Committee Meeting 2010-05-30

The meeting will take place at 21:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.

Feel free to add a business within the acceptance period or your question to the board below.

Premeeting

  1. Prepare minutes from last meeting

  2. put motion to accept the minutes

  3. Summary of cacert-board-private list since YYYYMMDD and reason for privacy
  4. Update action items

Agenda

  1. Preliminaries
    1. Chair opens the Committee Meeting
    2. Accept the minutes from the last meeting.

    3. Who is making today's minutes?
  2. Businesses Important Note: Acceptance of Businesses 48 Hours before beginning of Committee Meeting latest!

    1. Minutes from Annual General Meeting added by Iang

      1. Minutes of the 2010-01-30 AGM

      2. Item for Discussion. This is more a chance for committee members to flag any issues.
      3. It is up to the membership of the association to accept, committee can only recommend (I guess?).
    2. Software Assessment added by Iang

      1. In recent months, Markus was added as SA with Philipp G to make 2. We need many more.
      2. Several others had started their ABCs and were under consideration. Review?
      3. original proposal for more ABCs.

      4. Software is CAcert's achilles heel. It stops us doing minor fixes that remove major barriers to every other department in CAcert, creating an awful "tax" on all our contributors.
    3. Hosting Contract added by Iang

      1. wiki discussion

      2. start, latest from Andreas.

  3. Question Time
  4. Closing
    1. Confirm the next Committee Meeting: 20th June 21:00 UTC.

    2. Chair closes the Committee Meeting

Minutes

  1. Preliminaries
    1. Chair, Lambert opens the Committee Meeting at 2100UTC
    2. Dan volunteers to write minutes
    3. Andreas reports Ernie as ill
    4. Ian report Mark as ill
  2. Business
    1. Minutes from Annual General Meeting
      1. "suggest people do review it ... there are some sections which were controversial" Iang - added to Brain/CAcertInc/Committee/ActionItems

      2. dan: "i was happy with it. seem to match my perception of the log. thanks"
      3. Lambert: "Ok, summary for 2.1: minutes created, but we have to verify them. Then send them to the CAcert Inc. members" - done 20100501

    2. Software assessment
      1. iang refering to ABC of Dirk, Alexander and Dominic - summary: ABCs are slow. Arbitration is slow.
      2. board is more or less in charge of the Software effort, we have to keep an eye on it, and also think of ways to support.
      3. ABC are holding up software assessment
      4. software assessment have solved serial issues on test machine.
    3. Adfinis Contract
      1. No input from Nick, Mark, Ernie or Mario on wiki Technology/Laboratory/Hardware/InfrastructureHost/Bern/Contract

      2. Lambert - discussion page worked
      3. Main items on discussion at the time were (Lambert):
        1. Swiss law, we cannot enforce that on others
      4. Items probably changeable (dan)
        1. 'can change contract in writing' which was an acknowledged error
        2. 'moving offering to appendix'
      5. Backups issue (iang)
        1. are we placing data on an external organisation? data protection issues? (iang)
        2. what is backed up is at our discretion (dan) - can be encrypted blob (dan/lambert)
      6. Recap from last meeting - It was then agreed that the offer in itself is good, and suits our needs (lambert)
      7. Summary of concerns
        1. "my only concern is internal - making us deliver on our part. i'm happy for a good offer with no financial contribution. its good infrastructure so meeting the obligations seems fair to me" (dan)
        2. "One is the jurisdiction/law question." (iang/lambert)
        3. "The second is the overall discussion being somewhat difficult without direct contact with M" (iang)
        4. "Minor issues, such as the inclusion of a broad NDA clause ... which should be easier to turn into something more tractable" (iang)
      8. Jurisdiction
        1. covers all our people (iang)
          1. cover all people involved in contract (dan)
          2. words "Officers, key persons, coworkers and voluntary contributers of the Parties are referred expressly to this regulation" are vague and may bring in our members (iang/lambert)

        2. parties have conflict in entering into a separate jurisdiction (iang)
          1. members are bound to resolve all disputes arising out of CAcert activities in our forum (iang)

        3. wasn't a negotiable part of contract, take it or leave it (dan)
        4. Swiss I am fine with if coupled with limited liability (1000EUR) (lambert)
      9. how to proceed?
        1. cannot proceed unless Directors are comfortable because of duty of care (iang)
        2. a contract for a small but good bit of hardware (dan)
        3. small should mean limited requirements and limited risks, but that is not so (iang/lambert)
        4. MoU such as with Oophaga would be suitable here (lambert)
        5. propose to poll all committee members (lambert)
      10. mark blusters in and:
        1. it's rather poorly drafted and could use a rewrite ... a contract should be a concise and exact description of two parties' obligations to each other, the current draft reads more like a press release than a contract.

        2. seems to bind community
        3. NDA is a killer, we have not been bound by one so far, so this would be charting new territory.
      11. some discussion of the marketing offering...
        1. offers things we have no capability to deliver
        2. if no-one is obliged, it doesn't matter (dan)
        3. if not obliged should not be in contract; not wise to contract for things we cannot control (mark)
        4. offering is good, contract is not (mark)
      12. offer may be withdrawn by supplier (dan)
        1. that's a risk run by bringing completed / non-negotiable things to the board (mark)
        2. this was started last year by the board (dan) no it wasn't, it was not brought to the board (iang)
        3. dan advised on technical parts of contract, as infra lead, before draft was forwarded to board.
        4. it cannot be the board who ruins the deal if we decline to rubber-stamp the deal prepared by a member of the community who declined to share it (mark)
        5. fully agree, but we need to find a way to secure the offer (lambert)
      13. Conclusion (by lambert)
        1. 3 of 4 of here had issues with the contract
        2. presenting a "take it or leave it" offer without a mandate is unacceptable
        3. offer ends end of June (dan)

