= Minutes Management Sub-Committee meeting 20080225 10 pm - 1:30 am MET =

* Present: iang, teus, evaldo
* next meeting schedule: 6 March 2008.

== Dispute Resolution ==
* emaillist of case managers and arbitraters
* 9 members on the list as arbitrators
* teus + iang as observers
* '''need to test as is rejecting email posts'''
* ruling of a20071205.1 completed on 21 Febr
* any cases?
* one indicated from MS, '''iang''' to chase

== Assurance ==
=== policy list work ===
* '''teus''' to give overview of current issues and status.
* OA, teus has chasted AT, US, AU,
* JP approached Switzerland but found no-one to help,
* CH is stalled.
* Teus is chasing (via AT and CH people)
* M-SC has taken the lead for OA.
* OA AT: PG + PD will do next step
* OA USA: GS, GM + RJ will do next step including Europe+Mexico
* OA AU: RC proposed subpol (added CCA+DNS control check)
* feature request for DNS control check? '''evaldo''' to chase
* OAP (main one, not subpol):
* countries have no OAs nor a subpol
* areas that have no OAs around
* teus suggests that the board then picks that up?
* teus has mailed to policy group
* to be debated....
* '''teus + iang''' to check the posts
* how do we check who is an assurer?
* (once the CATS passing-marks are in the database this will be easier)
* privacy/public status of the information in the certificates
* cert numbers
* name
* need to push this on the policy list
* code-signing policy
* TH made proposal to [policy] for basic claims plus optional claims
* code-signers enter into a contract
* modelled after the Creative Commons concept
* need to chase it: '''Teus'''
* code signing: proposed signer agreement and signer statements/claims Then policy write up
* Dutch DPA authority stated this week that it is forbidden to copy passports
* the complaint originated from US people having their passports copied!??!
* does CAcert follow suit?
* do all passports copies need to be dropped?
* what about old Assurers?
* some very early Assurances were "send photocopy to CAcert Inc" ... what to do?
* then it was migrated to Assurer holds the photocopy.
* '''Teus''' needs to announced this decision to us all.
* need to announce to all Assurers to destroy
* need a dispute filed to ask Arbitrator to order all passports copies to be destroyed. (i) Assurers, (ii) CAcert Inc., (iii) support IMAP mailbox.
* policy question is whether to delete and drop any and all requirements. '''Teus'''.
* add a CATS question
* related question: Identity Numbers (passport numbers, identity card numbers) are being written down on CAPs.
* 2004: Duane dropped it because of privacy concerns in the US (SSN).
* same timeframe: Duane was very against credit cards being used. Evidence from recent assurances is that credit cards are refused.
* Tverify ==> subpolicy for other CA's members.
* Tverify needs subpol to be written.
* TTP
* need a subpolicy (propose a new policy) proposed no discussions seen
* Junior Assurer, below 18 years of age
* need a subpolicy for Junior Assurer
* there are about 30 or so...
* 10 points allocatable only.
* Senior Assurer, people who have reached 150 or beyond?
* need to drag out the wip doco and think about it
* need for DOB, proposal to drop DOB from database (i Naye)
* dropping the DOB ''and'' making all cert info as "public" means practically all DPA/PII data disappears. Big win!
* make this claim on the policy list...
* CCA now linked directly from main page, as is /policy/ thanks to philipp.

