= Advisory/AMinutes20071208 =

Teus, iang.  Evaldo by chat.

 * Saturday 10:45 -> 19:00, an hour for lunch
 * Sunday 10:00 -> 15:20], an hour for lunch

== CAcert formal documents ==
 * status and review conducted over following documents

=== Security Manual -- SM ===
 * requirements derive from ''iang'' from DRC
 * ask '''board''' to vote on motion: ''that the security manual be a fully open and published document.''
 * ''teus'' to negotiate with Pat in email
   * a minimal threat model to be covered
   * threat model to include those threats necessary from the DRC requirements
   * first thing is to think of an overview of the chapters
   * from those chapters, an insight as to who needs to provide input
   * in syncronisation with Audit work, ''iang''
   * ''iang'' to assist in first review
   * for operational information, input from ''philipp'' is required
 * timeframe:
   * month 1: chapters + insights
   * month 3: 1st cut document for review against DRC
   * month 4: list of changes from review against DRC, by ''iang''
   * month 6: completed SM, incorporating changes.
 * funding by NLnet allocates 3000 euros for each phase (of 4) for documentation and other CAcert projects. '''management subcommittee''' (m-sc) to vote on motion: ''to allocate a documentation budget of 3000 euros to SM project.''  So voted on chat.  [[ManagementSubCommitteeDecisions|msc20071208.1]]
 * negotiate with NLnet to move SM from phase 1 to phase 2 of funding plan
 * '''''Pat''''': if you have any comments, please let teus know asap.
 * Pat reports to management subcommittee ('''Teus + Evaldo''').

=== CCS ===
 * CCS [[http://svn.cacert.org/CAcert/ConfigurationControlSpecification.txt|svn wip]] moved to PolicyDrafts/ConfigurationControlSpecification on wiki
 * documents part to be updated to refer to [[http://svn.cacert.org/CAcert/PolicyOnPolicy.html|Policy On Policy]]
 * go to board and ask to vote on motion: ''to create a Systems and Security SubCommittee, as per the CCS''
 * some effort put into CCS but left half-reviewed.

=== Code-Signing ===
 * Guillaume to take up the task of guiding the Code-signing policy
 * looks like the vote to drop the current copy-of-id requirement has met rough consensus
 * which means code-signing has no other requirement than 100 points
 * ''iang'' suggests that the Assurer Test be a requirement:
   * the Assurer Challenge establishes a standard, albeit not the most appropriate standard for code signing
   * the Assurer Challenge covers most of the material needed
   * the test helps CAcert by bringing in another Assurer
   * a customised test for code-signing can then be written in the interim
 * suggest change the name of CATS to "challenge and training system" so as to make it more generally descriptive

=== CAcert Community Agreement ===
 * status of suggested changes -- now in the document
   * privacy clause
   * contributions clause
 * other minor changes made, and now no pending work to be done
 * it is moved to the policy group that the document move to POLICY status in one month
 * Teus has so posted.
 * questions in CATS -- make a general advisory to the CATS community to check docs & questions
 * internal PR
   * we have to advise the CAcert Community that this new policy is in place
   * (as well as the NRP-DaL)
   * ''teus'' to prepare mail that outlines text of posts
     1. post to the general CAcert maillist
     1. post on blog
 * mail to go to every registered user from ''Greg'' as President one week after above blog & core maillist posts
   * ''philipp'' to prepare for a general mailshot in 10 days.
   * ''daniel'' to collect all bounces and/or rejections.  Evidence to be collected for potential later action.
 * translations?
 * move document onto main website under the name of /policy/CAcertCommunityAgreement.html
 * prepare the change requests as per CCA1.1.  ''iang'' to dig out old description

=== NRP- Disclaimer and Licence ===
 * place on website
   * linkings to text need to be excessive and frequent
   * ''iang'' to dig out specification and send to Johan.
 * internal PR as above
   * one line added to CCA mailshot, no more
 * review of the questions in CATS to reflect and push these new docs

=== 3pv- Disclaimer and Licence ===
 * explored need for a special document for 3rd party vendors / distributors
 * ''iang'' write to Mozilla to explore their thoughts on it
 * we have done a brainstorming on what possibilities, ideas could be introduced
 * essentially it is a rewrite of the NRP-DaL

=== Assurance Policy ===
 * collected comments from the list discussion
 * 1st cut written and onto wiki
 * [[PolicyDrafts/AssurancePolicy|Assurance Policy]]
 * reviewed and now at v0.2, ''teus'' to post to Policy group.
 * the code-signing policy is being led by Guillaume.

