. '''To Brain''' '''[[Brain#CAcert_Inc._-_CAcert.org_Members_Association| CAcert Inc. - CAcert.org Members Association]]''' - '''To Brain CAcert Inc. Committee''' '''[[Brain/CAcertInc/Committee/MeetingAgendasAndMinutes| Meeting Agendas & Minutes]]''' - '''[[Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20090815|last meeting]]''' - '''[[Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20090926|next meeting]]''' ---- == Agenda - Committee Meeting 2009-09-13 == . 1. '''Preliminaries''' . 2. Arbitration blockages. . 3. DPA progress. . 4. Team Leader annual reports for AGM . 5. Status of Finance: '''[[Brain/CAcertInc/Finance/FinanceProjection| Projections]]''' and '''[[Brain/CAcertInc/Finance/FinanceAccounting/Paypal| PayPal]]''' , report for AGM? . 6. Communications Practices - Will be Progress Report -> '''CAcert.org''' Identity '''[[comma/Identity/CommunicationCommunications| Communication & Communications]]''' . 7. Late additions: . 8. '''Question Time''' see below. . 9. '''Closing.''' <
> == Minutes - Committee Meeting 2009-09-13 == <
> ==== Synopsis of Meeting Contents ==== . No synopsis done, please see '''[[Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20090913#Meeting_Transcript| Meeting Transcript]]''' <
> ==== Decisions Reached by Motion including Update since last Committee Meeting - Overview ==== . [[https://community.cacert.org/board/motions.php?motion=m20090913.1|m20090913.1]] - The last Meeting was improperly called and is vacated . [[https://community.cacert.org/board/motions.php?motion=m20090913.2|m20090913.2]] - Accept the minutes of the Board Meeting 2009-08-15 . [[https://community.cacert.org/board/motions.php?motion=m20090913.3|m20090913.3]] - Accept provisional motions . [[https://community.cacert.org/board/motions.php?motion=m20090913.4|m20090913.4]] - Decline m20090830.1 . [[https://community.cacert.org/board/motions.php?motion=m20090913.5|m20090913.5]] - Ask the DRP Officer to modify the case assignment procedure in accordance with #1.5 of the [[http://www.cacert.org/policy/DisputeResolutionPolicy.php| DRP]] . [[https://community.cacert.org/board/motions.php?motion=m20090913.6|m20090913.6]] - Circulation of Fiiscal Information . [[https://community.cacert.org/board/motions.php?motion=m20090913.7|m20090913.7]] - Paypal Info for support . [[https://community.cacert.org/board/motions.php?motion=m20090913.8|m20090913.8]] - Paypal Info for support . [[https://community.cacert.org/board/motions.php?motion=m20090914.1|m20090914.1]] - Separation of Powers (Arbitration vs. Board-Membership) . [[https://community.cacert.org/board/motions.php?motion=m20090914.2|m20090914.2]] - Confirm Motion m20090912.1 <
> ==== Meeting Transcript ==== . {{{ (19:59:46) *mode (+vvv andreasbuerki ernie GolfRomeo) par nb* (20:16:04) *andreasbuerki a quitté le salon (quit: Quit: Leaving.)* (20:23:51) *ernie a quitté le salon (quit: Quit: Leaving)* (20:26:24) *andreasbuerki [/andreasbue@217-162-119-89.dclient.hispeed.ch/] a rejoint le salon.* (20:26:38) andreasbuerki: hi everybody (20:26:46) GolfRomeo: Hello ! (20:27:48) GolfRomeo: Nick will need to voice you again (20:31:46) *Archives démarrées. Les nouveaux messages de cette conversation seront archivés.* (20:36:17) *ErnestineSchwob [/ernestine@217-162-119-89.dclient.hispeed.ch/] a rejoint le salon.* (21:25:23) *iang [/iang@85-127-128-65.dynamic.xdsl-line.inode.at/] a rejoint le salon.* (21:25:29) iang: hi all (21:25:44) *u60 [/Administra@p54B0D29B.dip.t-dialin.net/] a rejoint le salon.* (21:26:01) iang: have i missed anything? (21:26:18) iang: can someone set the topic on the main list? (21:49:14) *dirk [/dirk@89.244.112.117/] a rejoint le salon.* (22:08:40) *mode (+vvv andreasbuerki ErnestineSchwob iang) par nb* (22:08:49) nb: board meeting is in a hour i think right? well actually 50 mins (22:12:56) iang: yes, i agree, 50 mins (22:21:25) *nb a changé le sujet en : CAcert Incorporated Committee (Board) Meeting Channel* (22:44:59) *Q [/Q@dhcp-095-096-014-167.chello.nl/] a rejoint le salon.* (22:48:59) *philipp [/pdunkel@dsl-stat-43-2.mmc.at/] a rejoint le salon.* (22:52:55) *mode (+v philipp) par nb* (22:53:07) nb: so now we are just missing mark? (22:53:54) iang: i guess. (22:54:05) iang: nick, just to confirm ... i've seen no minutes? (22:54:45) nb: oh yeah, just a sec (22:56:26) ErnestineSchwob: hi everybody (22:56:31) philipp: Hi All (22:57:01) nb: Will be sending out minutes shortly from last meeting (22:57:04) nb: forgot to send them yet (23:04:44) GolfRomeo: Hello (23:05:10) andreasbuerki: hi everybody (23:05:54) iang: http://wiki.cacert.org/wiki/Board/NextMeetingAgenda (23:07:16) iang: nick? (23:08:27) nb: one second (23:08:55) andreasbuerki: where is Mark? Some News from him? (23:09:34) nb: there i have minutes now (23:09:41) ***nb hereby calls this meeting to order. (23:09:56) nb: any observers may send comments to the board in #cacert (23:10:11) nb: there will be a question time later where you may comment in this meeting also (23:11:01) nb: I move that we accept the minutes of the previous meeting located at http://fpaste.org/Y86i/ which will be placed on the CAcert SVN shortly after this meeting (23:11:16) nb: they do not contain the transcript, just contain the official motions adopted (23:11:30) nb: the transcript is at https://svn.cacert.org/CAcert/CAcert_Inc/Board/Minutes/20090815_log.txt (23:11:56) nb: questions/comments/votes? (23:12:40) GolfRomeo: I abstain as I haven't been given the chance to attend. But I am here today so (23:12:45) GolfRomeo: everything is back to order (23:12:46) philipp: I think that accepting the minutes should not be done (23:12:55) philipp: At least not until all motions were conformed (23:13:01) nb: philipp, so do we want to declare it a non-meeting and re-adopt the motions at this meeting? (23:13:05) philipp: s/conformed/confirmed/ (23:13:10) andreasbuerki: if Guillaume agrees...? (23:13:11) philipp: Yes (23:13:21) GolfRomeo: andreasbuerki : yes sure (23:13:26) philipp: At least after the stuff that Guillaume ahs claimed, I think that this would be prudent (23:13:35) ***nb withdraws his motion to accept the minutes (23:13:35) iang: i don't like the idea of declaring a meeting a non-meeting. (23:13:58) andreasbuerki: so the declare it as? (23:13:59) philipp: Point is, Guillaume has claimed that he was excluded from that meeting. (23:13:59) iang: however i agree that accepting the minutes at this stage seems rushed. also we have a separate item there to accept any motions. (23:14:00) GolfRomeo: iang : we redo now and everything is fine. case closed (23:14:00) nb: iang, well, technically it was not a meeting since consent was not obtained from all members (23:14:17) *magu| [/mgummi@g224098055.adsl.alicedsl.de/] a rejoint le salon.* (23:14:20) philipp: That is BS in my opinion. But I don't want there to be any doubt what so ever (23:14:29) nb: Do I hear a motion to vacate the "meeting" on 8/15 and declare that it was not properly called? (23:14:51) nb: or however you wish to move it? (23:14:58) GolfRomeo: yes (23:15:05) iang: i also think it is BS. errors in procedure should not cause decisions to be overturned .... but whatever ... if you want to do it that way, let's do it (23:15:22) ***nb is somewhat neutral on this issue (23:15:36) philipp: I do agree with Guillaumes motion. However I will vote that the meeting was in fact properly called (23:15:53) iang: i haven't seen a motion as yet? (23:16:19) philipp: @iang the motion is to vacate the meeting because it was improperly called (23:16:47) iang: perhaps the motion is simply to vacate the meeting without specifying the reasons. (23:17:15) iang: s/the/an alternative/ (23:17:18) philipp: I would like the reason there, because when that motion does not pass, that is a sign (23:17:27) GolfRomeo: motion : The previous board meeting has been called for day D and happen 2 days before. (23:17:47) nb: GolfRomeo, it was? /me does not recall one being called for a future date (23:18:06) ***nb is confused (23:18:22) GolfRomeo: nb : Philipp, Ian, Ernestine and Andreas found convenient (ok) to do it earlier (23:18:34) GolfRomeo: than planned (23:18:38) nb: GolfRomeo, i dont think we ever had decided on a day other than the one that took place (23:18:55) ErnestineSchwob: GolfRomeo, what you mean (23:18:56) GolfRomeo: As I say, let's not stop here and try to go on (23:19:01) iang: the date & time was agreed between 36 & 48 hours before the meeting. It is supposed to be called 2 days in advance. In fact it was originally called 2 days in advance, we just had to clarify the date & time (23:19:25) GolfRomeo: Ernestine : I was busy and cannot access the emails (23:19:42) GolfRomeo: I planned to follow the meeting (23:19:53) GolfRomeo: but found that the meeting already happened (23:20:04) ***nb would vote NAYE to the proposed motion from guillaume but would vote AYE to a motion saying to vacate the "meeting" because it was not properly called (23:20:09) philipp: In which case you should refrain from claiming you were intentionally excluded from a board meeting. Because that is a pretty serious charge (23:20:24) philipp: (That was @GR) (23:20:24) ErnestineSchwob: GolfRomeo, by the way, the meeting wasn't called from us (23:20:48) GolfRomeo: I vote AYE to Nick motion and I ask you to go on (23:21:02) ***nb votes AYE to my motion (23:21:14) philipp: What was your motion? (23:21:22) GolfRomeo: Because we have bigger concerns with CAcert. (23:21:25) ErnestineSchwob: nb, what was your motion (23:21:34) andreasbuerki: second philipp (23:21:47) nb: philipp, to vacate the "meeting" because it was improperly called (i.e. not 48 hours notice and not unanimous consent of the committee) (23:22:04) andreasbuerki: What do you mean with bigger concerns, guillaume? (23:22:07) philipp: NAYE (23:22:19) GolfRomeo: andreasbuerki : the agenda planned (23:22:24) ***philipp claims the meeting was properly called (23:22:41) iang: NAYE (23:23:07) nb: andreasbuerki, ErnestineSchwob? (23:23:11) ErnestineSchwob: NAYE (23:23:26) iang: iang thinks that procedural errors should not cause an entire meeting to be wasted, unless there was an actual issue there that is challenged (23:23:27) andreasbuerki: NAYE (23:23:36) ***nb declares the motion not carried (23:24:04) philipp: In which case we can now get back to 1.2 of the agenda. (23:24:08) iang: ok, are we going to carry these votes on to the online system? I think that is a good idea myself. (23:24:09) ErnestineSchwob: nb, and guillaume agrees after the meeting (23:24:16) nb: ErnestineSchwob, yeah i know (23:24:26) ***philipp will move them to the system (23:24:45) nb: we still have the issue of having a meeting with no minutes (23:24:50) iang: nick: your minutes are more or less the same as 1.3 ? (23:24:51) nb: since we have not approved minutes of the meeting (23:25:21) nb: iang, well, are we going to say the meeting was valid? if so, then the motions don't need to be in 1.3 of this meeting (23:25:43) iang: i wouldn't have said those were minutes ... i'd like to see more of the discussion in there. (23:25:49) ***nb would like a motion to pass, one way or another, to state the position of this board on if the 8/15 meeting exists or not (23:26:04) nb: iang, ok, noted. i have seen both styles in organizations i've been involed with (23:26:09) philipp: Now we can and should go on to approve the minutes which were provided via the voting system as well as the IRC transscript (23:26:21) iang: nb: question understood ... i'm just unsure of the procedure here. you are saying that if in 1.2 we accept the minutes of the last meeting, that includes all those motions. Fine. (23:26:37) nb: iang, yes, because they would have happened at the 8/15 meeting (23:26:39) iang: shall I change the agenda to reflect that? (23:26:41) nb: so they were already approved (23:27:12) nb: i don't see the point in re-voting on them at this meeting if the position of this board is that the meeting on 8/15 was valid (23:27:37) ***nb listens for a motion as to how to proceed (23:27:44) GolfRomeo: (and it is not going to change much with or without my vote) (23:28:03) GolfRomeo: (I meant from previous meeting) (23:28:13) philipp: I agree with NB here (23:28:20) andreasbuerki: Guillaume, you are a board memebr... ;-) (23:28:24) philipp: Let's accept the minutes and then strike point 1.3 (23:28:45) philipp: Motion to accept the previous meeting minutes (23:28:46) ErnestineSchwob: I agree too with NB (23:28:51) iang: well, we would always accept the minutes, which includes those motions. (23:29:01) ***philipp motions to accept the minutes of the previous meeting (23:29:02) iang: seconded (23:29:03) andreasbuerki: Does GHuillaume agees as well? (23:29:07) GolfRomeo: andreasbuerki : and I don't want to stall CAcert with procedures (23:29:27) GolfRomeo: andreasbuerki : Can I just abstain ? (23:29:40) ***nb feels the best position would be to vacate the previous meeting and re-vote now (23:29:45) nb: but that was defeated, so (23:29:49) *pemmerik [/pieter@cc518889-b.hnglo1.ov.home.nl/] a rejoint le salon.* (23:29:53) ***nb calls for votes on philipp's motion to accept the minutes (23:29:56) GolfRomeo: I read the logs anyway (23:29:56) andreasbuerki: Guillaume, Do you have no opinion? (23:29:57) iang: AYE (23:30:18) philipp: AYE (23:30:43) ErnestineSchwob: AYE (23:30:45) GolfRomeo: I have no concerns afair about the meeting logs so I abstain (which is an almost aye) (23:30:55) andreasbuerki: AYE (23:31:13) andreasbuerki: ;-)@Guilaume (23:31:13) nb: ABSTAIN (23:31:24) ***nb declares the motion carried (23:31:26) andreasbuerki: ehm.... (23:31:38) philipp: @GR what should I enter as your vote into the system? (23:31:39) andreasbuerki: *just wondering* (23:31:46) nb: philipp, you would enter abstain i would think? (23:31:51) *law [/law@ist.der.groesste.saeufer.von.lanarena.de/] a rejoint le salon.* (23:32:04) philipp: OK (23:32:32) *snewpy [/Mark@ppp121-44-85-227.lns10.syd6.internode.on.net/] a rejoint le salon.