= Minutes Advisory / Management Sub-Committee meeting 20071122 = == Systems Review == * what is the structure of sysadm department * maillist? * daniel black to create a mailing list for sysadms * backup recovery plan * guillaume has necessary details * followup by Evaldo * systems work * FF 2 machines: core + signing (towers) * core machine was dead * 1st spare from Philipp's spare machine was also dead * swapped the hard disk into a spare machine of Matthias S. * machine not needed for now. * costs not an issue this time because it was a spare * authorisation can come after-the fact, philipp to write it up * Philipp went through FF mailing list and went to krypt with MS. * no need for arbitration at this stage * OpenPGP system * there is a bug * RFC4880 defines user-id field as a simply unicode structure * fixed issue by adding filter by disallowing multiple email addresses in the user-ids * a security review should have been done * should it be stopped? * need concerns from philipp ? * evaldo took it to the board, * teus wants to take it to m-sc * there are a lot of users, around 50-50 split between OpenPGP and x.509 * no especial audit focus, certainly not a Mozilla request * ggr said it was distracting from core business * voted YES to continue the system * brings into conflict with the board * Teus to write up report (iang to fix) request board to reconsider == NL == * hvl - need to chase, evaldo in email contact * ggr had no time, evaldo is following up and calls Hans * evaldo in email contact * then board request to add * there are several systems in NL * what are in use? * request to '''philipp''' for systems in use, and what are used for? * set deadline for plan * approval by board of plan by next thursday * this means that we have to create the plan by say next tuesday * '''first person to start typing...''' * blockages * Tix changes are not adequate, "inadequate firewall management" * development of procedures, ceremony * working with hdl to work up a plan * Oophaga is addressing the Tix issue * concern about too many ports being opened * ''"does CAcert know what its doing?"'' * good concern, let's see it written up * what procederes can be put in place to ensure the quality of transfer of systems and management of procedures * need a ceremony for the transfer, as with last move AU->AT * architecture for the systems is needed as well * have to be able to maintain the system, system will break down and "that's the end" * Machines: * 1x2100 is backup system (more hard disk capactiy) * 1x4200 is production (less capacity) (mail, lists, wiki, bugs, ...) * 1xTix core server (planned) * 1xTix signing server (planned) * 1x2100 failover, etc, future use * 1x4200 failover, etc, future use * 2100/4200 machines have security issues * all machines are virtualised * education of sysadms * give, receive, and transfer of knowledge * hdl to get access to the TEST system * '''evaldo''' to provide access and bring him up to speed * then work with '''philipp''' and be ready in 10 days * dovetails with migration path === IRC === * IRC server is installed, working. * Await open up in firewall. == AGM == * minutes still to do. * log is on * resolution on change of rules was 21+ days * email was not done to procedure, was too late * board titles are set up, announced == Assurance == * CATS server DB is populated * security * '''ascii''' code review: this weekend * deadline to be chosen when testing starts * PR and acceptance * Policies * NRP-DaL onto main website, need to rework to make it more prominent * do this at same time as the style guide rework. * CCA draft can go as a new draft, with changes bolded. * let's show the changes, and then take it to policy. * still need to verify the FSFE transfer language * AGM took CCA as a concept == Misc == * Audit * basic comment is that the NLnet proposal contradicts the CAcert proposal * still to do: make a discussion paper on the options, '''iang''' * Henrik's proposal * needs to make a proposal * nobody has permission to do anything with CAcert's name * '''Evaldo''' to pick it up with Hendriks, propose Vasco / open source solution as alternate == END ==