        4. Lambert to email michael and cacert-board-private
        5. Lambert to talk with Andreas
    4. Urgent Business -- raised by Mark
      1. "I've been charged to my personal bank account $40.75AUD for fees for transferring payments to Oophaga" (mark)

      2. request motion to correct, proposed and carried as m20100530.1

  3. Close
    1. Confirm the next Committee Meeting: 20th June 21:00 UTC.

Synopsis

Motions

Meeting Transcript

Time Zone UTC +2

(22:52:00) dirk: logging-machine: connected, talking-machine: connected ... and here is the keyboard ... ;-)
(22:52:01) dirk: hello everybody
(22:53:27) dan: gm (shiver/yawn)
(22:56:06) iang: morning (yawn)
(22:56:33) magu|: moin
(22:57:56) JS [bachusii@ip4da9f84b.direct-adsl.nl] entered the room.
(23:01:28) Nik: hi
(23:03:26) iang: are there minutes?
(23:03:34) Q: Hi
(23:03:48) dirk left the room (quit: Quit: [https://irc.cacert.org]   (Ping timeout)).
(23:03:55) Q: Minutes yes, except for questions (need to add that chapter)
(23:04:04) hugi: Dear all, please excuse Ernestine for today's meeting.
(23:04:34) Q: Hi hugi, nothing serious I hope?
(23:05:06) dirk [59f4700e@CAcert.Web.Interface.User] entered the room.
(23:05:11) Q: Hi all
(23:05:18) hugi: Q: I hope not, thx
(23:05:32) dirk: re hi
(23:05:58) Q: we have Dan, Ian,Mario, Nick (are you tehre nick?) and mysel
(23:05:59) Q: f
(23:06:10) Q: I'd like to open this meeting
(23:06:13) Q: Welcome all
(23:06:16) iang: I had a quick comment from Mark, he is engaged in some health issue, and likely indisposed
(23:06:29) Q: Ok
(23:06:45) iang: nb: ping?
(23:07:26) Q: First, the minutes. I'm sorry, I was to do the minutes, have finished half of them, will get thjem done by tomorrow
(23:07:48) Q: Wiki page already contains transcript though
(23:08:11) Q: Next: minutes of the AGM. 
(23:08:28) Q: We found a volunteer in Ian, he wrote the minutes
(23:08:42) Q: Has anyone feedback or other comments on the AGM minutes?
(23:09:09) iang: https://svn.cacert.org/CAcert/CAcert_Inc/General_Meetings/AGM-20100130/Minutes-20100130-AGM.html
(23:09:10) iang: 1st cut, can be considered for review.
(23:09:11) dan: i was happy with it. seem to match my perception of the log. thanks
(23:09:24) iang: There are no minutes for the meeting of the board that approved the annual report.  My memory has it that it was around Tuesday evening, in the week running up to the AGM weekend.
(23:09:48) iang: That was attended by Andreas, Ernie and myself only.
(23:10:01) Q: iang: Was that the previous board?
(23:10:06) dan: 3 is still a quorum :-)
(23:10:25) iang: I'd suggest people do review it ... there are some sections which were controversial.
(23:10:41) dirk left the room (quit: Quit: [https://irc.cacert.org]   (Ping timeout)).
(23:10:41) iang: Q: yes, the last meeting of the last board, called to approve the report.
(23:11:25) Q: And no minutes of that meeting? Hmm. Does someone have the transcript, and can we create minutes?
(23:11:42) iang: I don't have the transcript, I don't think.
(23:11:43) dirk [59f4700e@CAcert.Web.Interface.User] entered the room.
(23:12:02) Q: Ok
(23:12:21) Q: Talking about minutes: who will write the minutes of todays meeting?
(23:12:48) dan: sure i will
(23:12:57) Q: Great, thanks
(23:14:01) Q: Ok, summary for 2.1: minutes created, but we have to verify them. Then send them to the CAcert Inc. members
(23:14:10) Q: Anything to add on 2.1?
(23:14:24) dan: well they have been sent to the members
(23:14:28) iang: fine by me.  I've already notified the members, but don't mind notifying them another 10 times :)
(23:14:42) Q: Ok, item 2.2
(23:14:54) Q: Software assessment.
(23:14:57) iang: technically I'm not sure of the process, it seems a bit rough because of the infrequency of GMs
(23:15:07) Q: Ian, it's your item, you have the floor
(23:15:19) iang: Several requests for ABCs over members sent to Arbitration, and were under consideration.  Review from Ulrich:
(23:15:20) iang:  * [[https://wiki.cacert.org/Arbitrations/a20100113.3|Dirk ?]], [[https://wiki.cacert.org/Arbitrations/a20100113.2|Alexander ?]], [[https://wiki.cacert.org/Arbitrations/a20100223.1|Dominik ?]]
(23:15:20) iang:  a. ABC Dirk has been started by the Support t/l for role Support (as a workaround for later shift to Software-Assessment). (A) is Philipp Dunkel. Interview done by Andreas Baess, Ulrich Schroeter, Interview Transcript sent to PD. Process is awaiting ruling by Philipp Dunkel
(23:15:20) iang:  a. ABC Dominik has been started by the Support t/l for role Support. (A) is Ulrich Schroeter. Interview done by Iang, Ulrich, Interview Transcript finished 26. May.  Process is awaiting ruling by Ulrich Schroeter
(23:15:20) iang:  a. ABC Alexander has been started by Support t/l (Iang) and Software-Assessment t/l (PG). (CM) and (A) is not defined yet.  Attempts at Cebit time to meet Alexander for an interview was unsuccessful.
(23:15:21) iang: Conclusion:  ABCs are slow.  Arbitration is slow.
(23:15:22) iang: (END)
(23:16:50) Q: What is the issue here: the ABC's that are slow, or the assessment itself?
(23:16:53) iang: I guess the main thing is here that as the board is more or less in charge of the Software effort, we have to keep an eye on it, and also think of ways to support.
(23:17:36) iang: Both I think.  The ABCs are a tough burden, in that they require a face-to-face meeting with someone who is good at interviewing ... and a lot of work in the background
(23:18:02) Q: Yes, that's what we agreed on when we introduced ABC's
(23:18:04) iang: s/require/should include/
(23:18:28) iang: and that matches the approximate demands of the old "background checks"
(23:19:08) Q: iang: what do you mean with that last sentence?
(23:19:12) iang: I personally don't see any ways to improve the process that easily.