=== CATS ===
* 2nd sysadmin, has he been added yet?
* Rodrigo has limited availability right now, so no point in adding him.
* Thinking of another one.
* '''Evaldo:''' Add Ted.
* Ted statistics
* 98 Assurers now have passed
* ask philipp for what stats are available for Assurers: done
* need to mention that the Assurers will be chopped off
* Teus: 98 is not enough
* Evaldo: deadline, we can't say much of anything 1st July.
* nothing on public awareness? Doco resigned, PR is a mess, mkt is quiet.
* Ted to chase PR? Ask Ted.
* how many Assurers are active today? In the last 6 months?
* if number of active Assurers (last year) is N, then 25% should have it before we impose a deadline.
* if the Assurer can do an Assurance, then they can do the CATS Assurer Challenge.
* Ted has declared CATS ready for mainstream
* a blog post from henrik done
* PR: asked support to add one liner on main web page CAcert
* '''teus''' Philipp can be asked .
* Evaldo agrees this is to be urgent.
* how to boost the number of Assurers passing the Assurer Challenge?
* reward structure?
* not keen on boost of points
* prefer non monetary reward
* like Pins
* $1.50 in cost, $0.75 to post in Europe. $1 for US.
* 250 in stock, 250+100 DE.
* Pins until stocks run out
* Pins for next 15 days!
* no money for postage right now?
* Send to Ted? (Jens or Teus can send)
* can Ted ask someone in the US to do the postage?
* '''teus''' question to education list, talk to Ted?
* Challenge-passed
* report over to core system, status of that?
* '''iang''' to chase:
* implementaton of Challenger-passed mark into the database is pending?
* teus reminded Philipp.
* assurer mark for challenge passed assurers
* ask sysadmins for this [[http://bugs.cacert.org/view.php?id=499]] it is the bug that covers this work
* paper certs
* the certificate is for "am an Assurer", let's leave this as is for now
* Secure-U should pick up postage costs, but not for the immediate future because of startup issues. We wait.

=== Other ===
* Assurance promulgation plan
* Iang to mail systems & marketing groups.
* chased systems page changes as part of CeBIT feedback
* teus wants metadata on the page for the policies.
* has sent email to Philipp
* Policy on Policy has gone to POLICY
* Changes
* PoP needs to be added into /policy/ .. is this urgent.
* Principles should be somewhere too
* these are recorded as task on RolloutCommunityAgreement
* /policy/ is now linked, as is the CCA

== Systems ==
* Cachaca project drafted: to be decide:
* time in Nld+Brazil
* can all be prepared in Brazil, in "production with test systems"
* 2-3 days in Austria.
* 1 week doing servers in NL.
* wait to do bugs.
* so we need to set up the team before? (decision?)
* create a list of prospects
* Evaldo: flying to build a team is not viable.
* Iang: need to do action to impress new team.
* M-sc needs to approve the team members for critical systems.
* remote work? how to do the reboot remotely?
* prepare the kvm before flight?
* finding team (at least one person)?
* cost for CAcert work in Brazil is zero, Europe cost is 100's.
* costs can be managed if around weeks
* but Brazil has higher distraction factor.
* crunch decision for Evaldo, can the team be formed.
* before flight, team is formed.
* plan is re-cast.
* Finish the plan, propose to board.
* M-SC decision is to build the team to move the system to Netherlands.
* Evaldo is to start that team.
* Philipp is providing the software to Evaldo.
* incorporate tonight's changes, circulate plan, and then send plan to board. '''iang'''

----
= Stopped here. =
Please read through and pick up rest on chat.