* (23:32:46) nb: # (23:32:46) nb: m20090828.1 Accept Fabian Affolter as a member of CAcert Inc. (23:32:46) nb: # (23:32:46) nb: m20090818.1 Accept Pieter van Emmerik as a member of CAcert Inc (23:32:57) nb: I move those two "provisional decisions" be confirmed (23:33:00) philipp: NG: Mark just joined! (23:33:03) iang: seconded and AYE (23:33:06) philipp: Can you voice him? (23:33:06) *mode (+v snewpy) par nb* (23:33:07) snewpy: Hi guys, very sorry I'm late, I got my times messed up (23:33:13) andreasbuerki: Hello Mark (23:33:13) ErnestineSchwob: hi mark (23:33:17) philipp: Hi there (23:33:17) nb: hi mark (23:33:30) GolfRomeo: Aye both (23:33:30) andreasbuerki: you sleept over ;-) (23:33:35) nb: AYE (23:33:36) iang: snewpy: we just accepted the minutes of the last meeting, and also voted to confirm the last meeting and not vacate it (23:33:57) snewpy: iang: ok (23:34:03) ***philipp seconds nicks motion to accept the 2 provisional motions (23:34:08) iang: (the minutes are just the list of motions in that meeting) (23:34:18) GolfRomeo: nb : but note that I would have prefered being at the meeting but I am fine. (23:34:25) nb: GolfRomeo, noted (23:35:14) nb: votes from snewpy, andreasbuerki, ErnestineSchwob on confirming the new member motions? (23:35:20) iang: we have three AYES to the last motion? (23:35:21) snewpy: aye to both (23:35:22) ErnestineSchwob: AYE (23:35:29) andreasbuerki: AYE (23:35:33) ErnestineSchwob: AYE to both (23:35:36) ***nb declares it carried. (23:35:37) philipp: Aye (23:35:43) andreasbuerki: for both AYE (23:35:56) nb: next item is arbitration blockages (23:36:12) iang: nick: can we mention the vote we want to un-confirm? (23:36:17) nb: oh yes (23:36:19) nb: sorry (23:36:28) iang: I am suggesting that we decline m20090830.1 because that was done on the basis of unreliable information. It turns out that the person concerned was not trained as expected, only briefed. Sebastian himself has withdrawn it in a post to board but I think we have to formally knock it down. (23:36:42) iang: https://community.cacert.org/board/motions.php?motion=m20090830.1 (23:36:44) ***nb seconds iang motion (23:36:48) nb: AYE (23:36:50) GolfRomeo: AYE (23:36:54) iang: AYE (23:37:10) ErnestineSchwob: AYE (23:37:14) andreasbuerki: AYE (23:37:33) snewpy: aye (23:38:06) nb: philipp? (23:38:12) philipp: Aye (23:38:52) ***nb declares the motion carried (23:39:01) nb: next item is arbitration blockages (23:40:03) nb: who would like to speak about this? (23:40:05) iang: yes. i posted this item. I have some prepared points ... unless you have some yourself? (23:40:09) nb: iang, go ahead (23:40:23) iang: 1. an arbitration has been dropped / lost. It was clearly known about because it was filed twice, once to support and then once to the cases list. It still didn't get an arbitration nor a response indicating that it is declined. (23:40:23) iang: 2. Arbitrators have been expediting cases, so this results in "some" having access and "others" not. This is bona fide evidence for striking down any Arbtiration in court: it's not fair. (23:40:23) iang: 3. This case was an important issue. Security Policy *requires* such an arbitration. We need to know why this didn't get handled, because if SP can't be met, we need to change it (as well as everything else that relies on Arb). Because of the importance of this issue, it is beyond an issue of simple fairness. (23:40:24) iang: 4. How do we deal with issues / complaints with arbitration? For all other systems, we can file a dispute! Not with Arbitration; there is no point in my filing my complaint about a lost Arbitration to Arbitration. (23:40:24) iang: 5. Also, there is no channel to reach. If we try and mail the Arbitrators list, it gets rejected. Mails to support get passed on to somewhere else; (23:40:25) iang: 6. Support is responsible for passing them in; but then what? Who is responsible for making sure the rest of the process is done? (23:41:32) snewpy: my 15,000 foot observation is that we have far too many of what I would consider "junk" arbitrations (23:41:47) iang: that's my points. open floor? (23:42:10) andreasbuerki: is there any arbitration training? (23:42:17) philipp: I think that the main problem is that we are using the wrong tools which in combination with lack of management causes the problem (23:42:20) snewpy: things that can, at least now with the benefit of hindsight, be adequately well defined in a policy, rather than burning energy in arbitration (23:42:34) GolfRomeo: Guillaume (support hat) : the support team decided to move the case processing directly by the case managers as there is too much work in handling arb cases. Alejandro notified and I approved. (23:42:34) ***nb thinks that some things like the name change ones could be somewhat expedited (23:42:40) iang: snewpy: it's possibly true ... one thing is that we wanted to start with a lot of easy ones. another thing is that the arbitrators themselves can create precedents for the "junk" ones. (23:43:07) GolfRomeo: note : In case I see a arb request I forward to the arb list (23:43:07) nb: like a ruling that support cna change names given perhaps a scanned passport and a statement from an assurer (23:43:23) philipp: I think the real issue is that the way to file a dispute leads via support which is already overburdened. (23:43:39) nb: philipp, why don't we tell people to send to cacert-disputes@lists.cacert.org (23:43:40) philipp: Then it moves onto a list, where everyone hopes that someone else will deal with it (23:43:46) nb: i thought that was what it was supposed to be? (23:43:55) nb: although yes, we still need to get someone to handle those (23:44:03) philipp: And even when something has been taken it moves on to the wiki, which is the worst place to manage this stuff (23:44:03) snewpy: yes, I think Philipp makes a good point, that the tools aren't cutting it for managing these (23:44:10) ***nb notes that his request to add his full name has not even gotten an arbitrator yet (23:44:11) iang: well, the problem there is that many support calls have to go through there and be "triaged" into disputes ... and support already has the job of directing these. (23:44:12) GolfRomeo: nb : that what should happen now : cacert-disputes@lists.cacert.org (23:44:26) nb: GolfRomeo, yeah (23:44:31) andreasbuerki: so the channel is right... (23:44:41) philipp: I think we should have one person or a team of two, distributing cases to arbitrators rather than having arbitrators pick cases at random (23:44:46) iang: however, also bear in mind that the policy states it goes through support@ and that has to be changed at the policy level (23:44:53) ***nb suggests disputes@cacert.org be created too to make it easier (23:44:54) snewpy: I don't think it makes sense to have these go through support... (23:44:56) nb: iang, oh true (23:45:06) snewpy: it just adds another step in an already too long process (23:45:06) iang: there is also value in having a simple system "send your problems to support@" is very simple to teach people (23:45:15) philipp: Point is, I think from support it should go to a team of 2 people that assign arbitrations (23:45:27) philipp: and not to a list of 10 where everyone picks what they like (23:45:37) snewpy: but it seems like support@ is making decisions about when to forward things to arbitration too, which is a curious separation of power (23:45:52) andreasbuerki: i support disputes or abritration mail list (23:45:54) GolfRomeo: philipp : right, we need to appoint the 2 people (23:46:04) snewpy: it would make more sense to keep the "send your problems to support@" mantra, but support@ should refuse to do things that are not within it's power (23:46:16) nb: but that would have to go through policy too i guess (23:46:18) philipp: I think that Nick as the DRP officer should be charged with that selection. (23:46:24) snewpy: and invite them to file with an arbitrator, rather than support@ doing that (23:46:30) GolfRomeo: snewpy : when we have a similar arbitration, the simple way is to use it. (23:46:33) nb: philipp, did we ever figure out if teus was going to come back to being DRP officer? (23:46:40) philipp: I also think that Ulrich has been doing a lot of that. So has nick, and I volunteer (23:46:54) snewpy: GolfRomeo: precisely.. if you have the power to do something by prior decision, then you just do it (23:46:56) andreasbuerki: I think Arbitration has nothing to do with Support, sorry (23:47:18) andreasbuerki: one is about a dispute nad the othe is about technique (23:47:24) philipp: I don't recall who said so, but Ulrich forwarded us a mail from Some Dutch guy that had spoken to Teus. In that he claimed that Teus considered that part of his resignation (23:47:30) snewpy: support@'s power to do something comes from three heads of power... policy, arbitration decisions, and administrative power from the board (23:47:35) nb: andreasbuerki, i agree generally although it does in the sense that arbitration can establish precedence to rule that support may apply that ruling to similar cases (23:47:40) GolfRomeo: andreasbuerki : that why support no longer wanted to manage and relay the cases (23:48:02) snewpy: if you have the power to do it, you go ahead and do it.. but I don't think the answer to something not being able to be done should be for support@ to create an arbitration, it should be on the user to do that (23:48:19) andreasbuerki: nb, iin general agree, ecept: that support may apply that ruling to similar cases (23:48:30) andreasbuerki: again, separate the tasks (23:48:51) andreasbuerki: a supporte is not an arbitrator (23:48:51) GolfRomeo: snewpy : we need to filter the claims (23:48:54) philipp: @snewpy: You are right. But how does a user create an arbitration? According to DRP by sending a mail to support@ (23:49:09) iang: andreasbuerki: not quite, the dispute system is also used as a 4 eyes for regular and routine tasks. the dispute is with the tech, not so much only people (23:49:11) snewpy: GolfRomeo: no, support@ should not be "filtering" arbitrations.. that is clearly a problem imo (23:49:21) nb: so does PoP mean that the board cannot change a policy? (23:49:23) iang: so what people think as support problems are actually disputes in our system (23:49:32) snewpy: philipp: perhaps we need to look at the policy (23:49:36) GolfRomeo: snewpy : sorry I meant support or anyone appropriate (23:49:39) ***nb supposes it does, although i would theoretically say that they can since PoP could be revoked by the board (23:49:40) philipp: @nb: yes that's what PoP means (23:49:41) andreasbuerki: iang, support a as a reviwer, why not (23:50:10) andreasbuerki: or the other way around (23:50:17) philipp: No PoP could not be revoked by the board. It could have been revoked while it was DRAFT, but now it is POLICY (23:50:28) snewpy: the "arbitration people" presumably have the power to throw out vexacious arbitrations all by themselves.. no one else should be filtering them (23:50:56) iang: nb: tougher than that, I'll explain later :) (23:50:57) andreasbuerki: by filtering you mean what exactly Mark? (23:51:04) philipp: @snewpy: this isn't about vexacios arbitrations, but about it being unclear if an arbitration is needed (23:51:31) snewpy: andreasbuerki: right now, common practice seems to be that support@ "creates" arbitrations on behalf of users, in response to a support request that falls outside policy, correct? (23:51:50) GolfRomeo: philipp: please what is "vaxacios" ? (23:51:53) philipp: I think the problem is that there is no clear path to what happens once the arbitration request hits the arbitratio@ list (23:51:56) snewpy: philipp: right, but support@ should respond "sorry, I cannot do that for this reason" and have a template "If you don't like this decision, here is how to get it arbitrated" (23:51:59) andreasbuerki: Tinking: Is there any List with possible example arbitration cases? (23:52:07) iang: snewpy: yes, in that this is the easiest ... users don't want to "file disputes" they just want support to make the problem go away (23:52:13) philipp: @snewpy: right (23:52:30) GolfRomeo: snewpy : practically support forwards the emails to arb list (23:52:31) philipp: @GR: arbitrations that are frivolous (23:52:36) andreasbuerki: Mark, until now I have this impression (23:52:41) iang: vexatious == tricky and annoying (23:52:45) GolfRomeo: @philipp : ok thanks (23:52:54) GolfRomeo: @iang : too (23:53:07) snewpy: vexatious means without merit... support@ refused to give me ice cream, so I want an arbitration (23:53:27) andreasbuerki: lol (23:53:32) GolfRomeo: @snewpy: thanks :) (23:53:44) philipp: @snewpy: I will now continue to file that dispute (23:53:46) philipp: ;) (23:53:59) nb: snewpy, i like your example (23:53:59) snewpy: I think it's a very important part of an arbitration system that the people that are potentially bound by the decisions don't have preferential access to it.. which means that support@ should not be the way to file an arbitration (23:53:59) iang: so where are we ... it seems like we are still in the fact finding stage? (23:54:08) philipp: I think still that the problem is in how cases are assigned more than anything else (23:54:18) snewpy: the user may not even want to have it arbitrated, they may prefer to just drop whatever they are asking for (23:54:34) snewpy: philipp: I don't disagree, but if we can clean up the entire process... (23:54:47) nb: so assign cases to arbs, but then they still have the right under DRP to decline them i think (23:54:57) ***nb looks at DRP real quick (23:55:01) andreasbuerki: Mark, agree... If you go for the "Supreme Court" you shouldn't have to ask the concierge.. (23:55:24) nb: also, there was a recent debate about if board members should serve as arbs/cm's (23:55:29) snewpy: andreasbuerki: you also shouldn't have to ask the police to file the papers at the court if you want to sue the police (23:55:34) iang: DRP says " 1.2 Channel for Filing: Disputes are filed by being sent to the normal support channel of CAcert,...." (23:55:37) philipp: @NB you are right, but to decline they will then have to notify the dispatchers of that and it can get reassigned (23:55:45) nb: philipp, true (23:55:51) andreasbuerki: exactly..who controlls the controller (23:55:55) nb: The personnel within the CAcert support team are Case Managers, by default, or as directed by the Dispute Resolution Officer. (23:56:07) nb: so actually we don't need board approval to appoint CM's (23:56:16) nb: actually that is already up to the DRO (23:56:19) ***philipp moves to ask the DRP Officer to modify the case assignment procedure in accordance with ¶1.5 of the DRP (23:56:24) andreasbuerki: iang, policies are not in stone carved, if missing something (23:56:36) iang: one of the reasons we decided to make it go through support was that this was a channel that