(23:19:42) iang: Q:  that the current ABC process is comparable to the old, undocumented process from 2008 and before.  This is approximately good.
(23:20:25) Q: Iang: is this a FYI, or do you need anything from the board right now?
(23:20:38) iang: where there is a concern is that this might be a pointer that Arbitration itself is needing attention ... another pointer is the continuing backlog oc cases
(23:20:42) iang: s/oc/of/
(23:20:52) iang: For software, this is an FYI.
(23:21:19) iang: Software team are beavering away on things, haven't asked for any support.
(23:21:41) iang: Oh, and I should add, we have reached a compromise consensus on the Security Policy ... that should go to DRAFT in a week.
(23:21:50) dan: did they solve the serial emulation issue with the signer?
(23:22:00) dan: on test system
(23:22:18) iang: i haven't heard of any progress on that, I can ask again.
(23:22:21) Q: Ok. I agree Arbitration starts to become an issue, will address it in the upcoming arbitration team meeting
(23:22:42) iang: (2 weeks ago, PG and MG were talking about it in chat, I had to leave.)
(23:22:59) dan: k
(23:23:06) iang: I think we need more Arbitrators .. and more generic cases.
(23:23:22) Q: Iang: yes, saw a month long discussion on SP, thanks for managing that, proces
(23:23:53) iang: dirk reports that on the german test server, the signing is now working, thanks to markus + andreas baess
(23:24:16) dan: yay :-) great work folks
(23:24:33) iang: thanks, the document gets better each time
(23:24:33) Q: Summary: ABC's for the software team take too long, is an issue in the arbitration group, Lambert will address it in the next arbteam meeting
(23:24:57) Q: Next topic: Hosting contract
(23:24:59) iang: thanks
(23:25:19) Q: This topic was discussed in last board meeting
(23:25:28) Q: It then lead to a long discussion
(23:25:52) Q: Dan has created a wiki page with items
(23:26:12) Q: This was used by Dan, Ian, Mario, PD, and myself
(23:26:15) iang: https://wiki.cacert.org/Technology/Laboratory/Hardware/InfrastructureHost/Bern/Contract
(23:26:33) Q: No feedback from Nick, Mark, or Ernie
(23:26:39) dan: mario's comment was an example that i put it - wouldn't count that as his contribution
(23:27:12) Q: First, Dan, don't know how you look at it, but I liked it, since it combines all feedback into one page. Thanks for that
(23:27:28) Q: Don't know how many emails this would have given if we had not had this page
(23:27:41) Q: (dan: ok, didn't know)
(23:28:23) dan: its certially better than email imo. there's probably stuff that can be done for format tweaking but i'm happy with it as a sorting mechanism for ideas
(23:28:51) Q: Now, if I may summarize: there are a number of " I'd like to change this" items, and a few "I cannot live with that" issues
(23:29:01) Q: Main items are:
(23:29:23) Q: - not exactly clear what we get (this can be sorted out I think)
(23:29:57) Q: - this is under Swiss law, we cannot enforce that on others
(23:32:03) Q: We got feedback that only the chapter 3.1 and 3.2 regarding what we should provide, is up for negotiations
(23:32:18) Q: Did I miss anything in this summary?
(23:33:25) dan: i think the easy other changables are the 'can change contract in writing' which was an acknowledged error and perhaps 'moving offering to appendix'
(23:33:58) iang: Backups were originally suggested as being run by adfinis ("BRU" installed client) but I gather that was later suggested as now being run by CAcert?
(23:34:19) dan: the configuration as to what is backed up is at our discression.
(23:34:25) Q: iang: they provide a solution to back up to external storage
(23:34:46) dan: and to come extent how - we can make them backup  an encrypted blob and store the key elsewhere
(23:34:52) Q: we don't need to use it, and can use it for instance to write encrypted data
(23:35:07) iang: ok.  issue here is whether we are placing data with an external organisation.  this makes for interesting questions in data protection
(23:35:16) Q: see? Dan and I have the same interpretation :-)
(23:35:22) Q: so must be correct
(23:35:53) ***dan laughes (but agrees in this case)
(23:36:08) Q: Last meeting we already discussed the offer. It was then agreed that the offer in itself is good, and suits our needs
(23:36:43) Q: So the discussion today is not about whether we're interested, more about what the issues are for us to accept or reject
(23:37:21) Q: Maybe a good start could be if everyone would list his/her main concern, in just one line
(23:37:26) Q: Law?
(23:39:01) iang: (Law appears offline .. I think he just got back from long haul trip over last 24 hours, possible jetlagged.)
(23:39:02) dan: my only concern is internal - making us deliver on our part. i'm happy for a good offer with no financial contribution. its good infrastructure so meeting the obligations seems fair to me
(23:39:05) Q: I see no response
(23:39:29) Q: Dan, ok, thanks. Ian?
(23:39:55) dan: and you Lambert?
(23:40:04) iang: are you asking for a summary of concerns?
(23:40:18) Q: Ian: asking for your main issue with the contract
(23:41:45) iang: I guess I have two equal difficulties.  One is the jurisdiction/law question.  The second is the overall discussion being somewhat difficult without direct contact with M.
(23:43:08) Q: Main concern is: it requires a contract under Swiss law. This is a potential risk for CAcert, because we have limited resources, and a court case could effectively end CAcert. I can imagine it with a limited liability clause, or as Dan proposed: if there are issues, both parties can end the agreement, but not without that
(23:44:11) Q: So again, we all seem to like the offer of Adfinis?
(23:44:38) Q: (as far as the hardware that is offered)
(23:44:48) iang: there are some other minor issues, such as the inclusion of a broad NDA clause ... which should be easier to turn into something more tractable.
