AGM 2011/2012 - Diary
Diary from year before AGM Diary 2010-2011
Proposed date for AGM: 2012-11-25
- Piers 20120910
- Board's archived closed email traffic
Annual Report forward looking statement (2009 - replace with 2011/2012)
DO NOT bother with formatting or links because this has to be reformatted for final publishing in some document preparation tool
only major events are entered here ... if it is better reported by the Team then we should do that.
July 2011 to June 2012
- Domain names
- In July the domain names were secured for the next 5 years.
- Certificate lifetimes
Arguments about the length of certificate lifetimes. Should we allow >2 year expiry, possibly charging for the privilege? Expiry warnings are not being sent (this is subject to an outstanding bug report 922).
- Community XMPP server
- Much discussion about setting up a community XMPP server. The board is not opposed to the community setting one up and managing it.
- New points calculation
- Mail was sent to members detailing the "New Points Counting (Thawte Patch)"
- Organisation assurer
- Alexander Bahlo was appointed Organisation Assurer.
- CAcert's Strategy
- In November 2011, a closed industry group of CAs and vendors called CABForum finally decided on a new standard for CAs called Baseline Requirements (BR).
One side-effect of BR is that there are now multiple audits to pass to become a top-tier CA. Depending on how they are counted, CAcert can now expect to have to deal with 3 different audit processes: BR, WebTrust and EV.
- For various reasons this process is too expensive.
In light of the audit barrier to entry, we took the first beginnings in a discussion for a wider direction. https://lists.cacert.org/wws/arc/cacert-board-private/2011-11/msg00014.html
Commentary - for report: This has a dramatic effect on CAcert's fortunes. The creation of multiple, expensive audits where one previously did fine is clearly a trade barrier erected for the benefit of large, well-funded CAs, against smaller, lesser-funded CAs. CAcert is in the latter basket, not because it is smaller but because it is self-funded rather than sales-funded.
continuing discussions about moving CAcert to Europe or elsewhere. https://community.cacert.org/board/motions.php?motion=m20110807.2
the new Board discussed at length the privacy situation in private mail list. Conclusion was to let the work of previous boards stand for the time being. https://community.cacert.org/board/motions.php?motion=m20091206.3
- Costs - some costings were established for board meetings.
Board moved to address the long term nature of account manageent withint the context of 'short' AGM cycles. It had taken previous boards fully 2 years to gain control of the accounts. Board created a sub-team to issue payments from the bank accounts on motion from the board. Team includes Iang + Kevin, being locals in Australia, who had facilitated getting control of the accounts. The intention of this sub-team is that they are not especially board members, but local and reliable long-term helpers. https://community.cacert.org/board/motions.php?motion=m20110717.8 https://community.cacert.org/board/motions.php?motion=m20110717.7
- some effort put into figuring out whether a Credit Union Australia bank account? Check with Kevin.
- Board continued supporting ATE processes:
in AU by Iang for the purposes of boosting the Australian Membership. https://community.cacert.org/board/motions.php?motion=m20110717.6
In Manchester by Ulrich? Dirk? https://community.cacert.org/board/motions.php?motion=m20111220.3
- Some discussion on paid links and google ads. General agreement to accept a deal on links. Unknown what the result was. Status of google ads remains unknown.
- An affiliate program with Booking.com, a Dutch Hotels reservation service, was agreed.
- Board agreed to cover up-front costs of CAcert-branded Polo shirts on the understanding that they would be sold to recover costs.
- We started talks on a cooperation with gooze, a supplier of hardware secure tokens.
- Security issues
Board monitored and approved of a security risk analysis process conducted by Iang. As it was part of his Dipl. Security & Risk Management, the fit with CAcert's needs was approximate rather than directed, but welcome as any input is.
- Board kicked off a request to get an uptodate list of security roles and permissions as set in the system.
- Discussion of infrastructure hosting continued in November. Board's position was to support any sponsors or contractors in doing this, but declined to directly drive the issue.
a discussion with Fedora/RedHat rumbled to a null conclusion. RedHat's position was that they refused to discuss root lists except with their legal counsel talking to our legal counsel. Our position is we don't do that, we're an open community and we don't set up secret meetings unless there is a known point to it. Further, from various factors (cost, conflicts with Arbitration, etc), we do not retain a formal counsel, and given the statements presented, nothing short of that barrier to entry is good enough. Nothing happened.
- As discussed and resolved at the AGM, the board appointed Iang + Kevin in order to make up 3 Australian Board Members. Michael and Werner transferred to a new subcommittee made for the purpose of forming a wider management group.
- The board accepted nominations for new Members:
Marek Michał Mazur https://community.cacert.org/board/motions.php?motion=m20120628.2
(Secretary - can we get a list of Australian members?)
- The problems with the lack of active arbitrators has been a concern for the whole year.
Inputs & Thoughts
- 20121026 u60
missing topic: meeting with Oophaga at Fosdem 2012 (2012-02-04 - 2012-02-05) https://wiki.cacert.org/events/FOSDEM2012
Text / Your Statements, thoughts and e-mail snippets, Please