should be controlled, logged and auditable ... so we could actually see somehow that there was some end-to-end quality going on. (23:56:41) snewpy: the DRP seems to leave significant wiggle room for how we technically accept cases... "normal support channels" seems a very easy to meet obligation (23:56:50) iang: of course that was the thougths 2-3 years back .. things have moved on (23:57:00) nb: philipp, i would second, however, will abstain as i am the DRO (23:57:18) andreasbuerki: iang, but a arbitration channel could also be controlled, or not? (23:57:36) snewpy: I think we should probably finish our discussion here before making resolutions, to try and reach some kind of consensus (23:57:46) iang: andreasbuerki: sure ... but they are carved out of set molasses :) it will take a while to get a change through (23:57:47) nb: ok (23:57:50) nb: snewpy, i agree (23:57:52) GolfRomeo: @snewpy : yes (23:58:01) andreasbuerki: ;-)@iang (23:58:09) snewpy: "we" shouldn't be controlling the arbitration channel, we have to set up the policies and procedures, and then have the arbitrators operate somewhat at arms length (23:58:13) iang: yes, and arb channel could be created and controlled. That's what I meant by "things have moved on" (23:58:14) andreasbuerki: how makes some proposal about the issue? (23:58:32) philipp: There are 2 discussions going on here: (23:58:32) philipp: 1. What do we do with the current situation (23:58:32) philipp: 2. How to we fix it in the long run (23:58:33) philipp: Number 1 we can deal with here. For number 2 we should have the discussion on the PolicyList which is the place to modify the DRP (23:58:38) andreasbuerki: make sense@mark (23:58:45) iang: snewpy: yes. This is what i would like to happen. The arbitrators should be able to see and sort this out themselves. (23:59:28) snewpy: there should, and appears to be, policies in place as to how arbitrations are handled, how they are recorded, and the parameters arbitrators operate within.. we should take out as many road blocks as we can, and let them get on with their job (23:59:29) andreasbuerki: For 1 - How has the abillity and the time to manage it? (23:59:40) philipp: @iang: which is why I made that motion. The board has seen a problem and finds it appropriate that the DisputeResolutionOfficer deal with it. We therefore ask him to do so. (23:59:41) andreasbuerki: How =who (00:00:03) snewpy: it seems like they probably need some technical tools to alleviate some technical problems, and also some "administrative guidance" to solve some non-technical problems (00:00:30) ***nb would tend to like to direct disputes@cacert.org to OTRS when it gets fully functional (00:00:31) philipp: Ulrich is currently doing a lot of it. So it Nick. And I am volunteering some time there as well. So I think that the DRO (Nick) would be able to deal with it if asked to (00:00:39) andreasbuerki: separte things is alwys wise.. at leat in this case (00:00:45) ErnestineSchwob: snewpy, think so (00:00:48) iang: @philipp @snewpy .. yes & yes (00:00:51) ***philipp agrees with nb on OTRS (00:01:18) philipp: I will move again (00:01:20) ***philipp moves to ask the DRP Officer to modify the case assignment procedure in accordance with ¶1.5 of the DRP (00:01:22) snewpy: philipp: I understand, but if we have a specific request, or direction, to the DRO, we can do that here too, rather than a generic "fix it up" motion which doesn't add much value (00:01:27) andreasbuerki: and ORTS will be fully functional then? (00:01:38) snewpy: presumably if "fix it up" was going to work, it would be working already (00:02:12) philipp: @snewpy: right, but I think since the DRO is here, he will get the drift. And if we leave it open, Nick can also find a better solution (00:02:35) philipp: Additionally, we should take the policy discussion to the policy list as we can't fix it here (00:02:48) snewpy: philipp: but there are some concrete things that we seem to have consensus on, which do not require a change in policy (00:03:06) iang: have we identified a specific policy problem? I don't see it as yet (00:03:13) snewpy: like removing support@ as one of the roadblocks to arbitration (00:03:33) snewpy: because that presumably affects things outside of the pervue of the DRO (00:03:35) iang: well, we simply designate dispute@ as part of the normal support system? (00:03:39) andreasbuerki: second mark (00:03:58) snewpy: so asking Nick to take care of that as the DRO may not be appropriate, and we may need something more specific than "fix it up please" (00:03:59) GolfRomeo: snewpy : support was planned to be removed from arb pb but it seems the ideas just stopped. (00:04:11) philipp: @snewpy: there is nothin in regard to arbitration outside the purvue of the DRO ;) (00:04:40) snewpy: GolfRomeo: right, that's what concerns me if we don't make it specific, that it will stall again (00:05:05) philipp: @snewpy: My motion was just to fix the case assignment procedure to "assign" rather than "pick as you like" (00:05:20) snewpy: nb: what is your opinion, do you want some specific steps to implement, or do you want a "fix it please"? (00:05:31) iang: are arbitrators happy to be assigned cases? (00:05:45) andreasbuerki: In General, as mor specific Policies are as less Arbitration needed (00:05:49) ***philipp moves to ask the DRP Officer to modify the case assignment procedure in accordance with ¶1.5 of the DRP to assign cases explicitely to an arbitrator rather than letting arbitrators pick cases. (00:05:53) philipp: Better? (00:06:01) nb: iang, perhaps have a list of arbs who are "available" or have time to be assigned cases (00:06:02) iang: concur with snewpy, nb, what can we do to make it happen? (00:06:12) GolfRomeo: @philipp : let's go for that (00:06:13) iang: ok (00:06:23) snewpy: are the arbitrators prepared to act on that basis, I wonder? (00:06:24) nb: snewpy, i'd like to have ideas, i don't know about how specific a motion has to be (00:06:41) philipp: I am one of those Arbs, and I would be very happy with it. (00:06:43) nb: id like it to be left somewhat open so we can just discuss it and i can implement what seems to be the best idea (00:06:59) GolfRomeo: snewpy : arbitrators can decides they have a conflict and withdraw from the case (00:07:01) philipp: That is because time is finite. And as long as cases get picked up I won't pick one up. (00:07:11) snewpy: Nick presumably already has the power to act in accordance with 1.5 of the DRP (00:07:16) nb: snewpy, agreed. (00:07:16) philipp: Additionally it is hard to keep track of what cases have been taken (00:07:22) snewpy: he doesn't need our blessing to make that change (00:07:31) philipp: @snewpy: TRUE (00:07:59) iang: snewpy: agreed, most of the things should be do-able without board motion. but I'm concerned that they are not happening ... hence "blockages" or is it "blockages in the blockages" ? (00:08:00) philipp: @nb: which is why I left the motion vague (00:08:06) andreasbuerki: who makes a tangible proposal, how we proceed / carry on with the subject? (00:08:35) nb: philipp, i am fine with your motion (00:08:35) iang: i (00:08:38) snewpy: iang: right, that was where I was heading.. these aren't happening now, so maybe we need something tangible to get the ball rolling (00:08:52) ***philipp moves to ask the DRP Officer to modify the case assignment procedure in accordance with ¶1.5 of the DRP (00:08:57) iang: i'm also conscious that the board only has limited power in this area .... (00:09:01) philipp: Maybe that can be the start (00:09:02) andreasbuerki: maybe somewhre in the wiki... so it can be dicussed / improved? (00:09:23) philipp: If it works by the time we meet next the GREAT. If not, we need to do something more dratic (00:09:31) nb: besides, technically the board "asking" me to do something is not binding (not that i would intend to disregard what a motion would say) (00:09:38) iang: ok, so pragmatically, we could go with Philipp's motion to get thing moving (00:09:41) snewpy: iang: right, we're basically in a position of being able to "prod" (00:09:44) nb: so i am fine with any of philipp's motions (00:10:21) snewpy: I'm not opposed to the motion, though this very discussion probably had the same effect.. Nick knows we want action. (00:10:25) iang: on the other hand ... Arbitration is too important to the smooth functioning of everything else to take this casually :) (00:10:41) andreasbuerki: Exactly iang (00:10:46) GolfRomeo: let's say it is a call for action (00:10:49) snewpy: I think the wider problem is developing better policy, so that fewer arbitrations are needed (00:10:59) andreasbuerki: second Mark (00:10:59) iang: so perhaps also add "and provide us with an update next meeting?" (00:11:02) philipp: @snewpy: true, but if there is a motion, everyone else will know as well (00:11:03) snewpy: we shouldn't need arbitrations for name changes, in my opinion, or other simple stuff (00:11:14) nb: snewpy, i pretty much agree (00:11:15) ErnestineSchwob: snewpy, a system could help? (00:11:23) andreasbuerki: but for exceptional cases (00:11:29) nb: which could be handled by an arbitrator ruling that establishes a precedent (00:11:40) philipp: @snewpy: actually name changes (due to it being part of certs) are not trivial (00:11:42) snewpy: of course, there will always be exceptions, but looking at most of the pending arbitrations, they are not exceptional (00:11:44) andreasbuerki: In General, cover as much as possible in Policies (00:12:05) andreasbuerki: effect, as >mark said: less Arbitration (00:12:09) GolfRomeo: @snewpy : sure we don't need arb for everything including case where the user has not trust point (00:12:36) iang: name changes would be ideal done as a precedent ... or the arbitrators could simply wrap it up in a policy doc and pass it across to policy ? just thinking aloud (00:12:49) philipp: I think there are a lot of precedents being created now. (00:12:55) snewpy: or the policy group could just design a policy on its own initiative (00:12:59) andreasbuerki: Guillaume, thats why a seperate arbitration channel would disburden support (00:13:00) philipp: We are already begining to see the benefits (00:13:19) iang: well, at this stage I would second philipp's last motion (even though I can't recall what it is .... ) so we get on to the other points (00:13:20) GolfRomeo: andreasbuerki : yes (00:13:22) philipp: As an example my ruling on sending mails to notify of events has been used 3 or 4 times now (00:13:39) nb: and i think it was my ruling that said that 0-point accounts could be deleted (00:13:42) philipp: So that one ruling has already eliminated a factor 4 of arbitrations (00:13:51) philipp: Let the system work. And it will (00:13:52) GolfRomeo: support comment : sometimes ago "support" team was also doing case management and some arbitrations (00:13:57) andreasbuerki: so it could become part of a policy?@philipp (00:14:09) snewpy: but what we are doing is turning support@ in to lawyers (00:14:17) snewpy: they have to read and understand arbitrations for common situations (00:14:24) snewpy: and *interpret* arbitration results (00:14:29) philipp: @ab rulings create precedents, precedents are sort of "part of the policies" (00:14:53) andreasbuerki: mark, as saif, that are two different competences... tech and "law" (00:14:55) snewpy: which is fine for complicated corner cases, but it is going to turn in to a huge burden once half our "policies" are arbitration decisions of varying quality (00:15:14) philipp: @snewpy: Not really, becaause those rulings say: (00:15:14) philipp: In case these points are true, this can be used as a precedent (00:15:22) philipp: So we are being very explicit about this (00:15:26) iang: @snewpy: someone has to do that .. either support or arbitration has to read & filter (00:15:32) GolfRomeo: snewpy : let's say support try to figure out if there is some rules applicable, if unsure, support request the advise for arbitrators, if nothing appropriate is found, we start an arbitration (00:16:08) GolfRomeo: (Something we have applied) (00:16:13) philipp: I think the system basically works. Right now we have a problem in how cases get assigned. (00:16:25) snewpy: but you shouldn't be asking arbitrators for their interpretation of their own rulings outside the context of an actual arbitration (00:16:41) snewpy: otherwise it amounts to policy on the run (00:16:56) andreasbuerki: And imagine, once CAcert will have more and more members, how we will handle then? (00:17:00) philipp: I envision that if support gets a mail that looks like it may need an arbitration it just forwards it to case assignment. There it gets filtered or assigned to a new arbitration (00:17:01) iang: @snewpy: the idea is that a policy can be created out of any number of arbitrations ... if they get too burdensome, we write a policy (00:17:16) GolfRomeo: @philipp :right (00:17:30) snewpy: assuming that arbitrators only issue clear, concise, exact and simple to interpret rulings, this system of putting everything in to arbitration in lieu of fixing policy is great, but in practice I dare say it will be very different to that (00:17:55) snewpy: I don't believe we have the balance right at this stage (00:18:02) andreasbuerki: yep... theory and practice are the same, at least in theory (00:18:15) GolfRomeo: @andreasbuerki : :) (00:18:16) ***nb thinks another issue is the reluctance we have to appoint anyone to be support (00:18:21) snewpy: which is on point to this discussion, because having a ton of arbitration cases in "init" phase is part of the current problem (00:18:21) philipp: @snewpy: I think we are far closer to having the balance right than to having it skewed (00:18:24) philipp: Ok, let's move that discussion to the policy group and fix what we can here. (00:18:28) ***nb thinks it is turning into an overpoliticized issue (00:18:28) andreasbuerki: guillaume ;-) (00:18:32) philipp: THe actual case assignm,ent (00:19:01) snewpy: Nick, based on the motion above, how would you envisage case assignment being done? (00:19:01) iang: philipp what was your motion again? (00:19:09) andreasbuerki: philipp... and moving to policy group will solve the problem? (00:19:11) ***philipp moves to ask the DRP Officer to modify the case assignment procedure in accordance with ¶1.5 of the DRP (00:19:24) iang: nb: i think we've got a lot of other things to talk about :) (00:19:34) iang: seconded! (00:19:36) GolfRomeo: @iang : yes please (00:19:41) philipp: AYE (00:19:46) iang: AYE (00:19:47) GolfRomeo: AYE (00:19:59) nb: snewpy, to be something like so that there is a list of arbs who are "actively available" or something, and a CM (out of maybe 2 or 3) would assign cases (00:20:06) nb: of course the arbs may decline (00:20:08) nb: AYE (00:20:27) ErnestineSchwob: AYE (00:20:37) snewpy: nb: and would there be some mechanism to ensure "random" assignment, so one "quicker" or whatever arbitrator doesn't get all the cases? (00:20:41) nb: snewpy, the list would just be an aid for the CM to know who is willing to take cases (00:20:43) nb: snewpy, yes (00:20:49) snewpy: then aye (00:20:52) andreasbuerki: AYE (00:21:16) ***nb declares it carried (00:21:27) nb: next item: DPA progress (00:21:41) iang: mark? or me? (00:21:50) nb: whoever would like to speak (00:21:53) snewpy: I'll go first, and you can fill in any blanks... (00:21:58) iang: thanks! (00:22:11) GolfRomeo: so :) (00:22:25) snewpy: I don't have a great deal to report on here, I have put in contact to the people involved, but have not spoken to the two people involved at any great length yet. (00:23:22) snewpy: I will attempt this week to get Robert Kochheim to facilitate a meeting, and will report to the board list the results of that (00:24:24) snewpy: having said that, I doubt that the information we receive will be instructive (00:24:58) snewpy: from the limited information I have, it's my impression that the lawyers involved have likely been poorly instructed, and may be answering the "wrong question" (00:26:33) philipp: ? (00:26:47) nb: true, if you ask a lawyer to research how you can do X, they will look at how to do X, not that maybe Y says you don't really need to (00:27:07) snewpy: nb: yes, precisely (00:27:22) iang: snewpy: done or is there more? (00:27:44) snewpy: so I think we should also be prepared to obtain wider advice either from the current lawyers or an alternative source in the near future (00:27:45) andreasbuerki: aks 10 lawyers and you will get 10 different answers... (00:27:48) snewpy: iang: over to you (00:28:05) philipp: @ab second that (00:28:16) iang: ok! I don't have any facts to add other than to remind everyone to read the two documents. (00:28:33) iang: I'm worried over slow progress, seems that this task also has slid somewhat. This happens in Europe, it all slides in August, but we don't have the luxury of letting it slide more. (00:28:42) iang: wonder if we need to set a deadline or a special board meeting for this, make it happen? (00:28:57) snewpy: I would like to propose that we either dedicate a large amount of our next meeting, or prepare a standalone meeting, after that report next week to discuss the DPA in painstaking detail (00:28:58) iang: Especially, waiting for people who we don't think can provide good info anyway? (00:29:24) philipp: @snewpy: I second that (in a separate meeting though) (00:29:29) iang: how about a meeting dedicated to that? in 2 weeks time? just thinking aloud (00:29:37) GolfRomeo: @snewpy: me too (00:29:41) ErnestineSchwob: snewpy, and maybe we can have the information before the meeting to inform us (00:29:48) snewpy: I'm prepared to have that discussion now, but I think we need to set aside 1-2 hours for it to do the matter justice, I think we should, given the potentially legally prejudicial nature of it, close that meeting (00:29:56) philipp: @es: second that (00:29:59) *Q a quitté le salon (quit: Quit: Leaving.)* (00:30:28) snewpy: iang: a dedicated meeting in two weeks time would work (00:30:44) snewpy: perhaps we can coordinate a date/time once we have whatever information will be available to us available (00:30:48) andreasbuerki: Does somebody has strings to legal studies in EU Universities (00:31:17) ***philipp hereby officially calls a board meeting to deal with the DPA on 2009-09-28 21:00 UTC (00:31:19) ***nb would prefer a saturday at 2200 like we had been doing, i normally help with a church program on sunday evenings (00:31:24) iang: andreasbuerki: the old team was a law prof ... but he was a different sort of law and passed the work on to someone else. (00:31:37) snewpy: the question is not terribly complicated, but each of the potential solutions have complicated strings attached (00:31:58) nb: although if i can't be here thats ok (00:32:00) andreasbuerki: iang, aha... (00:32:04) philipp: I prefer saturday as well. I always use my sundays to protest at my local church for secularisation (00:32:34) andreasbuerki: second philipp (00:32:36) iang: i'm ok with the weekend 27-28 (00:32:39) ErnestineSchwob: I prefer saturday as well (00:32:53) nb: 9/28 is monday? (00:33:03) snewpy: so, in lieu of someone stepping forward to provide more broad legal advise, I would say we need to consider at a future meeting which of the option(s) we want to persue, and then find a way to obtain advise on that (00:33:04) ***philipp hereby officially calls a board meeting to deal with the DPA on 2009-09-26 21:00 UTC (00:33:23) philipp: (Sorry, my calendar jumped because it is after midnight here and I just went 2 rows down) (00:33:30) iang: sorry yes, 26/27. you pick the day (00:33:51) philipp: So Ian can you second my motion. (00:34:03) nb: actually board meetings are not required to be 2nded (00:34:05) snewpy: lets organize that via the list? (00:34:11) andreasbuerki: 26 same time as now is fine by me (00:34:15) philipp: In which case I will begin to record it in the system. Then there can be no doubt about the date and time (00:34:16) snewpy: once we have a report of the current advice? (00:34:33) GolfRomeo: 26 ok (00:34:48) andreasbuerki: or use doodle.com ;-) (00:34:53) snewpy: we may have to adjust based on the contents or availability of the advice we receive (00:35:19) snewpy: lets work on the assumption of that date, but lets wait to actually call the meeting, perhaps? (00:35:23) nb: snewpy, ok (00:35:44) nb: how would 2200 work for everyone? i usually work until 2100 on satudays? (00:35:53) nb: although i could get on irc from my phone as soon as i get off if need be (00:35:58) andreasbuerki: I organize my meeting date on this free service, doddle.com (00:36:12) iang: q for snewpy: what's the meeting with Robert Kockheim for? was he put in the old team? (00:36:13) ErnestineSchwob: for me ok (00:36:16) andreasbuerki: nb, one hour late is fine by me as well (00:36:53) snewpy: iang: Robert is by far the best and most reliable connection we have to the old DPA team, and he has been involved in it thus far (00:37:16) iang: ok, thanks (00:37:17) snewpy: nb: 2200 is better for me too (00:37:18) GolfRomeo: 2200 UTC ? (00:37:46) andreasbuerki: Guillaume, eyp (00:38:04) GolfRomeo: @andreasbuerki: ok (00:38:06) philipp: 22:00 UTC is 24:00 CET and I have 2 kids that get up at 5:00 CET and clamor for my attention. So if anything I propose 20:00 UTC or earlier! (00:38:44) iang: can we take this to the maillist? you'll have 2 kids in another 4.5 hours thismorning (00:38:50) ***nb suggests we discuss this on the maillist (00:38:56) snewpy: agreed (00:39:14) philipp: AYE (00:39:15) andreasbuerki: ok, just inform me... ;-) (00:39:17) snewpy: we can sort out both a time and date once we have further information, and can debate the virtues of sleeping time then :) (00:39:24) philipp: Teal Leader Annual Reports (00:39:27) *philipp_ [/philipp@91-115-147-186.adsl.highway.telekom.at/] a rejoint le salon.* (00:39:37) ***nb thinks they are a good idea (00:39:37) iang: oh, yes. I forgot about that. (00:39:41) philipp: s/Teal/Team/ (00:39:49) iang: i spread the word and got some feedback that people were ok with it. (00:40:04) ErnestineSchwob: we have to say till when we need (00:40:10) iang: so effectively, I suggest we simply call for them in the meeting before the AGM ... keep reminding people (00:40:16) iang: and we'll get them. (00:40:16) andreasbuerki: so, is there some outline or does everybody as he/she can? (00:40:17) philipp: Ok, is there anything we need to do on that front at this point? (00:40:40) iang: no, not really. Board has discussed and agreed (00:40:55) iang: Ernie: how long before AGM do we need them to be in by? (00:41:06) philipp: Ok then let's move to: Status of Finance http://wiki.cacert.org/wiki/Brain/CAcertInc/Finance/FinanceProjection http://wiki.cacert.org/wiki/Brain/CAcertInc/Finance/FinanceAccounting/Paypal , report for AGM (00:41:09) iang: they will have to be prepared into the report. I'd say 1 month? (00:41:16) iang: ok, let's move on. (00:41:28) ErnestineSchwob: 3-4 week should be great - we have to do full report and speak about (00:41:50) philipp: Ok that means a hard deadline of 1 moth to deal with eventualities (00:42:04) andreasbuerki: seems to be philipp (00:42:10) ErnestineSchwob: philipp, yes (00:42:14) andreasbuerki: and would make sense (00:42:43) ErnestineSchwob: for the teams not a big deal, more work on our side (00:42:45) GolfRomeo: ok (00:42:46) *andreasbuerki a quitté le salon (Leaving.)* (00:42:57) *philipp est désormais connu sous le nom de PhilippDunkel* (00:42:59) *andreasbuerki [/andreasbue@217-162-119-89.dclient.hispeed.ch/] a rejoint le salon.* (00:43:10) andreasbuerki: re-hi (00:43:21) iang: Finance? (00:43:27) ErnestineSchwob: yes (00:43:51) ErnestineSchwob: Finance: (00:43:51) ErnestineSchwob: 1. Work on Paypal Interface (00:43:51) ErnestineSchwob: 2. Regarding transactions accounting - privacy (00:43:51) ErnestineSchwob: 3. Finance Projection Jul 09 - Jun 10 (00:43:52) ErnestineSchwob: 4. Planning next 12 month: (00:43:54) ErnestineSchwob: 5. Annual report - Financial part (00:43:56) ErnestineSchwob: 1. Work on Paypal Interface. (00:43:58) ErnestineSchwob: Christopher is writing an API to do automatic-resolution of the (00:44:00) ErnestineSchwob: Paypal donations. This will run on the critical server, as (00:44:02) ErnestineSchwob: part of the online system. Once the API is set up, there will (00:44:04) ErnestineSchwob: not be any email nor will there be any data stored on the (00:44:06) ErnestineSchwob: online system. Therefore we will not require special handling (00:44:08) ErnestineSchwob: for the email, or access to "space" on the critical server. (00:44:10) ErnestineSchwob: Until the API is completed, and the automatic-resolution is set (00:44:12) ErnestineSchwob: up, Paypal will be solved with a wiki-page (you can find this (00:44:14) ErnestineSchwob: here: (00:44:16) ErnestineSchwob: http://wiki.cacert.org/wiki/Brain/CAcertInc/Finance/FinanceAcco (00:44:18) ErnestineSchwob: unting/Paypal ). (00:44:20) ErnestineSchwob: Data that people are allowed to see will be visible, other data (00:44:20) *PhilippDunkel est désormais connu sous le nom de phidelta* (00:44:24) ErnestineSchwob: will not be visible. (00:44:26) ErnestineSchwob: 2. Regarding transactions accounting - privacy (00:44:28) ErnestineSchwob: Privacy-data has to be kept private. We are not allowed to (00:44:30) ErnestineSchwob: post or send around private data from donators, nor for other (00:44:32) ErnestineSchwob: accounting transactions. A donator can be only named, if we (00:44:34) ErnestineSchwob: have a written signed approval from the donator. A checkbox (00:44:36) ErnestineSchwob: somewhere in the account or on the website is not enough. (00:44:38) ErnestineSchwob: Accounting issues such as donations are part of the treasurer (00:44:40) ErnestineSchwob: work, not part of support, so this issue belongs with the (00:44:42) ErnestineSchwob: Treasurer, not with the Support Officer. (00:44:44) ErnestineSchwob: As treasurer I'm responsible for this data, and this (00:44:46) ErnestineSchwob: responsibility should not be delegated. (00:44:48) ErnestineSchwob: Even if people are under CCA or under policies like Security (00:44:50) ErnestineSchwob: Policy, there are normal business processes and legal (00:44:54) ErnestineSchwob: responsibilities which place Accounting issues under the (00:44:56) ErnestineSchwob: Treasurer. (00:44:58) ErnestineSchwob: We are here not speaking from our little world, we are speaking (00:45:00) ErnestineSchwob: here from real life legal issues. (00:45:02) ErnestineSchwob: As Treasurer, I have to "avoid" that something might happen - (00:45:04) ErnestineSchwob: anything else would be seen as "gross negligence." (00:45:06) ErnestineSchwob: Therefore, normally, Support should not receive the (00:45:08) ErnestineSchwob: privacy-data related to transactions, although perhaps it is (00:45:10) ErnestineSchwob: understandable that it h (00:45:12) ErnestineSchwob: sorry long report (00:45:14) ErnestineSchwob: but most of the things already on the wiki (00:45:16) ErnestineSchwob: and we can speak to each point 1-5 (00:45:57) snewpy: at the risk of debating the color of the bike shed, can we have the reports in a format that can be manipulated, rather than as images in the wiki, please? (00:46:14) ErnestineSchwob: manipulate? (00:46:29) ErnestineSchwob: there are few point missing (00:46:33) snewpy: as a spreadsheet, or directly in the wiki, or in some other format that can be "used" (00:46:43) ErnestineSchwob: 3. Finance Projection - Overview Jul 09 - Jun 10 (00:46:43) ErnestineSchwob: As long we haven't get any historical accounting data, the (00:46:43) ErnestineSchwob: overview is provisional. (00:46:43) ErnestineSchwob: It can be found here: (00:46:43) ErnestineSchwob: http://wiki.cacert.org/wiki/Brain/CAcertInc/Finance/FinanceProj (00:46:44) ErnestineSchwob: ection (00:46:45) GolfRomeo: Ernestine : still Support need data to be able to work (00:46:46) ErnestineSchwob: Instructions on how to read the columns can be found at the (00:46:48) ErnestineSchwob: bottom of the page. (00:46:50) ErnestineSchwob: The current estimation (the numbers and totals) is based on the (00:46:54) ErnestineSchwob: following information: (00:46:56) ErnestineSchwob: Bank-account 2009-02-10 till 2009-08-06 (csv-file only, no (00:46:58) ErnestineSchwob: copies of documents) (00:47:00) ErnestineSchwob: Paypal-account (00:47:02) ErnestineSchwob: Contract Oophaga (hosting & power) (00:47:04) ErnestineSchwob: Advertising (part which is confirmed) (00:47:06) ErnestineSchwob: Missing information: (00:47:08) ErnestineSchwob: Historical accounting (annual report, balance sheet and P&L) (00:47:10) ErnestineSchwob: Copies of bank-statements (00:47:12) ErnestineSchwob: Information about open liabilities (beside the ones already (00:47:14) ErnestineSchwob: known) (00:47:16) ErnestineSchwob: Information about advertising (have to collect information, (00:47:18) ErnestineSchwob: takes time to collect - till answer will arrive) (00:47:20) ErnestineSchwob: IDL is not considered, as it doesn't affect cash (according to (00:47:24) ErnestineSchwob: actual offer). (00:47:26) ErnestineSchwob: 4. Planning next 12 month: (00:47:28) ErnestineSchwob: To know how much money we will need in the next 12 month, we (00:47:30) ErnestineSchwob: should do some planning. (00:47:32) ErnestineSchwob: Events (per event in detail) (00:47:34) ErnestineSchwob: Projects (per project in detail, incl. manpower and timeframe) (00:47:36) ErnestineSchwob: Re-incorporation (estimation expenses and timeframe) (00:47:38) ErnestineSchwob: For example - (00:47:40) ErnestineSchwob: see blog http://blog.cacert.org/2009/09/423.html (00:47:42) ErnestineSchwob: Quotation "It should also be fun! Maybe, just maybe, we can run (00:47:44) ErnestineSchwob: a design competition to create the design for a new-generation, (00:47:46) ErnestineSchwob: open and secure signing server. Any one agree?" (00:47:48) ErnestineSchwob: If we will run such a competition, we have to plan the costs (00:47:50) ErnestineSchwob: and expenses now to ask for money. (00:47:54) ErnestineSchwob: Fundraising: (00:47:56) ErnestineSchwob: We can ask for funding for every project/event. (00:47:58) ErnestineSchwob: We can ask on our site via paypal (for this we need the (00:48:00) ErnestineSchwob: paypalAPI) and also ask direct sponsors. (00:48:02) ErnestineSchwob: We can show on our website each project Goal: $3000 Needed, (00:48:04) ErnestineSchwob: Raised to date: $350 (00:48:06) ErnestineSchwob: However, we have to split the overall funding requirement into (00:48:08) ErnestineSchwob: pieces, because it does not work to say "we need 100K ..." (00:48:10) ErnestineSchwob: Which requires planning! (00:48:12) ErnestineSchwob: 5. Annual report - Financial part (00:48:14) ErnestineSchwob: As long we have not received any documents regarding history, (00:48:16) ErnestineSchwob: we cann't make the (00:48:18) ErnestineSchwob: GolfRomeo, for what? (00:48:20) ErnestineSchwob: snewpy, for which reason - only to understand? (00:49:05) snewpy: ErnestineSchwob: so it can be indexed, searched on, sorted, tallied, etc by anyone (or read in a font larger than that image) (00:49:08) GolfRomeo: ErnestineSchwob : support needs to know if the users has paid the fees (00:49:27) GolfRomeo: ErnestineSchwob : we are waiting for 4 weeks now (00:49:34) ErnestineSchwob: could make - that it will be lager (00:49:45) iang: hmmm....now that I see it, the text paste of this size isn't quite working :) (00:49:50) ErnestineSchwob: GolfRomeo, then look at paypal sheet (00:49:56) snewpy: a spreadsheet or whatever format the source document in would be preferable I think (00:50:16) GolfRomeo: ErnestineSchwob : how often are they updated ? (00:50:24) snewpy: also possible for support to figure out some way to search for new transactions in this way, which they cannot do with an image (00:50:31) ErnestineSchwob: snewpy, mhh - but I will sure, that the figures I communicate will stay this figures (00:50:37) andreasbuerki: paypal is 573px × 735px (00:51:09) andreasbuerki: Projections is 721px × 326px (00:51:15) snewpy: ErnestineSchwob: yes, but what if, for example, I want to group them by the type of transaction, to see that we received X amount via Paypal for subscriptions, etc (00:51:16) phidelta: Just a question? What does support need that information for? To verify that someone has paid their fees to reset the password? (00:51:25) phidelta: Because everything else is not part of support (00:51:34) snewpy: it's not possible in a static format we cannot do anything with like an image (00:51:56) snewpy: at first glance, presumably the paper certificates and password resets? (00:52:02) *pemmerik a quitté le salon* (00:52:10) ErnestineSchwob: snewpy, newest transactions always at the beginning (00:52:34) ErnestineSchwob: snewpy, this datas are for information - not for sending around (00:52:39) snewpy: support@ has a clear business need for access to some of this information, and we should not rip out their ability to do that until we have a solution in place for them that is practical (00:52:49) phidelta: Ok. So if a payment for a "password reset" or a "paper certificate" comes in, The treasurer will notify support of that payment (00:52:50) snewpy: ErnestineSchwob: what is the source format of this image? (00:52:56) iang: http://wiki.cacert.org/wiki/Brain/CAcertInc/Finance/20090913_finance_report (00:52:56) ErnestineSchwob: xls (00:53:13) snewpy: ok, can you attach XLS file as well as the image, please? that would address my concern (00:53:26) snewpy: not just the picture (00:53:30) iang: ( that's an earlier version of the report that Ernestine got me to proof read this afternoon ) (00:54:26) ErnestineSchwob: snewpy, I still not get it, for what you need an xls-file, if you only need information (00:54:32) snewpy: why can't I have it? :) (00:54:40) snewpy: because I want to be able to sort transactions, etc (00:54:48) ErnestineSchwob: if you look in a system you have only the screen - you cann't copy (00:54:49) snewpy: and to search (00:55:11) snewpy: I can't search or index an image (00:55:32) ErnestineSchwob: search for what - we have during one month 10-20 transactions (00:55:34) phidelta: People, can you be rational here? Why not hand over the SpreadSheet? As long as there are the images and we declare that those are authoritative. (00:55:35) snewpy: the default should be to publish everything we do in formats that can be used, reused, mashed up, sorted, etc (00:56:07) nb: or if it contains sensitive information put it on the attached docs for cacert-board-private (00:56:11) ErnestineSchwob: I can att. the xls-file for paypal - with the information you see now (00:56:19) snewpy: it should always be the default position, and there should be a very good reason if we are going to publish data in a format that cannot used other than to view at whichever font or size you make it at (00:56:35) ErnestineSchwob: no - private data I don't post anywhere on a mail-list (00:56:52) ErnestineSchwob: you can have the transactions how you see here (00:56:57) nb: true, we shouldnt be sending around private info unless it is necessary (00:57:00) nb: which it is not (00:57:00) ErnestineSchwob: on the pictures - (00:57:13) snewpy: to be clear, I'm asking for the source files used to create those images, not private information used to create that source file (00:57:14) ErnestineSchwob: nb, agree (00:57:24) ErnestineSchwob: snewpy, ok (00:57:52) snewpy: if you have the private information in the same spreadsheet, just export only the sheet that contains the aggregate information you use to create that picture (00:58:08) ErnestineSchwob: snewpy, I know to handle it in xls (00:58:20) ErnestineSchwob: no prob :-) (00:58:34) ErnestineSchwob: I have in OLAPtool (00:58:40) phidelta: Ok, then let's move on to "Communications Practices" (00:58:40) phidelta: The kids will be awakenign in 4:02 hours (00:59:01) iang: can we summarise the finance questions? (00:59:05) snewpy: I'm not sure we're done with finances? (00:59:24) ErnestineSchwob: snewpy, no (00:59:25) andreasbuerki: what is the conclusion of finance? (00:59:26) iang: firstly .. do we have consensus that the raw data be made available? And to whom? (00:59:35) ErnestineSchwob: snewpy, did you have any inforamtion from robert (00:59:42) snewpy: the raw data must be made available to board members (00:59:50) snewpy: we each have a fidicary duty to discharge (01:00:07) ErnestineSchwob: snewpy, no problem but not on a mailing-list (01:00:08) iang: is that our position? (I'm not disagreeing, just asking if we are comfortable with that) (01:00:14) snewpy: ErnestineSchwob: I am working on getting in contact with him, to retrive any documents and such (01:00:15) andreasbuerki: right, Mark (01:00:25) iang: not even the private mailing list? (01:00:29) snewpy: ErnestineSchwob: we have the -private mailing list, which is accessible only to the board members (01:00:41) snewpy: it is the most appropriate place to distribute this information, imo (01:01:18) phidelta: However there is precedent of a private list board@ to become unprivatized (01:01:19) ErnestineSchwob: snewpy, if mailing-list ist critical-data yes, if not - no (01:01:42) iang: nb: voice for andreasbuerki? (01:01:46) phidelta: I think this type of data should be sent out via private encrypted email only (01:01:58) andreasbuerki: don't need any... (01:02:02) nb: oh i didnt know he left (01:02:04) *mode (+v andreasbuerki) par nb* (01:02:06) nb: sorry (01:02:11) nb: oh i didnt moderate it? (01:02:13) snewpy: whichever... but it has to be made available to board members... I don't much care how it's done, carrier pidgeon also works :) (01:02:16) *mode (+m ) par nb* (01:02:31) andreasbuerki: lool (01:02:49) snewpy: having a common place to share this information would be useful though, so as to reduce everyone's workload (01:02:54) ErnestineSchwob: snewpy, you can have - no problem, but it must be on a secure space (01:03:00) iang: well, i think we have big problems if the private mailing list is opened up and viewable ... for other reasons (01:03:13) ***nb suggests we all exchange signed emails so we have each others certificates (01:03:14) snewpy: that's for a future board to grapple with (01:03:15) iang: we can ask Christopher & Daniel to report on just how secure it is? (01:03:32) snewpy: if someone opens up the private board list, it's incumbant on them to sort those things out, not us (01:03:37) nb: iang, basically i think the only people that can access it are its subscribers (the board) and christopher and daniel as listmasters (01:03:48) andreasbuerki: nb... would make sence, since we are part of CAcert.org ;-) (01:03:52) snewpy: at some point we have to trust our system administrators (01:04:04) snewpy: financial data is not "critical infrastructure" in the CAcert sense (01:04:08) andreasbuerki: define some point Mark ;-) (01:04:15) ErnestineSchwob: and if somebody is forwarding, then it's not my problem (01:04:16) iang: right. and that's how it should be. And anything else is a breach. So, any other system also has breaches ... so ... i think the private mailing list is suitable, myself (01:04:19) snewpy: and the fact we have "critical infrastructure" doesn't make our non-critical stuff insecure (01:04:30) iang: right, you can't stop anyone forwarding (01:04:31) GolfRomeo: comment : support@cacert.org is not a mailing list. (01:04:33) ErnestineSchwob: snewpy, but the data you have there (01:04:40) snewpy: yes, if someone forwards it, we have administrative ways of dealing with them (01:04:42) ErnestineSchwob: the private data from donators (01:05:09) snewpy: if a board member was to inappropriately disclose information they obtained in the course of their duties, we have remedies for that (01:05:23) andreasbuerki: yep,but once trust breach is done, e.g. the mess is on the table -> privacy matters! (01:05:25) ErnestineSchwob: snewpy, you are not allowed to publish private data from donators (01:05:29) GolfRomeo: snewpy : but still located on a critical system as stated (possible security breaches) (01:05:37) iang: i have to agree somewhat with snewpy on responsibilities. there was recently a big case in Australia that said that each director has the responsibility, and cannot rely on others ... so that means we probably need the raw info, at least available (01:06:21) snewpy: ErnestineSchwob: well, yes, I can... in certain circumstances... we already have remedies for a committee member who inappropriately uses the information they gain in the course of being a committee member, it is not your job to police that (01:06:29) andreasbuerki: privacy becomes here in EU everyday a bigger and bigger issue (01:06:29) snewpy: iang: yes, exactly (01:06:36) ErnestineSchwob: snewpy, if you have asked and he agree (01:06:50) snewpy: ErnestineSchwob: or if I have a legal duty of disclosure (01:06:56) ErnestineSchwob: but you must have a written agreement (01:06:59) snewpy: no (01:07:06) snewpy: no, no... I must have a legal basis to do so (01:07:13) ErnestineSchwob: snewpy, but only if he pays secure - thats not the same (01:07:31) andreasbuerki: again, in Europe it is different (01:07:40) ErnestineSchwob: snewpy, you are not allowed to take anonymous payments (01:07:51) andreasbuerki: would be moey laundery (01:07:57) snewpy: we're way off topic (01:08:02) ErnestineSchwob: snewpy, but you must cover the private data of a donator (01:08:23) snewpy: I'm not in the EU, nor is CAcert, Inc., so lets get back on the topic :) (01:08:35) andreasbuerki: but we are here in the EU! (01:08:44) andreasbuerki: and represent CAcert.org here (01:08:51) ErnestineSchwob: snewpy, payment are coming from everywhere (01:09:09) iang: right, but the jurisdiction is in Australia for this ... it isn't appropriate to drag in EU views (01:09:22) iang: and the Australians are just as hard on this stuff ... (01:09:29) snewpy: yes, but our Paypal account is not in the EU, nor is our legal entity, nor are all of our board members... but again, we are far off the topic of how to get the information committee members are legally entitled to receive and legally required to be aware of in to our hands (01:09:29) ErnestineSchwob: iang, makes no difference where you are (01:09:45) andreasbuerki: I have not the intention to go to court here for some Australian issues (01:09:55) andreasbuerki: I live here (01:09:57) snewpy: andreas: understood, you must abide by your local laws (01:10:04) ErnestineSchwob: snewpy, again - the board have the right to see, other people not (01:10:08) snewpy: just as I must, and each board member must (01:10:15) phidelta: People, I thinks this is what is commonly referred to as a RATHOLE (pointless discussion where everyone agrees anyhow) (01:10:21) iang: ok, so we're agreed (01:10:27) iang: we just need to implement it? (01:10:31) snewpy: support@ has a legitimate business need to see some of this information (01:10:36) ErnestineSchwob: iang, yes (01:10:46) snewpy: and it's pissing support@ off to not have access to it, it would seem (01:10:48) ErnestineSchwob: snewpy, you say it right - some (01:10:57) andreasbuerki: that is