(23:45:06) iang: hardware is fine, any machine that can support VMs is good
(23:45:25) Q: iang: yes, but it includes rackspace and power
(23:45:41) iang: s/hardware/running hardware/ :-)
(23:46:00) dan: +bw
(23:46:03) iang: yes, indeed, the rackspace + power + bandwidth is more important than the machine
(23:46:30) Q: The NDA might not be a real issue, Adfinis does not have to share any info with us.
(23:46:46) Q: So if they do, we can assume they share it with everyone
(23:46:54) Q: But
(23:47:07) dan: (or that it would be a short term secret)
(23:47:11) iang: well, we can't assume that, following the contract
(23:47:33) Q: this is not helping progressing the discussion get forward, we can repeat what was written in the wiki
(23:48:03) Q: The jurisdiction issue is rather important and imho can have far reaching effects
(23:48:05) iang: sure ... the issue here is that this would be solved simply by having a limited clause.
(23:48:30) Q: So I like to hear the feedback of our other board members
(23:49:20) dan: its not a grand show all your secrets contract. some minimal stuff may be exchanged for the purposes of meeting the contract. this does no mean we are dealing business in secret - only some aspects
(23:49:21) Q: Ian, do I hear you say that if we have a contract under swiss law, with limited liability, that it would be acceptable to you?
(23:49:32) iang: one problem is that the way it is written, it covers all our people
(23:50:06) dan: I think it covers people that start to be involved in the contract.
(23:50:07) iang: a second problem is that the parties itself may have conflicts in entering into an alternate jurisdiction
(23:50:08) Q: Yes, saw that
(23:50:36) Q: iang: you mean Adfinis or CAcert?
(23:50:45) iang: both, the parties
(23:51:47) iang: i didn't see it at first, it was PD that pointed it out ... it seems that we may not be able to set aside the local jurisdiction so easily if it relates to our activity
(23:51:47) dan: it was a non-negiotatable part of the contract take it or leave it
(23:51:57) Q: What if we talk to Michael, and agree to a limited liability of 1000 euro, the maximum under DRP? Then we can "forward" fines to the persons that violated the contract
(23:52:29) Q: iang: "local" as in Swiss or AU?
(23:52:41) iang: hypothetically, it would be possible to do some form of compromise with an agreement in the community.
(23:53:05) iang: "local" equals our Arbitration, AU law (in that comment above)
(23:53:28) Q: iang: "hypothetically" ==> I'm not looking for technicalities, I'm looking for a way to solve this issue
(23:53:51) iang: the thing is, members are bound to resolve *all disputes arising out of CAcert activities* in our forum
(23:54:13) iang: now, even if we agree to another arrangement, it is not clear we can set the primary arrangement aside
(23:54:57) Q: iang: Yes, agree, so with limited liability, CAcert Inc. can have a contract with Adfinis, and a conflict would be between CAcert Inc. and the members
(23:54:59) iang: indeed
(23:55:49) iang: that might be possible
(23:55:50) Q: So that way CAcert Inc. would be the "firewall" between external contracts and internal DRP. Could that be made to work?
(23:56:17) dan: huh
(23:56:43) Q: dan: what do you mean by "huh"?
(23:56:52) iang: What CAcert Inc would be saying is that we set aside the DRP for these and these issues only.  it would still be a risk in theory because of the relationship.  But if the intent was clear, this would narrow down the scope of future challenges.
(23:57:35) iang: What absolutely must be done is to clear everyone else out of the contract, the members.  We will never be able to sustain binding out members in.
(23:57:37) dan: the contract is between cacert inc and adfinis. the community members that may do something do so under cacert incs liability. how we manage that is up to us.
(23:58:19) dan: members being community or inc?
(23:58:50) Q: Does that mean you think this might work? (contract between CAcert Inc. with max liability of 1000 euro, further internal disputes between Inc. and members)
(23:58:56) iang: community in this context (including Inc by extension)
(23:58:58) Q: Both
(23:59:02) dan: it was a non-negiotatable part of the contract take it or leave it
(23:59:49) dan: inc members are limited from liability because cacert is an limited liabilty incorporation
(23:59:52) iang: right, non-negotiable, which is why I used the word "hypothetical".  The statement:  "Officers, key persons, coworkers and voluntary contributers of the Parties are referred expressly to this regulation." ... is not a comfortable one.
(23:59:59) Q: dan: yes, that;s what was said
(31.05.2010 00:01:15) Q: Dan: members might be limited, CAcert Inc. is not under this contract. 
(00:01:24) iang: Inc Members are only limited in their liability if the Inc is sued and is wound up, with the Members then being held responsible.  This is quite a narrow scope, and the contract will avoid that scope.
(00:01:44) dan: er - no - the "Officers, key persons, coworkers and voluntary contributers of the Parties are referred expressly to this regulation" is the the communicaiton privacy section
(00:02:40) Q: That only refers to communication? Not sharing business secrets we should not get in the first place?
(00:02:43) iang: In order to cover all the other scopes -- the legal actions possible -- DRP puts in substantial protections.  Unfortunately this will all be null & void under this contract.
(00:03:24) iang: the problem with that clause is that it is not clear what it is saying.  It can be construed as bringing the members in to the entire contract.
(00:03:46) dan: front page says who the contract is with.
(00:04:01) iang: It doesn't really matter what section it is in ... if it is broadly enough written
(00:04:09) Q: That's exactly what I don't like about it: for me it's not clear what the outcome could be in a court case