== Systems ==
 * '''NL move'''
 * systems documentation is coming?
   * photos have been taken by Ridi ==> to Philipp
   * Robert has prepared some diagrams but they may not be representative
 * security work is on hold until after the move
   * security will likely suffer during the move
 * management, sysadms in the team
   * m-sc has voted to bring Oophaga in as systems administrators for team for supporting NL
   * Oophaga is now taking on responsibility for systems administration in NL
   * Oophaga has approached more sysadms in 3 companies (snw, compata, atcomp)
   * decided not to approach user groups.
   * m-sc votes on the target:  one person per defined service, and one backup-sysadm for each.  So voted on chat.  [[ManagementSubCommitteeDecisions|msc20071208.2]]
 * Software Development:
   * michael to be added to team
   * philipp agrees, intends to resign as officer
   * for the moment there will be no officer for the team
 * email system
   * contact Daniel + Philipp and get some feedback on recent changes
   * do we need more people?

== Business Areas ==

=== CAcert privacy ===
 * actions related to EU requirements
   * this may be a job that is too big for Rasika
   * need to seek a local team with deeper knowledge in NL law
 * risks of data controller
   * according to the Dutch Act, the data controller has a lot of power
   * that power is largely in excess of and breaks our overall security policy
   * opens backdoor/internal attack
   * can we get legal advice on this?
   * can we create a data controller that acts according to CAcert's interests?
   * can we limit the power?

=== Audit project ===
 * actions
   * valer, ''teus + greg'' to communicate and discuss funding proposal
   * adjust phase 1 to be approximately the current status which would be all business policies in DRAFT, approx, plus NL move
   * phase 2 to include SM, dual control
 * acceptance, root cert inclusion
   * ''teus'' to chase Shane for anglo auditor for sign-off
   * rewrite the MoU?
 * PR over audit: possibility to look in usenix/LISA december meeting

=== Marketing ===
 * fold PR, House Style, merchandise into one team
   * Marketing
 * create team with Greg, Henriks, Johan
 * contact with press
   * in Germany is done by Henrik
   * elsewhere, by Greg? need to ask.
 * no officer to be appointed for now
 * decision on entire move: msc20071209.1, teus to take to evaldo over chat.

=== Education ===
 * CATS
   * certificate login is of strategic importance to CAcert
   * for this reason CATS is to remain separated
   * need to find a developer to assist Michelle, HR should look in to it
 * ''evaldo'' (stakeholder of machine) to talk to Michelle, Michael, ascii
   * propose to m-sc how the CATS team should progress
 * Ted accepted the team leadership of the Education team
   * ''teus'' to ask him for status

=== OA ===
 * has to be pushed...
 * Dutch SubPol has been proposed,
   * a Dutch request for OA is pending
   * 2 votes, need another.
 * Assurance Officer is not appointed
 * Greg:  check the status of US/state SubPol
 * propose a change to the master Policy to incorporate common elements?

=== Events ===
 * unknown?

=== mission statement ===
 * nobody in particular is responsible for the mission, rather it is a collective responsibility
 * if the mission statement is disagreed, the community can split
 * the mission must then be agreed by the community
 * mission on the website is in conflict in itself, etc
 * after 8th (CCA is POLICY) let's start a discussion on the mission

== Misc ==

 * wiki.   So voted on chat.  [[ManagementSubCommitteeDecisions|msc20071208.3]]
   * make an "equate" between "board" and "committee"
   * Teus and other new board members to be added to wiki BOARD page access ("trusted group") ??
   * secretary (Evaldo) to get admin rights on wiki
   * appoint more/new wiki administrator(s) to take over wiki
 * S/MIME rewrite of the arrangement
   * create the roadmap of Thunderbird changes
   * find some student/other programmer to work on this
   * ask NLnet for funding
 * top meeting review

----
 . CategoryAdvisory