ok, mark (01:10:58) iang: ok, so shall we take the implementation discussion offline? (01:11:11) ErnestineSchwob: iang, think so (01:11:23) iang: i'd like to see some consensus before we leap on into the next fire :) (01:11:32) andreasbuerki: so, waht we do... (01:11:49) iang: ok, so, can someone identify the "legitimate business need" that support has? (01:12:10) snewpy: how about a motion like this... Proposed that all financial transactions and any other information coming to the hands of any committee member be circulated to all committee members via the board private mailing list, and that committee members are reminded of both their fiduciary duty and their duty not to disclose confidential information. (01:12:31) iang: sounds fine to me (01:12:35) nb: SECOND (01:12:36) nb: AYE (01:12:39) ErnestineSchwob: snewpy, when I read circulated - I feel myself not well (01:12:54) snewpy: iang: I tihnk we did, above... timely access to password reset payment information and paper certificate payments? (01:13:00) snewpy: aye (01:13:11) phidelta: AYE (01:13:43) andreasbuerki: what about a certificate login, instead a password (01:13:47) iang: ernie: if the committee members has to get the info ... it has to be circulated some how (01:13:55) nb: andreasbuerki, ErnestineSchwob votes please? (01:13:59) nb: GolfRomeo, ? (01:14:14) nb: i assume iang saying sounds fine to me means AYE (01:14:17) snewpy: andreasbuerki: the private mailing list does require a certificate login (01:14:19) GolfRomeo: AYE (01:14:30) GolfRomeo: (for sure) (01:14:32) andreasbuerki: oh, you mean that one (01:14:35) iang: yes, fine == AYE this time (01:14:54) ErnestineSchwob: yes - for the moment, but this issue isn't solved (01:14:56) andreasbuerki: AYE (01:15:05) nb: i declare it carried (01:15:11) snewpy: ErnestineSchwob: how so? (01:15:24) ErnestineSchwob: snewpy, we have to speak about a system - but not today (01:15:42) ErnestineSchwob: to be independent from people (01:15:44) iang: given that Ernie is treasurer, I guess we can expect some rethinking ... but is that is good enough for now? (01:15:45) snewpy: (I'll try not to drag this on longer than necessary, I know Philipp has bed calling him, but we do need to resolve some of these things) (01:16:16) snewpy: the system just got decided? you can email the raw data to the -private list (01:16:25) phidelta: Does anyone here have a complete Chat Transcript? Mine got cut of (new install) (01:16:45) ErnestineSchwob: snewpy, not such "system" - mailing-list is process, has nothing to do with a system (01:17:02) andreasbuerki: mine is half and half, due to unteruption (01:17:12) phidelta: Systems means tech implementation for info sharing that is known to be secure (01:17:13) iang: mines is last hour only (01:17:30) ***nb can get one (01:17:30) phidelta: Guillaume? (01:17:32) andreasbuerki: others? (01:17:34) nb: it gets logged on my server (01:17:38) ***nb uses ZNC to connect through (01:17:38) snewpy: phidelta: which I hope we have in the form of the private mailing list, or we best change its name :) (01:17:42) ErnestineSchwob: phidelta, I'm speaking from an accounting system which you can access from everywhere (01:18:10) andreasbuerki: wah about web-erp? (01:18:18) snewpy: ErnestineSchwob: sure, we can implement something along the lines of what we spoke of previously, but in the interim, mailing the excel spreadsheets you have your data in would be the ideal solution, I would think (01:18:29) phidelta: @snewpy: If only I had not seen so much abuse. Then I would join you in your laughter - a wiser man than me (01:18:53) snewpy: phidelta: but then we are talking about humans, not technical... we have recourse to sort out humans that do the wrong thing (01:18:58) snewpy: especially committee members (01:19:14) nb: fyi, trustedgroup doesn't seem to be working, the main page still shows as immutable when I am logged in (01:19:19) ErnestineSchwob: snewpy, depends how many members we will have in the future .... if we have 400, think xls is not the right system (01:19:19) GolfRomeo: philipp: I have the logs (01:19:24) nb: although i don't really need to change it, i just was looking to see if it would let me (01:20:02) iang: well (01:20:05) snewpy: ErnestineSchwob: right, I understand that.. I was the one advocating a double entry accounting system, remember? :) I am talking about to fullfil the resolution we just passed, mailing xls files with full data for now will satisfy that (01:20:06) phidelta: And http://wiki.cacert.org/wiki/BoardMinutes-20090328 tells me in french that I am not allowed to read that page (01:20:00) iang: we're agreed in principle to have the info amongst ourselves (01:20:00) phidelta: Which is a big NO-NO in my book! (01:20:00) iang: can we agree to pass this offline? (01:20:00) snewpy: now, support@ (01:20:00) ErnestineSchwob: snewpy, I have already here on my system (01:20:00) ErnestineSchwob: iang, yes (01:20:00) snewpy: I think Guillaume would appreciate us resolving support@'s access to data? (01:21:00) iang: agreed. (01:21:00) snewpy: it seems to have been the source of some frustration, and I think we should address it here and now (01:21:00) GolfRomeo: philipp : mail sent (01:21:00) snewpy: Ernestine: perhaps you could brief us on what the status quo WAS, and how that has changed, in relation to support@'s access to incoming payment information (01:21:00) iang: 2 business needs: password recoveries and "paper certificates" ? (01:21:00) • nb moves that the identity of people paying for password resets and paper certificates be given to support@ (01:21:00) nb: while warning them notto redisclose that information (01:22:00) andreasbuerki: iang... why not? (01:22:00) GolfRomeo: phidelta : ask Mario, I don't have any admin right on wiki (01:22:00) snewpy: I would go so far as to have them CC'ed on payments from Paypal until it's sorted out... we're double handling things for the sake of it, it would seem, now... but I would like to hear from Ernie what has changed (01:23:00) andreasbuerki: Guillaume, why did you asked me then to do samples in the wiki sandbox? *bemused* (01:24:00) GolfRomeo: andreasbuerki : I tried to help you with wiki anyway (01:24:00) ErnestineSchwob: could we say something about: Planning next 12 month: (01:24:00) andreasbuerki: ok... now I understand, it's done by the way... (01:24:00) ErnestineSchwob: important for fundraising - (01:24:00) snewpy: we trust our carefully vetted support people... we can trust them to not disclose information they are not permitted to disclose, and they should be on the cc list for paypal payments directly from Paypal until such time as a better system is implemented (01:25:00) ErnestineSchwob: this we forgot - point 4 on the wiki (01:25:00) ErnestineSchwob: snewpy, to this point - like guillaume was writting on the mailing-list I will come at the end (01:25:00) iang: the two support people are covered by Security Policy ... so they are as "secure" as the other secure roles, in terms of administrative view (01:26:00) snewpy: it's a preposterous position that only the committee is allowed to see donations... support@ has a business need to see some payments, we don't have the practical technical means to limit their view to "some payments" just yet, and so until we do, we need to give them the tools to do their job as quickly as possible and with the least amount of roadblocks in their way (01:26:00) snewpy: iang: right, and what we are talking about is precisely administratively secure.. not fort knox (01:26:00) ErnestineSchwob: snewpy, I dont' discuss about private-data as treasurer (01:26:00) andreasbuerki: Guillaume, http://wiki.cacert.org/wiki/Test/Sandbox (01:26:00) ErnestineSchwob: we will end at the same stage like before (01:27:00) snewpy: ErnestineSchwob: so it is your position that no one else in the organization should be able to see the name of people making payments to us? (01:27:00) ErnestineSchwob: board yes, because they are responsible, but the full data not everybody (01:28:00) snewpy: I don't think that is a reasonable position to take... our support people are covered by our policies, and have a need for access to the data, and should therefore have access to it (01:28:00) iang: the past procedure has been that the people in the "critical team" have been given more responsibilities, more or less. (01:28:00) iang: this is now cristalised with the security policy (01:29:00) snewpy: my position is not that we should hand out the private data to all and sundry, but we need to trust "our people" to do their job (01:29:00) iang: (in the past it wasn't properly documented) (01:29:00) iang: so people under security policy aren't in the same class as "everyone" (01:29:00) ErnestineSchwob: snewpy, how some people handle private data I have seen in the last days (01:29:00) ErnestineSchwob: or content of private conversations (01:29:00) GolfRomeo: snewpy : please support don't urge you. we just want to make sure we will have the piece in a reasonable amount of time. Also, we would have needed a little more bit of informations about Christopher assigment but ok, let's improve all of us. (01:30:00) snewpy: to that end, I would like to propose a motion along the lines of "Resolved, that support@cacert.org be restored access to automated emails from Paypal informing of incoming payments, until such time as the board directs." (01:30:00) ErnestineSchwob: as long I'm treasurer I will not agree (01:30:00) snewpy: if there is an issue with our systems people disclosing private data, lets deal with those people (01:30:00) ErnestineSchwob: my responsibility I cann't delegate (01:31:00) snewpy: it's not a delegation of your responsibility (01:31:00) ErnestineSchwob: at the very end of the day, yes it is (01:32:00) ErnestineSchwob: because I have to avoid that something yould happen (01:32:00) GolfRomeo: Comment : I have reported to Ernestine paypal transfer we needed to check, Ernestine has checked, later we stopped having the paypal email. (01:32:00) snewpy: I'm sorry, but it is not.. sending copies of incoming payments is not the end of the world (01:32:00) ErnestineSchwob: if something will happen, it's my head in the fire - and not the head of the support (01:33:00) GolfRomeo: ErnestineSchwob : think of it I can be charge of ID theft which is more than your problem (01:33:00) ErnestineSchwob: GolfRomeo, there was I technical problem, I haven't received either (01:33:00) iang: i don't see that ... if there is a clear delegation from the board to pass the info on to anyone ... and that process is clear, your head is not in danger (01:33:00) snewpy: as ian said (01:34:00) ErnestineSchwob: GolfRomeo, I'm not responsible for your ID datas (01:34:00) snewpy: we have mechanisms to deal with people who do things they are not supposed to do (01:34:00) iang: the data of a normal company must be shared with the officers of the company ... the directors can't be held responsible for each item of data (01:34:00) ErnestineSchwob: snewpy, don't get it (01:34:00) snewpy: we have to provide information outside the "executive" where there is a business need to do so (01:34:00) iang: they can be held responsible for not having a good system in place. but we do have that system in place, IMO (01:34:00) snewpy: there is clearly a business need here (01:35:00) snewpy: we have a great system in place to ensure the security and "trustiness" of our "staff" (01:35:00) ErnestineSchwob: but the data they see now on picture file, they see what they must see - they can have this data in xls (01:35:00) snewpy: we should use it, and trust them to do their job... not leave them without the tools needed to efficiently do the tasks they donate their time to do (01:36:00) iang: actually in terms of systems ... we have more in place for the support team than for the directors (01:36:00) snewpy: it's not likely to be timely enough, and there's a compelling business case, at least to me, to have them get immediate notification (01:36:00) snewpy: look, we disagree quite diametrically here, so I am just going to propose a motion, rather than prolong the debate that doesn't seem to be reaching a consensus (01:36:00) iang: however i can see that there is no necessity to have all the data go to them (01:37:00) snewpy: I move that it be resolved, that support@cacert.org be restored access to automated emails from Paypal informing of incoming payments, until such time as the board directs. (01:37:00) ErnestineSchwob: snewpy, no - I don't agree (01:37:00) snewpy: iang: yes, and it seems that someone is working on a system to do that, using the Paypal API (01:37:00) iang: hmmm... before that, can I ask ... is the Christopher API going to solve this problem? (01:37:00) snewpy: iang: once we have that, we can again cut off support@ being cc'ed on paypal notifications (01:37:00) ErnestineSchwob: iang, yes (01:37:00) snewpy: yes, that's the point of doing so, I believe (01:37:00) iang: so this is likely a temporary move? (01:38:00) • nb asks for votes on snewpy's motion (01:38:00) snewpy: yes, very temporary (01:38:00) philipp_ left the chat room. (Remote host closed the connection) (01:38:00) ErnestineSchwob: and if we could come back to fundraising - this problem too (01:38:00) iang: how fast is Christopher likely to be? (01:38:00) snewpy: until Christopher finishes his work, we maintain the previous status quo (01:38:00) ErnestineSchwob: snewpy, no - they receive the file as seen on the wiki on xls (01:39:00) iang: i know ... how long is a piece of string ... but we can't just sweep the problem under the carpet forever (01:39:00) GolfRomeo: iang: just fine we don't ask for more. (01:39:00) iang: ernie: how often does that file get updated? (01:39:00) snewpy: iang: the fix is in the works, and was only just requested, so far as I understand? (01:40:00) snewpy: so I don't think it's a case of sweeping it under the carpet, as much as giving him time to finish (01:40:00) iang: how about we put a limit on it of a month ... to the next meeting? (01:40:00) nb: We have a pending motion (01:40:00) snewpy: we can just remove it next month if the need arises (01:40:00) • nb believes we should vote (01:40:00) snewpy: or remove it sooner, at our interim meeting for the DPA, if the API is in place in time (01:42:00) ErnestineSchwob: snewpy, i hope API will work soon (01:42:00) phidelta: Can someone restate the motion if there is