an omelette (23:51:40) markl: anyone who tells you they are sure are lying to you :) (23:51:48) markl: soo.. how bout that resolution? (23:51:49) ernie: iang, how much risk 50/50 - and where is the risk it will not work? (23:51:49) GolfRomeo: So we need to issue root far before we get audited (23:51:53) andreasbuerki: hey, you are the crypto cracks.... I'm just the marketing heini :-) (23:52:07) iang: seconded (23:52:14) markl: aye (23:52:23) GolfRomeo: aye (23:52:24) iang: aye (23:52:37) andreasbuerki: aye for what? (23:52:45) markl: RESOLVED, that the existing root may not be used to sign any new sub-roots, and that the board receive reports from affected teams with a view to the issuing of a new offline root with multiple sub-roots. (23:52:52) ernie: aye (23:52:55) andreasbuerki: aye (23:53:54) iang: phidelta: ? (23:54:08) markl: I declare it carried. (23:54:17) markl: Any questions from members? (23:54:23) andreasbuerki: a note for the record: we need to thik as a community, how we can speed up reaction time in comparison to commercial CA's for needed cooretion (23:54:43) GolfRomeo: andreasbuerki : pretty right ! (23:54:46) iang: oh, I have proxy for phidelta , I say AYE for him. 23:55 (23:55:16) iang: andreasbuerki: I can give you a three point action plan for that, if you like? (23:55:27) markl: lol (23:55:30) iang: 1. Software team. (23:55:30) iang: 2. Software team. (23:55:31) iang: 3. Software team. (23:55:37) markl: ok, there being no questions from members.. we'll move on (23:55:40) andreasbuerki: iang: just write in the wiki... ;-) (23:55:43) iang: I have one remark as member (23:56:06) andreasbuerki: by the way... are you good friend with Balmer from M$? (23:56:14) iang: last meeting, we discussed an earmarking of funds for a potential Australia walkabout to find members and drum up support (23:56:46) iang: the vote was narrowly put forward, but due to the number of Abstaintians, I believe the board did not support it. So the request is withdrawn from my part. (23:57:12) iang: Which is to say, when I'm in Australia, I won't be doing all those ATEs that were suggested. (23:57:14) iang: (end) (23:57:33) markl: so noted (23:57:40) iang: andreasbuerki: I am an admirer of that particular strategy of his, indeed. (23:57:52) markl: there's not much good in confirming next committee meeting, so we'll skip that (23:58:01) markl: I move we adjourn the meeting. (23:58:15) iang: any discussion on when the next meeting is for report? (23:58:29) markl: propose a meeting with the completed text? (23:58:39) iang: do we want to pencil anything in? or we just play it when the text lands? (23:58:39) iang: ok (23:58:40) markl: 48 hours should be good to give everyone an opportunity to read it (23:58:50) iang: ok, second motion to adjourn (23:58:53) markl: aye (23:59:03) iang: and aye (23:59:09) ernie: aye (23:59:16) andreasbuerki: aye (23:59:24) GolfRomeo: aye (23:59:31) markl: ok, I declare the meeting adjourned (23:59:38) markl: and on that note, I have to jet... talk to you all later
Original Place Meeting Transcript SVN CAcer.org Website - Comment: Replace in original .txt file YYYYMMDD by the real date of the meeting and after that cancel this comment.
Meeting Transcript 2010-01-DD
Original Place Meeting Transcript SVN CAcer.org Website - Comment: Replace in original .txt file YYYYMMDD by the real date of the meeting and after that cancel this comment.
Inputs & Thoughts
YYYYMMDD-YourName
Text / Your Statements, thoughts and e-mail snippets, Please
YYYYMMDD-YourName
Text / Your Statements, thoughts and e-mail snippets, Please
Category or Categories