Team Reports 2017
Team Leaders are encouraged to present a report for their team. (alphabetic order)
This webshop with T-shirts, caps, mugs and more is run by secureU, a partner association from CAcert in Germany. The benefit is sent to us or used to pay bills for us.(Ru)
Critical System Administrator Team
Day to day operation
Regular system administration activities resulting in site visits or software updates of one or more of the critical systems are dutifully reported on the public systemlog mailinglist email@example.com with archives kept at https://lists.cacert.org/wws/arc/cacert-systemlog We refer the interested reader to those resources rather than duplicating or summarizing the information here.
The interest in CAcert is diminishing, not only within the user base, but also with the Critical System Administrator team. Besides general market circumstances there is also a major problem emerging due to the aging of the CAcert application code.
Without a functioning CAcert software development team, no changes to the application code have occurred in the past two years. Thus the CAcert application (written in PHP) is locking CAcert into an old and soon obsolete version of the Debian OS. If one accepts a lot of PHP warnings, an upgrade to Debian oldstable is still more or less possible with the existing PHP code. But an upgrade to Debian Stable is not possible with the current PHP code base, due to its dependency on an obsolete mySQL database interface layer, which is not supported anymore in the PHP version bundled with the current Debian Stable.
Without the ability to upgrade the application platform to a well-maintained version of Debian, the Critical System Administrator Team will be unable to take responsibility in the near future for the safe and correct operation of CAcert's main server, the web application and database server.(Wy)
The events-team is currently down to two members, where only one member is active. Purpose of the event-team is to keep track of events with CAcert participation like Fosdem, Froscon or OpenRheinRuhr.
In FY 2016/2017 CAcert had a stand together with secure-u on these events and was active there with assurances and in communication (not only) to new and existing members.
On these events we've seen a decrease in assuring members, but the questions asked to the CAcert members were more specialized.
As the events-team is still small, CAcert plans to take part at these events in FY 2017/2018, too.
There was some communication to PR-Team to work together for upcoming events.(As)
In FY 2016/2017 one member got administrator-access to several machines (e.g. bugs.c.o, blog.c.o, wiki.c.o) so all these machines are now maintained again after the former admins of these machines resigned.
During application updates, a certificate authentication was enabled on several servers, so there is no need to remember passwords.
For FY 2017/2018 there are more applications (and maybe OS-updates planned on these machines.(As)
New Root & Escrow Project (NRE)
Organisation Assurance Team
Policy Group has 277 members (as of october 2017). Twelce of them where involved in the following discussions:
Discussions July-December 2016:
- overturning of some older motions
- idea for new policy: Policy on Heads of Power - Cabinet
- new roots signer and CPS; new try
Discussions January-March 2017:
- HoP proposal, continue or stop?
- DRP changes in context of HoP proposal
- HoP, solving conflicts, was Re: new ruling on conflict across heads of power / independence of branches
- Cabinet - call for a vote?
- Veto rights - was: Re: PoP changes in context of proposal for HoP
- CPS changes in context of HoP proposal
- STOP of Hop / Cabinet - if there is no feedback
- idea about rules for cabinet
Discussions March-June 2017:
- revocation of CCA
A quite active member from policy group resigned in May. No vote was held in this period. (Ru)
Does the team still exist? The post of the PR officer is no longer there. Nevertheless, the last holder of the post is still involved yet. Together with the secretary, the various communication channels, accounts and access points / passwords were collected. Activity on Twitter ended in autumn 2016, but restartet in summer 2017. The blog was still active thanks to some members. The activity on the mailing lists dropped drastically.(Ru)
We are looking especially for native speakers in english and spanish who like to help practically in terms of giving ideas, writing text, and translate text into their language for blog posts, Twitter and social media as well as articles for news and magazines. Any voluntary please talk to firstname.lastname@example.org or write to email@example.com.
Software Development Team
After resignation of the former Teamlead, the software-team had to be set up again nearly from scratch. Unfortunately there is not much progress here due to the lack of volunteers and ABCed Software Accessors (and ... time).
Furthermore some access rights were not granted by the former SA teamlead ... and there was nearly no handover. Therefore it took quite some time to get all necessary access rights back and to get the current status within the open issues within bugtracker.
In summer 2017 our test-server was not accessible anymore. Several mails to the former operator of this machine were not answered. It took some time to set up a working environment on my own machine(s) and get knowledge and access to our backup-testservers.
For FY 2017/2018 there is the plan to roll out the resigned root certificates (as they are installed on some of our non-critical systems) to the critical systems.(As)
In FY 2016/2017 support is still running low on volunteers. A ABC was started in autumn 2016, but has not yet been decided by arbitration. Therefore the support-queue is still big.
The triage-team is working quite well by presorting the mails coming to support.
Most mails to support are "close account" or "certificate issue". Without digging too deep into details, the reason for closing the CAcert account are most times the use of Let's encrypt certificates instead of CAcert certificates or a raised awareness of spread email-addresses and personal data (due to security leaks e.g. at Linkedin, yahoo etc.).(As)
Translation / Localisation
There was no translationh team, but a group of translators in the time. It seams, that most or all translators stopped to translate for their language. While logging in the pootle server in beginning of october 2017, the last acitvity was reported as follows:
CAcert: slepper117 reviewed CAcert Certificate Acceptable Use Policy A year ago
CATS CAcert Assurer Training System: GuKKDevel reviewed Your certificate could not be validated. A year ago
PDF Form Generator: slepper117 reviewed I, the Assurer, hereby confirm that I have veri... A year ago
Root Certificates Installer: slepper117 reviewed Additionally mark the CAcert root certificates ... A year ago
Terminology: slepper117 reviewed trade office A year ago
Tutorial: Michael Tänzer edited %d file will be downloaded 2 years ago
The main text (Cacert) is completely translated in the following languages: Spanish, German, French, Dutch and Czech. Italian needs 1% of work and portugese (Brazil) 18% to be finished.
Languages with a good start are swedish (64%) and hungarian (47%). In another 29 languages, between 1% and 37% where translated two, three, four years ago or even before.
CATS is translated for english and german. A french translation was reviewed succesfully in february 2016, but is still waiting for the roll out. Translation in dutch, spanish and czech are still in progress.
Of course, translate everything is an enormous work, but following the indications at Translations/WhatFirst, it is a good thing to be involved in the community for people with no programming skills and not having the possibility to work with others, as they are alone in their region or due for some reasons, they can only do some work on irregular base. If CAcert will have a future, it needs to be localised, as "normal people" prefers access in their own language.
For more details, please check the synoptic overview in the middle od the page at Brain/Study/Translations. It is from 2014, but since there were not significant changes. (Ru)
In FY 2016/2017 one european member of the financial team got authenticated at Westpac in the London office, so the burden is not only on the australian members site.
Unfortunately it was possible to activate the access in FY 2016/2017, but we're on the way to establish it in FY 2017/2018.
Accounting details will not be given by the Financial Team but by the treasurer.(As)