= Minutes Management Sub-Committee meeting 20080105 = Present: teus, iang, evaldo. 20:00 to 22:50 == Dispute resolution == * Need a name for the role. * Teus likes Dispute Resolution Coordinator: agreed, propose on policy * Teus name needs to go on organigram * arbitration list needs to be added on organigram * List of Arbitrators * check list, 20 or so names * inform and ack members of the list, after tuesday. * email list creation is now done, password held by Teus, iang. Shall we change it? * experiences with recent batch of Arbitrations * case manager * ask Greg for comments? * update wiki with handled cases (Greg Rose) is done, had wiki problems * ticketing system * having the virtual machine / virtual server allocated * http://bestpractical.com/rt/ * this is the one that Freenode uses * its one of the best around * my proposal: Evaldo to set some ticket systems on his server and we choose what is best * requirements * progress & alarm * privacy: public page but private comments, change access rights * compatibility with support system * access control to read tickets, support for multiple queues (support, arbitration, ...) * consider other application such as the OA request tracking == Assurance == * CATS * sysadm / data access * resolved by giving Bernhard the MySQL access controls. * we still need an additional sysadm * '''evaldo''' to check with Bernhard about sysadm * CATS has been launched to main group * paper certs / PII storage problem * do request for PII at the end, not at the beginning? * there is no need to log it * [[ManagementSubCommitteeDecisions|msc20080106.1]]: User name, email & address data is not to be stored in the CATS database. This may mean for example that the information is gathered after the test, and mailed out to Poster + Assurer. * education maillist password reset, now held by Bernhard, Jens, Teus, iang. * long debate on the privacy/public status of serial numbers in certs * Rasika reports that as they can be used to track people, they "are PII" according to some views. * yet they are probably public, as they are in certs meant to be delivered to others * need to establish a workable rule * move debate to policy group * OA * Nld: first org is assured via teus/board decision; * one case has been CAcert board: Mercy4All. * board approved and acted as Org Assurer * need still exists for NL OA's * Teus has proposed that Oophaga and/or Teus be NL assurers, board is considering? * '''can Assurers be companies/organisations?''' * US * Greg S, no reply * question from RayJ in Col (sysadm who is a replacement for Adam B) * Cal, some connection? others? * who is oversighting the OA area? * ask JP some time. * who would we want for this? * another application for the ticketing system * Assurance Policy needs review and feedback from policy list * only posted last week, so too early for much feedback * need list of changes to think about * vigourous debate about the requirement to add the email address to Assurance * Code-signing policy * seems to be getting closer to consensus on policy group * needs abstract of discussion * writing up in Policy * income base for for-profit packages? * Assurance promulgation plan now on wiki RolloutCommunityAgreement * because of NL move, not a high priority * '''iang''' to mail systems & marketing groups. * CCA is entering final race to POLICY * 9th of January * '''teus''' to remind policy group * 3rd wip of 3pv-DaL for vendors is in circulation * let's not drown out the policy group on this at the current time. * mention 3pv-DaL to pg who requested it earlier; '''iang''' * Teus asked about recursive distribution arrangements, noted in wip * assurer mark for challenge passed assurers. * ask for this in the system as short term internal marketing to get Assurers to do the Challenge * '''Evaldo to file bug''' * suggest that policy mailgroup be managed by M-SC and that trailer message be changed to highlight important votes in progress. * [[ManagementSubCommitteeDecisions|msc20080106.2]] m-sc to manage the policy maillist directly, ask for password. == Systems == * Nld move / Philipp. Missing reports (also tonight?) * USB link cable asked for, unsure which in first request, now clarified * USB software exists in library form? * and Rudi's (time commitment problems), * create systems cmtee? (need input from Evaldo) * defer the creation until NL move * need solid starting point. * current situation is hopeless as a position to start from. * alternate plan C: "project cachaça" * researching locations * admin team: Daniel, Ted, ... * bill to CAcert * Teus + Evaldo: should bill for 6 months. * to be submitted. * request from philipp to do check on OCSP/CRL people? * not clear what check is required * '''evaldo''' to outline concerns in email to m-sc == House Style == * balls in air, defer * new logo incorporation * new style in web pages * new style development for wiki, blog * advertisement handling (google, text ref, buttons, logo's) * cert button == Admin == * organigram * Evaldo needs the file resent * we need overview of decisions taken: * AGM, M-SC, Cmtee, * see DecisionNumbers * policy proposals and running threads (multiple names, email poll, code signing, US subpolicy, assurance policy, .... * maybe we should track the policies with a tracking system as well! * Wiki pages need updates....(new postbox address, wiki page widows, ...) * '''teus''' to write and ask about DocOffr Sebastian helping there * more people helping on the wiki? == Audit == * Complete criteria DRC-A set is now inserted into SVN, for PHP scripting * demo done of the test.php for browsing / searching * code is very simple, not well developed. * Request to non-critical team for a TLS/cert login website like CATS (please, pretty please). * [[ManagementSubCommitteeDecisions|msc20080106.3]] set up an account on existing webserver alongside CATS. * can get SSH to upload the data. * once set up, ask Philipp to allocate domain * Evaldo to create the cert. * understanding/workplan for auditor * teus to respond to audit proposal * difficulties already apparent in NLnet agreement as phase 1 completion / phase 2 start requires move + dual. *'''teus''' to talk to ggr, outline the auditor's opinion. * security manual * can now signal to external contractor that the money is approved by NLnet * '''teus''': need to negotiate something, some understanding is needed * question: is Pat external to CAcert or "one of the community" ? == Committee meetings == * schedule (3 month period) committee (board) meeting to wrap up decisions taken * to get the decisions into the wiki page. * Teus + Evaldo to chase the board * AGM minutes on desktop of Evaldo. Need review. * Teus to post to board.......