(00:04:42) Q: and I cannot sign a contract that is putting CAcert at risk
(00:04:48) iang: yes, uncertainty ... the job of the contract is to reduce those uncertainties, for both parties.  it's not a stick with which to wack the other guy, it's a device for limiting the sticks in a future fight
(00:05:01) Q: Exactly
(00:05:30) Q: So how do we go from here? I think it's important enough to ask for the input of the other board members
(00:05:37) dan: its  contract of understanding - terminating it will be more condusive to every party than any legal aciotn.
(00:05:44) iang: so, hypothetically, these things could be fixed up.  But the message does seem to be consistent that there is no desire for that.
(00:06:03) dan: all board members have been asked for input.
(00:06:18) Q: Yes
(00:07:00) Q: UInfortunately I've been overbooked the last two weeks (too much work in my real job :-(  )  and have not been able to contact them directly
(00:07:39) iang: My feeling is that we cannot proceed until the directors are comfortable with it, as there is a director's duty of care.
(00:08:12) dan: this isn't a contract between large companies or govenments. its a contract for a small but good bit of hardware. blowing it up to legal fanatics and micro scrutanising a contract for our community isn't approprate
(00:08:39) iang: Also, I am troubled by the "take it or leave it" approach, to be honest I don't understand why we can't just talk it over the phone.
(00:08:55) Q: For me it's simple: I like what Adfinis is offering us, I'm sure we can come to an agreement on the advertising part, I have no unsurpassable issue with a limited contract, but as far as I can see it now, it's unlimited, and that's not acceptable
(00:09:11) Q: Yes, that DOES seem strange to me. 
(00:09:24) iang: well, if it is a small contract, it should be limited to a small set of requirements.  It isn't.
(00:10:04) iang: this was my point that really, a memorandum of understanding might better capture the spirit and size of what we are trying to achieve ... it seems that this is more popular in the open source world
(00:10:24) Q: As I said, I'm sure we can come to an agreement. After all, we cannot really harm adfinis, but we can advertise and talk to others about how great they're doing
(00:11:25) Q: Yes, we also only have a MOU with Oophaga, and that has worked alright for years now
(00:11:44) iang: It is hard to see how we could really harm them, yes.  There are some minor harms ... like we could use the machine for phishing or botnets or something ... in which case they shut it off and kick us out.  But of course that is unlikely and there are many controls.
(00:12:05) dan: whether its written as a mou or contract it still has implications - both are common law (assuming that is the case in swissland0
(00:12:13) Q: That would hardly harm them, and would seriously harm CAcert
(00:12:57) iang: Q:  right, that's one of the controls :)  actually it can harm them because they have to bear the brunt of upstream anger ... conceivably their entire hosting business can be cut off
(00:13:39) iang: this is one of the effects we see in Sonance.  But, I stress it is manageable, it's no deal killer, it's like driving down to the shops and getting beer, yes there is a chance of an accident along the way.
(00:13:43) Q: dan: yes. But would be interpreted as: this is what we all agreed upon, not as: we can sue you if you fail on any agreed item
(00:14:00) Q: Iang: it would be simple to simply cut us off
(00:14:07) iang: right
(00:14:11) Q: so it would still harm us
(00:14:34) Q: Basically they're fully covered already
(00:14:50) Q: So, how to forward from here?
(00:14:55) iang: yes, the harm to us is far more than the harm to them, in general.  so it is well controlled.
(00:16:06) Q: I propose I will contact all other board members within the coming two days, and specifically ask for their opinion. Will put it in the wiki (if they have no feedback, I'll make it explicit by adding that to the wiki as well)
(00:16:22) iang: but the reverse is not entirely the case.  One general circumstance is with hosting companies going bankrupt, and then the liquidators delivering large bills to all the customers.  In general terms, this would be a danger (although I think adfinis looks long-lived and stable in a swiss sense, not fly-by-night in a dotcom/us sense).
(00:16:35) iang: ok
(00:17:12) dan: why has the come to fear comments about legal action and courts?
(00:17:31) dan: how few contracts ever get to court even when disputed?
(00:17:35) iang: because that is what a contract is for
(00:17:39) dan: do you really think its likely
(00:17:40) dan: ?
(00:17:48) iang: if you don't fear legal action and courts, you don't need a contract
(00:18:15) dan: contract=mou - different headings - same implication under law
(00:18:50) iang: which is why there is no contract written form between Sonance and CAcert... nobody on either side of that deal believes there is any possibility of courts or legal action
(00:19:42) dan: they didn't promise to deliver anything either.
(00:20:00) iang: didn't they?
(00:20:12) dan: adfinis has in this contract promised deliver of hw and service - a contract seems approprate
(00:20:39) dan: ref sonance - if so i didn't see it - irrelevant for this meeting though
(00:20:48) Q: I also propose to send Adfinis an email, explaining that 
(00:20:48) Q: - we are very happy with their offer to provide a server, hosting, power, and bandwidth
(00:20:48) Q: - we're sure we can come to an agreement regarding the advertising
(00:20:48) Q: - we're a reliable party, and have a good track record regarding manging our servers (no spam and all)
(00:20:48) Q: - however, since we have limited resources, we cannot affort a contract without a limited liability, because it could end CAcert