* Funding
* from Audit Project?
* AtC funding needed?
* NL move
* USB link installed, serial line was also requested by PG
* interest of volunteers: JJ (NLnet Labs) proposed, Medison (pending)
* no interest seen: old email from PG with some names. Need to chase.
* create systems committee
* Evaldo compiles req list '''For systems sub-committee? We said it is not exactly needed'''
* need closed group nomination policy?
* bounce back ideas and create a proposal to board: '''all'''
* link
* serial not on Suns
* Spare Tunix firewalls PC has them
* or use USB, or use Ethernet, device nodes available?
* software
* decision taken by board sw to go to EG
* familiarisation with sw is started
* Some pieces are already sent, missing many pieces still, but probably able to create a working set with the available data already
* Virtual machine with signer is installed, missing OpenSSL profiles
* Virtual machine with web application is in progress, missing some bits and pieces
* Support team
* new member was discussed (problems: not assurered, possible conflict of interest with his work)
* notify ggr + rob of situation: done, Member not invited.
* admin team: Daniel, Ted, Michael ???
* check OCSP/CRL distr systems (Philipp request)
* not clear what check is required
* outline of concerns by Evaldo to M-SC:
* '''a CRL distribution point that is NOT UP TO DATE is a big denial of service on revocation (unable to properly revoke and send the message out)'''
* '''a bogus OCSP server can declare legitimate certs revoked, and vice versa'''
* '''Even if we decide to remove a DNS entry for the bad servers, DNS caching might hurt us'''
* PG asked for status.
* iang to talk to Pete S
* are these critical systems?
* nothing much on them
* DOS for revocation checking
* certificate could be used for a social engineering attack
* teus chase philipp with questions. Done.
* OCSP/CRL usage stats: 5000 p/mnth (PG)
* outage stats OCSP routing: 25 mins/mnth (98% uptime) (PG)
* getting sources up and available
* good to get the board to finalise the licence under which the source code is to be issued.
* agreed that CAcert is to own the full rights, as per the FSFE tfr agreement
* proposal to board to be written up on that basis '''iang'''
* '''iang''' to review GPL[23] again :(

== House Style ==
* new logo & new web style promissed first week Febr to be incorporated. No action caused ripple effect for events.
* advertisement handling (teus: status unknown)
* cert button (teus: status unknown)

== Admin ==
* organigram wait for commuinity comments ends on 1st of March.
* email lists / aliases for offices. Names offices to be sync'd.
* overview of decisions taken
* need to be diligent and record the decisions!
* '''ask Evaldo for additional permissions for all board members to write on the board decisions page''': #acl All:read TrustedGroup:read,write teus:read,write correct?
* also a new update on board decisions has been written and sent to Evaldo. Need to chase. '''Evaldo> where? I do not see it here'''
* tracking system for policy progress?
* wiki pages update
* teus to write to Sebastian Documentation Officer. Done, no reply due to CeBIT.
* more people to help
* we need the existing Doc Policy work-in-progress
* especially on the wiki or on the svn

== Audit ==
* workplan for auditor, teus
* teus to respond to audit agreement. Draft is finalizing now: dealine 24 Feb.
* start real audit requires '''NL move + dual control'''
* security manual
* is in progress, received doc on config as was in 2006
* Pat sent email with questions.
* NLnet-MoU
* need announcement press release, but defer this until after agreement with auditor is reached
* RC sent bill for first 9K funding
* documents now on website
* real audit can only restart when systems are completely moved to NL Need date (Cachaca project and/or PG last trial; GP seems to be stalled on serial/link protocol.

== Committee meetings ==
* schedule 3 month period for wrap up decisions taken by email
* meeting scheduled end of Febr
* get email decisions into wiki
* AGM minutes need board review is now on wiki
* '''iang''' to review

== Assurance Events ==
* CeBIT: secure-u received for CeBIT 1k + 5K earmarked for ML (Events coordinator)
* CeBIT: flyer in english needs style, content, spelling corrections (too late informed what was going on)
* CeBIT: CAP/COAP forms on web page were not updated with logo and CCA statement.
* two events in US handled by GS
* no budget available for travel/accomodation/entrance for events
* no budget available for events. Exemption was CeBIT and Systems.
* not much attention for non-German events
* ML was chased on the issues

== CAcert Associations ==
* policy to be updated
* secure-u commitments
* funding earmarked for CAcert should be controlled by CAcert (board notice?)
* if local funding is raised locally how to get properly in control of CAcert? * finances for meetings

== PR / Marketing ==
* flyers/CAP/COAP, CCA printouts, sources

== merchandize ==
* spreadshop (shirt ware, cups) initiated via secure-u. Income?
* eToken via secure-u. Denied special CAcert subdomain name for this.

== M-SC finances ==
* finances for meeting travel
* equipment funding?