one ? (01:43:00) snewpy: how about this ... Resolved, that support@cacert.org be restored access to automated emails from Paypal informing of incoming payments, until such time as the board directs, or a suitable automated API process is in place. (01:43:00) nb: AYE (01:43:00) phidelta: NAYE (01:43:00) snewpy: aye (01:44:00) ErnestineSchwob: NAYE (01:44:00) andreasbuerki: NAYE (01:44:00) nb: iang, GolfRomeo andreasbuerki (01:44:00) nb: oops andreasbuerki just did (01:44:00) andreasbuerki: done (01:45:00) ErnestineSchwob: I don't say yes, and in two week (I hope) API is working - sorry (01:45:00) iang: sigh ... i see there isn't enough consensus on this as yet. So NAYE (01:46:00) iang: but we have to do something .... (01:46:00) nb: well, the motion is not carried then (01:46:00) GolfRomeo: aye (01:46:00) ErnestineSchwob: iang, right - christopher has to say me a date when it's working (01:46:00) snewpy: what is that "something" folks? (01:46:00) phidelta: Hold it (01:46:00) ErnestineSchwob: iang, and when it goes too long, we have to speak about again (01:47:00) iang: Ernie: can you give a turnaround of every day on the payment notifications to Support? (01:47:00) ErnestineSchwob: is possible - yes (01:47:00) snewpy: 7 days a week (01:47:00) iang: that is, check once a day, and copy the info? (01:47:00) phidelta: Ok (01:47:00) ErnestineSchwob: snewpy, that's not the problem for me, if it is not for the next 4 month (01:48:00) iang: right, 7 days a week (I've seen that Ernie is around most every day I've pinged her so if the SLA is offered, I'm ok) (01:48:00) ErnestineSchwob: but we havn't each day transactions (01:48:00) snewpy: I'm seriously concerned that we have a serious lack of trust for our critical people (01:48:00) ErnestineSchwob: file will come if something new (01:48:00) snewpy: and by not giving them access, and wasting everyone's time, we just dissuade people from helping and getting involved (01:48:00) ErnestineSchwob: snewpy, I have my reason (01:48:00) iang: so less work ... but you have to check, and also send a NULL as well because they may be waiting. (01:48:00) snewpy: ErnestineSchwob: I understand you have a reason in your head, but it's not a reasonable one, in my opinion. (01:49:00) snewpy: if you distrust people who are already in a position of trust in CAcert, then have the guts to say it (01:49:00) ErnestineSchwob: snewpy, maybe in your point of view (01:49:00) phidelta: @snewpy: Not all reasons are expressed freely (01:49:00) snewpy: call these people out, and lets discuss it (01:49:00) iang: well ... are we ok with the proposal? (01:49:00) snewpy: phidelta: oh, I understand (01:49:00) nb: it seems like cacert trusts noone.......... we can't even agree on people to become support@ (01:49:00) nb: werner, pete, etc (01:49:00) iang: Moved that Treasurer checks daily until API is resolved, and sends a mail with the info (including a NULL) ? (01:50:00) snewpy: I think this sends a horrible message.. don't send your info to support@, because even we don't trust them (01:50:00) snewpy: it's immature, impractical, and without foundation (01:50:00) snewpy: if you have a problem with someone handling support@, then we need to hear about it (01:50:00) GolfRomeo: nb : Werner, Pete are trustable (01:50:00) iang: to get this back to consensus, i'd like to hear on that compromise if possible (01:51:00) snewpy: because they receive much more private information than half a dozen paypal receipts a month (01:51:00) iang: snewpy: calling anything seriously proposed immature risks looking immature (01:51:00) snewpy: iang: I'll be voting no against it, because I vehmently object to the underlying message we're sending (01:51:00) andreasbuerki: second iang (01:51:00) phidelta: I think the issue is not purely the support personell. Please leave this discussion for another da (01:51:00) GolfRomeo: nb : but little details can lead to problems. (01:51:00) phidelta: y (01:51:00) iang: ok, understood (01:52:00) snewpy: iang: we're casting questions over people's trust, people whom we have entrusted with these things thus far.. it's not right (01:52:00) andreasbuerki: yep, guillaume (01:52:00) snewpy: especially to do it in this way, by taking away their tools, rather than discussing the issue directly (01:52:00) andreasbuerki: mark, don't overreact, please (01:53:00) GolfRomeo: snewpy : right we need to work (01:53:00) phidelta: @snewpy: This is not about trust but rather about how we handle data. (01:53:00) andreasbuerki: exactly phil (01:53:00) nb: OK, we need to move on (01:53:00) snewpy: andreasbuerki: I'm not overreacting, we should be discussing the underlying concern (01:53:00) phidelta: In truth we have been mishandling some elements for quite a while and are now remedying that. (01:53:00) nb: votes on ernestine notifying support every day of paypal transactions or notifying that there werent any (01:54:00) phidelta: Let's move on to the next topic, because this will lead to exactly 1 place. And that is NOWHERE (01:54:00) snewpy: no, what we are now doing is acting with undue haste to create friction where it doesn't need to be (01:54:00) andreasbuerki: Mark, make a system as "bullet proof as possible" and a lot of underlyining concerns are resolved (01:55:00) snewpy: andreasbuerki: or trust the people we already trust, with the policies and procedures we already have in place (01:55:00) andreasbuerki: friction between whom? (01:55:00) GolfRomeo: Ernestine : please provide a solution in the meantime (01:55:00) andreasbuerki: mark, easy with the word trust (01:55:00) ErnestineSchwob: GolfRomeo, Ian wrote already (01:55:00) iang: GolFRomeo: does that mean you are ok with a daily message? (02:26:00) phidelta: Is that motion seconded? (02:27:00) GolfRomeo: naye (02:27:00) nb: that would remove myself and philipp from being arbitrators. i believe that is all? (02:27:00) nb: GolfRomeo, so would that mean me not being DRO? (02:27:00) iang: discuss the motion? (02:27:00) GolfRomeo: nb : you can still manage arbitration without doing arbitrations (02:27:00) nb: GolfRomeo, that is what i thought you meant (02:27:00) • nb seconds the motion (02:27:00) iang: GR: yes, although still fairly close (02:27:00) • nb will hear a maximum of 10 minutes of discussion on this issue (02:28:00) • nb is oging to have to start being a more controlling chair i think (02:28:00) andreasbuerki: ok... but this problem has to be solved in mid term run (02:28:00) snewpy: it's probably a good intermediate step, stopping board members from arbitrating, but allowing Nick to continue to be DRO.. what do you guys think? (02:28:00) GolfRomeo: iang : no managing arbitrators is not giving sentences of arbitrations (02:28:00) iang: i'm ok with it ... but i'm worried about the workload on arbitrators (02:28:00) GolfRomeo: snewpy : yes loud and clear (02:28:00) andreasbuerki: mark, could live with that one for the moment (02:29:00) snewpy: yes, that's a concern I share with you Ian (02:29:00) iang: well, i suppose we just all have to go out and recruit more (02:29:00) GolfRomeo: iang : let's find people. (02:29:00) andreasbuerki: how to motivate them? (02:29:00) GolfRomeo: comment ; I have been arbitrator too (I guess I already told) (02:29:00) andreasbuerki: what is the profile we are looking for? (02:29:00) snewpy: on the upside, it appears that they couldn't possibly run much slower than they do already (02:30:00) iang: andreasbuerki: with more polite board meetings (02:30:00) andreasbuerki: lool (02:30:00) phidelta: A purely idealistic motion is up and you are discussing pragmatism? (02:30:00) nb: andreasbuerki, knowledgable assurers who know cacert policies, etc (02:30:00) nb: i think (02:30:00) iang: there is a statement on this with Ulrich for his slides ... we can ask (02:31:00) andreasbuerki: so, we make, e.g. a recruiting mail (02:31:00) snewpy: phidelta: it has a pragmatic sense to it as well... we surely can't be of both the original deciding body *and* the appeal body (02:31:00) snewpy: at least not in such a way that would have our arbitrations validated outside of CAcert (02:31:00) iang: i don't see any strong objections to the motion? (02:31:00) phidelta: Well, if ever there was an appeal from an arbitrator that is on the board, that person would just recuse himself from that vote (02:32:00) snewpy: but we know each other, some have personal relationships, etc (02:32:00) iang: phidelta: agreed. (02:32:00) snewpy: it would be, at absolute best, an uneasy situation (02:32:00) iang: snewpy: we aren't big enough not to knew each other, etc ... (02:32:00) ErnestineSchwob: snewpy, which kind of relationship (02:32:00) snewpy: ErnestineSchwob: any kind (02:33:00) iang: it's meant to be a cost-effective solution to small problems, not a competitor to the Supreme Court (02:33:00) snewpy: iang: yes, but there is an obvious perception problem, wouldn't you agree? and perception is a big part of this (02:33:00) ErnestineSchwob: snewpy, now I know as much as before (02:33:00) iang: so we cut a little slack, in my opinion (02:33:00) GolfRomeo: please let's separate the roles so we are more clear. Let's keep board member as case manager if we need but no longer arbitrators (02:33:00) snewpy: right, a little slack is having us hearing appeals from arbitration... a lot of slack is hearing appeals from arbitrators that are on the board (02:34:00) andreasbuerki: Mark, fully agree, Perception is mostly everything (02:34:00) iang: snewpy: yes there is an obvious perception problem, and that will hang around for years ... all things in time (02:34:00) iang: i'm far more concerned about the working problem right now than the perception problem (02:34:00) iang: is there anyone disagreed with the motion? (02:35:00) andreasbuerki: you can't unfortunatly separate them, i guess (02:35:00) • nb notes that 3 more minutes of discussion remain on this issue (02:35:00) andreasbuerki: thx, nick (02:35:00) GolfRomeo: let's try to make the roles clear (02:36:00) snewpy: I wonder if the current arbitrators/case managers consider some of these "init" status cases to be of low importance? (02:36:00) snewpy: as the reason for why they are skipped over for more recently filed cases (02:36:00) iang: let's not restart the earlier business (02:36:00) iang: solving the arb issue was discussed earlier (02:37:00) snewpy: I ask it in reference to the cost in terms of delay if we remove two arbitrators (02:37:00) andreasbuerki: so... what is our conclusio... one minute to go (02:37:00) GolfRomeo: snewpy : you are right (02:37:00) snewpy: to understand what effect our motion here would have (02:37:00) snewpy: not to reignite the previous debate (02:37:00) • nb now calls for votes on the pending motion that board members not serve as arbitrators as long as they are on the board (02:37:00) iang: ok (02:37:00) snewpy: if they are sitting there because all the arbitrators are run off their feet, then it would make me consider this motion differently than if they are there because they are seen as low priority (02:38:00) GolfRomeo: AYE (02:38:00) phidelta: Most Arbitrators are currently handling at least 1 or more cases (02:38:00) iang: snewpy: understood ... but I think we'll find others elsewhere (02:38:00) phidelta: The few that are not are currently "offline" (02:38:00) iang: AYE (02:38:00) GolfRomeo: phidelta : and they will survive (02:38:00) snewpy: aye (02:38:00) nb: AYE (02:39:00) andreasbuerki: AYE (02:39:00) iang: snewpy: we have to also deal with these issues anyway, as people drop out all the time (02:39:00) snewpy: iang: yes, I figure.. just trying to get a better understanding to make an informed decision (02:39:00) andreasbuerki: why they drop out iang? (02:39:00) ErnestineSchwob: AYE (02:40:00) andreasbuerki: demotivation, private stuf, unclear policies or what? (02:40:00) iang: normal reasons ... busy, annoyed, sick, ... I suppose. (02:40:00) iang: i don't think the policies are unclear ... on DRP ... but the name issue is annoying (02:40:00) nb: phidelta, vote please? (02:40:00) andreasbuerki: have we ever asked them, why they dropped? (02:40:00) phidelta: Abstain (02:40:00) iang: i suppose we'd have to ask them ... but that would be to Nick to sort out (02:41:00) • nb declares the motioon carried (02:41:00) andreasbuerki: name issue??? (02:41:00) nb: 1. (02:41:00) nb: Status of Assurance Specials: TTP, Tverify, PoJAM, CodeSigning, SuperA, OA Motion on AP only (02:41:00) iang: too many small arbs on name changes, etc (02:41:00) snewpy: probably a separate discussion for another time, how to recruit and retain arbitrators (02:41:00) iang: nb: as mentioned, there is a motion to limit to AP. which means some of these things turn off (02:41:00) andreasbuerki: iang, would that not mean, to define this in a better way in the policy? (02:42:00) GolfRomeo: snewpy : yes (02:42:00) nb: iang, /me moves that that motion be confirmed (02:42:00) andreasbuerki: second iang's motion (02:42:00) nb: since it will pass anyway (already has 6 ayes) with one vote pending (mark's) (02:42:00) iang: move it be confirmed in this meeting rather than the next one? (02:42:00) nb: iang, yes (02:42:00) iang: understood, agreed, seconded (02:42:00) andreasbuerki: (02:42:00) snewpy: if we stretch a little and follow the same rationale that Philipp used successfully above to prevent us from further discussing the removal from archives issue, we clearly have no authority to turn TTP/whatever on OR off? (02:43:00) iang: well, we do because it is not subject to an Arbitration, is it? or is it? (02:43:00) snewpy: it's a policy question, and if the policy is clear, and they are not being processed, the policy has been implemented, but someone needs to submit a patch to the crit systems guys? (02:43:00) andreasbuerki: would lead us to stimulate policy change (02:43:00) • nb would like the board to request that all superassurers have their points reduced to 150 (02:43:00) iang: the problem is ... the policy is clear, but the systems are still running (02:43:00) snewpy: the AP says no assurances can be done not under the AP (02:43:00) phidelta: We don't have the authority to turn it on or of as a decision by us. But we do have a clear mandate to follow the rules. (02:43:00) phidelta: As such we have a duty to clearly state that they are currently off due to policy (02:44:00) snewpy: we should submit any cases outside of that to arbitration? (02:44:00) iang: the Tverify system is currently running because nobody switched it off (02:44:00) nb: although i have a pending arb in to get a list of those individuals with >150 (02:44:00) GolfRomeo: snewpy : yes I guess but we need to tell people what to do not to loose time filling TTP forms that noone will handle (02:44:00) iang: and it seems that TTPs have been handled recently (I heard a rumour) (02:44:00) snewpy: GolfRomeo: agreed, but someone should just submit a patch to the crit systems guys to reflect the already existing policy, right? (02:44:00) phidelta: So this is not a motion to decide On|Off but rather to actually flip the switch and tell people (02:45:00) andreasbuerki: Tverify I'm strongly against it...sorry, It doesn't match our identity Check standards (02:45:00) phidelta: TTP is not done in code, but rather by people (02:45:00) iang: right, it is a motion to flip a switch. coz they techies haven't really done it (02:45:00) nb: phidelta, well we can remove their ability to do that even (02:45:00) GolfRomeo: iang : who has handled TTP ? (02:45:00) snewpy: don't the TTPs come thru support? (02:45:00) GolfRomeo: (please) (02:45:00) nb: i.e. why i want to know who/why anyone has over 150 points (02:45:00) iang: don't know .... this is the problem with rumours (02:45:00) GolfRomeo: snewpy : yes both support and snail mail (02:45:00) snewpy: I have >150 points (02:45:00) iang: something like a TTP was apparently done a month back (02:45:00) nb: snewpy, yeah, i know you do, and teus does, and a few other former board (02:46:00) snewpy: ok, so lets put those in to arbitration and get the community's policies followed (02:46:00) andreasbuerki: with 250 assurances done... seems I am as well above... (02:46:00) GolfRomeo: iang : the only one that can handle is Robert and Robert is away from CAcert (02:46:00) nb: snewpy, alejandro had looked up a few people's but needed me to ask each person separately (02:46:00) snewpy: lets also find someone who can write a patch to modify whatever text leads people to believe they can use these older methods? (02:46:00) GolfRomeo: (I mean TTP forms) (02:46:00) nb: he couldn't give a list of EVERYONE with >150 (02:46:00) phidelta: Which is why there is a request to find out who did not follow the policies http://wiki.cacert.org/wiki/Arbitrations/a20090518.1 (02:47:00) snewpy: we're in murky water if we use our power to pass motions to "clarify" policies (02:47:00) iang: golfromeo: do you have any definate info from Robert? (02:47:00) GolfRomeo: andreasbuerki : personal assurance points not assurances made (02:47:00) phidelta: We are not clarifying policies, we are communicating them (02:48:00) andreasbuerki: And, as a suggestion, can we find out, which people entered the system by this thawte programm?? that makes me feel uncomfortable.... (02:48:00) GolfRomeo: snewpy : at least, we need to tell sysadmins to shutdown tverify.cacert.org (where people still can get 50 points from Thawte certificates) (02:48:00) andreasbuerki: Guillaume... would habe to count, how many people assured me (02:48:00) GolfRomeo: I mean 50 points automatically (02:48:00) u601 joined the chat room. (02:49:00) snewpy: we are saying which former policies breach the newer AP.. I'd say that is not just communicating, but interpreting (02:49:00) iang: not sure what you mean ... the situation is that the AP has not really been pushed out to anyone ... until the ATE process started (02:49:00) GolfRomeo: iang : I have tried to know about Robert but I have nothing sure (02:49:00) snewpy: for example, the point in the motion about junior assurers.. I don't see this defined anywhere in the AP (02:50:00) andreasbuerki: again, could we please verify, how many people entered by tverify.cacert.org? (02:50:00) iang: so basically everyone just carried on as if nothing had changed .... AP was effectively ignored out in the field (02:50:00) • nb used thawte transfer before tverify took place (02:50:00) GolfRomeo: snewpy : yes the system may breach the policy (02:50:00) iang: so now we -- the board -- have to go through all the bits, one by one, and turn them off or on. (02:50:00) u60 left the chat room. (Ping timeout: 180 seconds) (02:50:00) GolfRomeo: andreasbuerki : only sysadmins can look at the logs (02:50:00) andreasbuerki: iang, on a long term yes (02:50:00) snewpy: can we do that then, rather than the motion we have at hand? (02:50:00) snewpy: a motion directing the systems team to turn off tverify (02:51:00) andreasbuerki: Ok... so (02:51:00) nb: i had to send a signed email signed by my thawte certificate, and a photo id and link to my thawte notary listing to support (02:51:00) snewpy: a motion directing support to not accept any further TTPs (02:51:00) nb: and J. Wren Hunt assured me with 150 pts (02:51:00) iang: sure we can ... in essence the listed motion is meant as a signal to all the techies, admins and assurers (02:51:00) iang: it strictly isn't necessary coz the policy is in place already (02:52:00) andreasbuerki: entering by tverify.cacert.org would be until now the easiest way to place some sleepers... (02:52:00) iang: but it is easier to lead with a blanket motion as that is broadly communicable (02:52:00) snewpy: I feel that we're interpreting the policy, for instance can someone explain what is meant by not assuring "juniors", and what the definition, or policy foundation of that is? (02:53:00) GolfRomeo: Let's ask only the sysadmins to shutdown the systems. Support already know what to do (and current support people don't have more than 150 points) (02:53:00) iang: eys (02:53:00) iang: yes (02:53:00) phidelta: Not assuring Juniors means not assurting children (02:53:00) andreasbuerki: this whole easypeasy get into CAcert.org think makes me nervous (02:54:00) phidelta: The rationale is that they can't sign the CCA in their own hand as is required (02:54:00) andreasbuerki: think=thing (02:54:00) iang: the problem with juniors is that they can't so easily enter into CCA .... so effectively, as we rely on CCA for lots of other things ... like arbitration ... juniors represent a breach (02:54:00) • nb thinks we should vote now (02:54:00) snewpy: and what is a child? and in who's jurisdiction? and what if they are in a jurisdiction that allows minors to bind to contracts that are in their interest? (02:54:00) iang: so we need a way to bring the juniors in so that we can cover the risk (02:54:00) nb: some board members have to leave soon (phidelta) (02:54:00) phidelta: In the jurisdiction of the child (Sad but true) (02:54:00) iang: right, so it is complicated by jurisdiction (02:54:00) andreasbuerki: mark, are there such? (02:54:00) snewpy: iang: not across the board they dont... not all jurisdictions have a blanket inability for minors to enter into contracts (02:54:00) iang: but, snewpy, this is all discussed in policy group, not here (02:54:00) snewpy: right (02:55:00) snewpy: my point is this is not covered by the policy (02:55:00) iang: their job is to come up with a policy that covers it (02:55:00) snewpy: and the policy group should work on this, not us directing no assuring minors (02:55:00) iang: clearly, AP does not. (02:55:00) phidelta: Well you are wrong. It is handled by the policies (02:55:00) phidelta: Any case NB called for a vote. And I have one more item of business as well (02:55:00) snewpy: in many jurisdictions, a minor can be bound by the CCA (02:55:00) phidelta: (Just popped up) (02:55:00) andreasbuerki: and are the policies applied? (02:55:00) andreasbuerki: in practice? (02:56:00) snewpy: I would like to propose that we split it in to smaller motions directing the technical side of it (02:56:00) iang: i'm ok with going to the vote, or is more discussion required? (02:56:00) • phidelta urges nb to use his gavel (02:56:00) snewpy: rather than the motion before us (02:56:00) andreasbuerki: Mark, makes sense (02:56:00) iang: i don't think that necessary. we can add motions later on as needed (02:56:00) GolfRomeo: The case for junior is unclear and yes the motion is bringing everything on the table at once where we had to split motions (02:56:00) snewpy: and in the alternative, I don't tihnk it's approriate for the junior bit to be in there (02:56:00) snewpy: we would be de facto inserting policy if we pass it as it stands (02:57:00) iang: that isn't de facto policy ... that's recognising that our systems don't cover it (02:57:00) GolfRomeo: let's remove the junior from the motion (02:57:00) snewpy: and usurping the policy group's work towards consensus on it (02:57:00) iang: therefore don't do it until they have written it (02:57:00) phidelta: People it is now 3AM here. A majority of us are in CET (02:57:00) phidelta: The next meeting will either be ath 18:00 UTC or onl 45 minutes long (02:57:00) snewpy: iang: but many minors can be assured within the current policy (02:58:00) phidelta: Now get to the point (02:58:00) phidelta: This whole motion is a signal only as the policies already exist (02:58:00) • nb calls for a vote (02:58:00) iang: object: it says "These are to cease immediately, and be only restarted when the appropriate (02:58:00) iang: subsidiary policy under AP is passed into DRAFT by policy group. (02:58:00) iang: " (02:58:00) iang: there is no usurping. (02:58:00) phidelta: If you don't like the policies go to the policy list (02:58:00) • nb bangs gavel (02:58:00) snewpy: we're inserting policy... some minors can currently be assured in accordance with the AP (02:58:00) snewpy: this motion would prohibit something currently allowed under policy (02:59:00) andreasbuerki: why we dont discuss this on the 26?? (02:59:00) GolfRomeo: please : just keep the top of the motion (02:59:00) • phidelta motions to sanction Snewpy for disruptive behavior (02:59:00) andreasbuerki: in fresh mood (02:59:00) iang: er not the case, it says "Juniors" not minors and they have to be defined (02:59:00) snewpy: we're not allowed to debate the motion because you're late for bed, Philipp? (02:59:00) andreasbuerki: Mark, be fair (03:00:00) snewpy: could I suggest we remove the junior bit, and defer that? (03:00:00) snewpy: I support the remainder of it (03:00:00) iang: i disagree (03:00:00) GolfRomeo: snewpy : I second (03:00:00) phidelta: (as the only responses coming to mind are too obscene for a transcript I will refrain at this time from making them) (03:00:00) andreasbuerki: no, we postpone the desicison (03:00:00) iang: if we take out the junior bit, we also leave in the risk that a junior / minor can be assured (03:01:00) nb: ok, lets remove the junior bit for now and vote on that (03:01:00) • nb calls for votes (03:01:00) phidelta: I agree with Ian here. And would vote no (03:01:00) snewpy: iang: and if they cannot be bound by the CCA, then arbitration can unassure them (03:01:00) iang: snewpy: that isn't the only risk (03:01:00) phidelta: Nick has already called a vote on the original motion. (03:01:00) snewpy: iang: can you explain? (03:01:00) phidelta: So let's just vote on that (03:01:00) iang: they are outside arbitration ... so they can take CAcert to court (03:01:00) nb: OK (03:02:00) nb: *GAVEL* ORDER! *GAVEL* (03:02:00) GolfRomeo: Yes (expurged motion) (03:02:00) nb: lets vote on the original motion (03:02:00) andreasbuerki: ok.... then NO -> Naye (03:02:00) nb: or what are we voting on now? /me is confused (03:03:00) • nb suggests we vote on confirming the original motion as it reads in the voting system (03:03:00) nb: I vote AYE (03:03:00) iang: agreed, seconded AYE (03:03:00) phidelta: AYE (03:03:00) GolfRomeo: I turned to NAYE (03:03:00) ErnestineSchwob: AYE (03:03:00) snewpy: naye (03:03:00) andreasbuerki: AYE (03:04:00) • nb declares it carried. (03:04:00) nb: any other orders of business which the committee unanimously votes to treat as urgent matters? (03:04:00) nb: if not i would entertain a motion to adjourn (03:04:00) andreasbuerki: not from my side (03:04:00) iang: i would vote for more meetings (03:04:00) iang: but we can discuss it in lists. (03:04:00) nb: *note: any non-agendaized issues must be unanimously agreed that they are urgent to be addressed at a meeting* (03:05:00) andreasbuerki: iang, not a bad idea... (03:05:00) nb: iang, i would agree, given us working out a time (03:05:00) andreasbuerki: as in normal business life (03:05:00) nb: phidelta, you had something i think you mentioned? (03:06:00) nb: although it would have to be declared urgent to be addressed at this meeting (03:06:00) • phidelta moves to restrict discussions on all topics and motions to 5 minutes. If it becomes clear that this is insufficient the motion will de deferred to the next meeting with instructions to properly prepare and brief the board on them. (03:06:00) andreasbuerki: iang, why not on the wiki.... propsal, pros and cons... + comments (03:06:00) • nb GLADLY seconds phidelta's proposal (03:06:00) nb: actually i move to amend it to provide that the time limit may be extended by unanimous consent (03:06:00) andreasbuerki: phil... 5 will not be enogth.... 10 I would agree (03:07:00) snewpy: you're not sneaking that one thru on urgent business.. propose it for the next meeting please, so we can properly discuss it (03:07:00) nb: true (03:07:00) nb: its not urgent business (03:07:00) iang: agreed, nobody has brought up urgent business (03:07:00) nb: do i hear a motion to adjourn? (03:07:00) snewpy: I agree in principle to time limits, however, but it's not appropriate to bring it up now (03:07:00) snewpy: I move we adjourn (03:07:00) iang: motion to adjourn! (03:07:00) nb: AYE (03:07:00) phidelta: Ok. Please put it on the next Agenda as the 1st Motion. If it passes it should apply to all further items on that agenda! (03:07:00) GolfRomeo: AYE adjourn (03:07:00) nb: phidelta, agreed (03:08:00) snewpy: aye to adjourn (03:08:00) phidelta: AYE! (03:08:00) andreasbuerki: AYE (03:08:00) nb: ErnestineSchwob, (03:08:00) ErnestineSchwob: AYE (03:08:00) nb: MEETING ADJOURNED! (03:08:00) nb: *gavels* }}} . Original Place Meeting Transcript [[https://svn.cacert.org/CAcert/CAcert_Inc/Board/Minutes/20090913_log.txt| SVN CAcer.org Website]] - NOT EXISTING! <
> ---- == Inputs & Thoughts == . YYYYMMDD-[[YourName]] . {{{ Text / Your Statements, thoughts and e-mail snippets, Please }}} ---- . YYYYMMDD-[[YourName]] . {{{ Text / Your Statements, thoughts and e-mail snippets, Please }}} ---- <
> '''Category''' or '''Categories'''<
> CategoryBoardMinutes