(00:20:50) Q: - we hope he understands the issue, and we can come to an agreement here
(00:21:28) Q: ??
(00:21:53) dan: the deadline has been set. be quick
(00:21:59) markl [Mark@ppp121-45-191-35.lns6.syd7.internode.on.net] entered the room.
(00:22:35) iang: well, the thing there is that the limits on liability involve some various areas ... it isn't just a simple matter of adding a one line clause.
(00:22:50) markl: hi all, sorry I'm late
(00:23:15) dan: mark have you got time for a oneline summary of the adfinis contract?
(00:23:20) iang: hi mark, we're almost at the end ... although it would be good to hear if you have an opinion on the adfinis contract?
(00:23:31) Q: Morning Mark
(00:24:44) markl: sorry to bluster in and be a pain, but I share quite a few of Ian's concerns, I think it's rather poorly drafted and could use a rewrite... a contract should be a concise and exact description of two parties' obligations to each other, the current draft reads more like a press release than a contract
(00:25:45) dan: if it had a mou header would it be better?
(00:26:14) markl: I think 3/4s of it could be moved to a press release, and the rest could form the contract
(00:26:34) Q: markl: what about what they offer (system, power, bandwidth)?
(00:27:22) markl: system capacity and bandwidth belong in a hosting contract, but the rest belongs in a press release, describing how great their facilities are, etc
(00:27:36) markl: but also, the bits where it purports to bind the whole community, rather than cacert inc concern me
(00:27:48) dan: adfinish aren't doing this because they want huge reward - they are offering stuff to us
(00:28:53) markl: I don't doubt their motivations or anything like that... even the opposite, no one is going to read the contract, it would be better to put marketing material into press matter, not a contract
(00:29:09) Q: dan: sure, and we're happy to help them with some advertizing, because their offer is good, but that does not mean you have to hand over the keys to your crown juwels
(00:29:26) dan: oh please - cut the theatrics
(00:29:33) iang: dan: what I don't understand is why, if this is such a good happy thing, they just don't say, ok, rewrite the MoU and let's have a look?
(00:30:36) markl: the NDA is a killer too
(00:30:41) Nik left the room (Leaving.).
(00:30:47) markl: what is it that they propose to share with us which they would be affected by disclosure of?
(00:31:19) dan: perhaps short term marketings stuff - whats the issue if we don't tell anyone what they tell us?
(00:31:54) iang: i think they would like to share their marketing ideas with us ... which is fine, and we can nod and so forth ... but it would be easier for us if the non-disclosure was clearly limited ... for our community
(00:31:54) markl: dan: we would be charting new territory, we have not agreed to be bound by an NDA with anyone to date, so far as I am aware
(00:32:06) Q: dan: it might be theatrical, but it's a fact. If we sign the contract, and they want to end CAcert, they can, simply start a court case. We have no money for lawyers, we have no funding for travel, we have nothing. It's not to say that Adfinis will do this (don't know them good enough). but that's why you write a contract: to protect both parties.
(00:32:15) Q: There is no protection for CAcert in it.
(00:32:43) iang: markl: nod.  there were 2 cases in late 2006 which triggered events ... other than that I'm pretty sure nothing since then.
(00:33:01) markl: my other concern is that we offer things in this proposed contract that we have no infrastructure to deliver
(00:33:52) dan: what infrastructure to deliver? are you saying we can't deliver on the obligations of the contract?
(00:34:52) markl: at 3.1 - Digital Parts
(00:35:30) markl: we have obligations to other parties in relation to some of those advertising spaces too, have they been checked to see that they don't conflict?
(00:36:00) dan: well have yoU?
(00:36:16) Q: markl: you mention a few show-stoppers. I think the offer in itself (hardware and all) is to good to let go. What would it take to make the current proposal acceptable for you?
(00:36:19) markl: also, I don't understand the next section, this 65% stuff... it's fairly poorly written... 65% of what?  65% of the space avaialble for advertising, 65% of the bullet points in 3.1, or what?
(00:36:30) dan: bullet points
(00:36:51) Q: markl: bullet points, was explained in the wiki
(00:37:07) iang: on the face of it, the value of 3.1 seems in excess of the oophaga deal.  To know for sure would require more investigation, but that is my gut feeling
(00:37:31) markl: so, we would need to provide 9 of those 13 bullet points
(00:37:42) Q: iang: we have to pay for power at BIT I think
(00:37:47) markl: one of which we clearly can't commit to providing "E-Mail signatures upon choice and free wish and will by CAcert community members"
(00:38:07) dan: its imatterial if it costs more  - thigns change over time. just because bread cost 1$ 5 years ago doesn't mean we pay it now
(00:38:09) Q: markl: we can, just nobody is obliged to have them
(00:38:10) iang: Q: point
(00:38:17) dan: 'free wish'!
(00:38:36) markl: and who decides if enough people are doing it to satisfy that bullet point?
(00:38:41) dan: if noone is oblighed it doesn't matter
(00:38:45) markl: should not contract things that cannot be controlled by the party
(00:38:50) iang: dan: but not free wish of CAcert Inc.  It has to make a good faith effort to provide this opportunity
(00:38:55) markl: if no one is obligated, it doesnt belong in a contract
(00:39:06) Q: markl: agree
(00:39:59) markl: look, the offer is a very solid offer and the actual end result of all these things is probably worthwhile, but the contract is not business-like, but I understand that there is some objection to a rewrite?
