• Advisory
• AMinutes20071129

Minutes Advisory / Management Sub-Committee meeting 20071129

Systems Review

• maillist? Teus to chase.

• backup recovery plan, followup still to be done by Evaldo

• failure of memory on core+db indicated
• OpenPGP
  • agreed to defer any attention to next year
  • after move NL and rebuild of sysadm / software teams

NL

• hvl is busy at the moment. Teus to get in contact.

• test system access
  • hvl is added
  • decision: also add the Rudis.
• plan for move
  • delivered tuesday in v0.1
  • no comments in mail

  • decision: critical systems administrators get access to both machines, this is not acceptable in medium term, but has to be done for now.

  • the signing server can be any of the available servers, as it is has no access except over the serial cable
  • (discussion about the dual access and BIT responsibilities)
  • Teus: comments discussed, some changes made. Need to forward to board.
  • agreed to re-open agenda point at end with Philipp
• Discussion with Phillip
  • Rudis can be made available to help access
  • Estimate that it will take one man-month work (experienced)

  • This is the same as the AU->AT move

  • 1st step is to build the software suite and load test data & config

  • Once running and tested, estimated 2 hours of down time to move real data
  • some discussion on DNS and Reflectors.
  • Evaldo can help with building the systems
  • KVM access is not available in secure form
  • Evaldo might be able to propose a VPN solution later (security, SSH, Tix, KVM, etc...)
  • issue is that the signing server needs a lot of attention
  • Philipp and Evaldo to work on it over the weekend
  • monday deadline for comments

IRC

• IRC machine
  • port 80/443 connections are being delivered with a single source IP# which is the Tunix firewall
  • IP# should be from the client machine of the user

  • evaldo to file separate bug

• the default situation with Tunix is that they are screening.
  • this may meen that they are screening SSL sessions.
  • Teus cannot comment on screening as has Oophaga hat on
  • Evaldo and Iang raised doubts in email.

  • Evaldo to discuss with Philipp.

  • Iang to clearly stress the audit context on this.

Assurance

• CATS is up and going,
  • Evaldo to write a 5 mins script, waiting on Jens.
  • an email should go out to announce the CATS to board + close insiders
  • Michael is to review CATS code
• Policies

  • NRP-DaL ==> still needs rework

  • do this at same time as the style guide rework.
• CCA

  • policy has privacy mods, needs to be voted. teus to chase Jens and Evaldo by reforwarding the post

  • FSFE transfer language, email to propose the changes to come

Misc

• Audit Funding

  • iang to comment with Valer

  • iang to propose half retainer to CAcert

• Security Manual
  • greg introduced the question to Pat, then stepped out of the way

  • teus to comment on remuneration

  • maybe request a plan, but not obvious what that would be

• Henrik's proposal ==> evaldos list

• Henrik to be freed from House Style area
  • offices to be reorganised? Debate continues
  • Johann had an issue with PR

END