(00:40:28) Q: Markl;: the statement is: it's non-negotiable
(00:40:29) markl: can I ask... who physically wrote this proposed agreement?
(00:40:52) dan: so they way i see this ending is - we put these requests to adfiinish - they say cacert your slow response and petty dealing are tireing me. go away. we walk away with nothing.
(00:41:32) markl: dan: that's the risk you run bringing already completed, "non-negotiatiable" contracts to the board
(00:41:39) Q: agree
(00:41:48) markl: don't put it on us for asking questions
(00:42:04) dan: where have you been mark? this started last year on the last board - what guidance was provided to andreas then?
(00:42:08) Q: This negotiations started a few months ago, was then brought to the board as non-negotiable
(00:42:17) iang: dan: no I don't think it did
(00:42:22) Q: Is a strange way of doing business
(00:42:27) markl: the CAcert-side of this proposal should have worked with us in the beginning, then these could have been solved at the formation stage
(00:42:42) markl: dan: when were we provided with a draft that actually was negotiable?
(00:43:02) markl: it looks from the document like Andreas authored it, when did he submit it to us for review before sending it to the sponser?
(00:43:05) iang: the board of last year was not given a chance to discuss this contract, as far as I recall
(00:43:58) Q: dan: Ernie's and your name is in the contract. Have you seen it before it was sent to the board?
(00:44:01) dan: you  have a proposal that captures our technical needs and adfinis' requirements - its a good a start as any
(00:44:20) Q: dan: no, because it';s non-negotiable
(00:44:20) dan: yes I did as a technical advisor to ti
(00:44:55) Q: So you looked at specs and all. Who looked at legal issues?
(00:44:58) dan: i provided input on the tech obligations as infra lead - i didn't comment on the obligation
(00:45:25) markl: the risk you run of bringing lengthy agreements to the board as a fait accompli is that we might notice something you didn't.. bringing it as something that is non-negotiable is an abuse of the processes we work under... if you brought it to us before and we ignored you, all well and good, the problem is with us, but it looks like the first time this document was presented to us it was non-negotiable, take it or leave it
(00:46:02) markl: I ask again, who authored the document?
(00:46:35) dan: andreas and michael
(00:47:28) markl: ok, so why didn't Andreas bring a draft to us, being that we are the ones that would need to approve it?
(00:48:03) markl: it seems bizarre that someone supposedly representing CAcert's interests would keep the decision makers in the dark about a proposed contract that he is drafting with a sponser
(00:48:05) dan: i invite andreas to the floor
(00:48:38) markl: in fact, it seems down right unprofessional, being that it makes us look like a fool to the sponser, who perhaps Andreas represented himself as having negotiating power for CAcert, without discussing it with us or presenting any proposals or drafts
(00:49:00) Q: hugi, can you comment on the process that was followed by you?
(00:49:14) iang: markl:  that can't be, there is no mandate to enter into negotiations on behalf of the board
(00:49:18) markl: and then to come after that and accuse us of ruining the deal by not rubber stamping this agreement we had no input on, drafted by a member of the community who didn't see fit to share with us what he was doing, is just rude
(00:50:14) Q: Mark, I fully agree.
(00:50:29) Q: However, I'm also looking at ways to secure the offer
(00:50:31) markl: and let me reiterate, the underlying offer seems very, very good, and to be very clear, none of this should reflect on Adfinis or their offer of sponsorship
(00:51:41) iang: for the record, I agree with these points
(00:52:05) Q: I pinged Andreas on a private channel, he's probably already to bed, so will not give input in this meeting
(00:53:41) iang: markl: do you have additional points?  or do we move to summarise and think of next steps?
(00:54:37) Q: Ok, summarize: everyone agrees the underlying offer is very good. So far 3 out of 4 also agree the contract has some issues that need to be adressed. Those three also agree that presenting this offer as "take it or leave it" without any mandate from the board is not professional and just rude.
(00:54:45) markl: that pretty much sums up my point
(00:55:03) iang: nod
(00:55:34) markl: to my mind, if it comes down to "take it or leave it", I'd be inclined to "leave it", in spite of it being a good offer... to do otherwise would encourage this kind of behaviour to get whatever you want rubber stampped in the future
(00:55:45) dan: the take it or leave it came from adfinis - not me
(00:55:46) Q: nod
(00:56:08) Q: dan: I know, it was andreas who wrote that
(00:56:09) dan: well - it said 3.1/2 are negiotationle
(00:56:21) iang: are we in deadlock with this agreement?  If Michael truly does not want to talk any more about this contract, I wonder if we can fix the agreement?
(00:57:01) markl: dan: understood, but this is an agreement drafted mostly by Andreas, from what I can gather from the PDF metadata, so Andreas got us to this point by lack of consultation, I'm not sure what we can do if it truly is "take it or leave it" now from Michael's side
(00:57:10) dan: if i were him i'd see the slowness of the decision making process and want to speed it up by reducing the flexibility
(00:57:38) dan: him - michael 
(00:58:04) iang: dan: i can't see that. If the guy is a businessman who deals every day with contracts, he will have no problem with picking up the phone, and talking through the deal
(00:58:05) markl: the agreement was sent to us 22 April
(00:58:25) dan: and this is your first comment?
(00:58:38) iang: he wants to do a sponsorship deal, which presumably means he's interested in his partners
(00:58:44) markl: it proposes things we've never agreed to before, what is an appropriate time frame for concluding the agreement? a day? a week?
(00:58:47) Q: Slowless? The negotiations started last year, and the result was sent in APril...
(00:59:41) Q: So I'd say we also have some time to think: April 22 was the first moment we heard about it
(01:00:04) markl: right, so if it took four or five months to negotiate, surely we can have 6-8 weeks to finalise the agreement
(01:00:32) iang: well, I'm less worried about how long it takes than whether there is any room to manouver in the non-offer clauses
(01:00:45) markl: dan: sorry, I've been unavailable with some health issues, but not withstanding that, all the things I have to add have already been added by others
(01:00:55) iang: apparently it is take it or leave it, so it matters not how long we're discussing it
(01:01:10) iang: s/not/not to me/
(01:01:41) dan: offer ends end of june as per https://lists.cacert.org/wws/arc/cacert-board/2010-05/msg00040.html
(01:03:05) markl: I think we need to establish some direct communication with Michael, and cut Andreas out as the middleman
(01:03:08) Q: What about an email, stating our view (good underlying offer, not part of negotiations, presented with a proposal, board now looking into it, would like to use it, but have some issues, being a)... ,  b) ... , c) ...
(01:03:24) Q: Yes, I guess so
(01:03:24) markl: he has not appropriately represented our interests to date, so I don't see why we should assume he is now
(01:04:20) dan: i'm sure he presented everying on the wiki last meeting.
(01:04:28) iang: I think it can be cleared up very quickly if Michael were to express his views on the non-negotiability.
(01:04:52) Q: ok, so next steps are ...
(01:05:08) Q: (please let me know what steps to take)
(01:05:26) iang: a.  draft an email to Michael, directly from board
(01:05:42) dan: b. phone andreas and have a big talk
(01:06:06) iang: content as above, but including a comment that we need to negotiate the entire arrangment
(01:07:36) iang: I think that things would move a lot smoother if we got Michael on the phone, as these email things are too easy to misconstrue
(01:07:54) markl: yes, I agree
(01:08:58) Q: Ok, it is 1.00 AM here, and I have to get up early. I think drafting an email and sending it asap would be good, so we have a clear statement
(01:09:09) Q: But I cannot draft one now
(01:09:20) iang: Q: did Bas indicate he was working on that conference call system?
(01:09:36) Q: Then we can try to get him on the phone, and discuss it.
(01:10:01) Q: I can't check Michaels agenda, so we could ask for a convenient moment for him
(01:10:09) iang: nod
(01:10:30) Q: (inag: asked him beginning of the week, but no response to my email until now)
(01:10:46) iang: we can prepare an email ... on public list or private list?
(01:10:53) Q: private
(01:11:08) iang: (thanks.)  OK.
(01:11:34) iang: markl:  do you have time today, or under the gun?
(01:12:01) markl: iang: the latter at the moment, for at least another couple of weeks
(01:12:23) iang: understood.  then I'll pop some words into the private list, and they'll be ready for Q in (his) morning
(01:12:50) Q: Ok, let's close this topic for now. 
(01:12:55) Q: Next: questions.
(01:13:08) Q: Anyone of the public has a question?
(01:13:23) markl: I'd like to move a matter of urgent business
(01:13:47) Q: Please  do
(01:14:05) markl: it's not super urgent, but I'll be quick... I've been charged to my personal bank account $40.75AUD for fees for transferring payments to Oophaga
(01:14:06) iang: nod
(01:14:22) Q: ok
(01:14:36) markl: Westpac incorrectly billed them to my personal account rather than the association's account, and so I'd like to move a motion to reimburse those expenses
(01:14:50) iang: no problem, but also no need
(01:14:52) Q: second and agree
(01:15:02) iang: Treasurer can pay those without a motion
(01:15:29) markl: seeing as I'm the one that actually needed to do the transfer, I wanted to be crystal clear about the authority to do so
(01:15:37) iang: there is a motion in place I think from 2007 board that T can pay anything up to $100 without any further ado
(01:15:50) iang: oh, ok.
(01:15:59) iang: motion is seconded, so AYE from me
(01:16:07) Q: ok, thanks for the transparency
(01:16:36) Q: dan?
(01:16:42) iang: I volunteer to add it to motions system, unless you're already on it?
(01:16:52) markl: iang: thanks, that'd be great
(01:16:56) Q: ok
(01:17:13) Q: Next question. Anyone?
(01:17:57) Q: No one? 
(01:18:03) Q: Next meeting.
(01:18:27) Q: I'll be on vacation for 4 weeks, travelling in the US
(01:18:29) iang: 1st Saturday?  would be 5th June?
(01:19:11) Q: 5th of june would be good, but is in one week. What about 12th June?
(01:19:20) iang: ah, so there will be someone in USA for next meeting, so switching the timezones might be inconvenient
(01:20:18) iang: i'll let others decide ... I personally prefer to stick to the schedules coz I have enough trouble with dealing with shifting dates as it is :-(
(01:21:02) markl: yes, I prefer the schedule too, but for the next few weeks my availability will be somewhat limited, so I don't have a preference in the near future, I'll just do my best to make the meetings I can
(01:21:17) Q: That would be 5th and 20th. (first Saturday, and third Sunday) then, ok?
(01:22:18) Q: Do we have enough for next Saturday? (That is in 6 days...)
(01:22:28) Q: Or just move to Sunday 20th?
(01:23:10) iang: Sunday 20th seems OK to me
(01:23:41) iang: GMT: 21:00 ?
(01:23:49) Q: Ok, Sunday 20th it is. I'll let you know asap if I can make that
(01:24:02) iang: ok
(01:24:04) Q: Yes please, since it's a Sunday
(01:24:06) markl: ok
(01:24:23) Q: I hereby close the meeting, thanks all
(01:24:40) iang: I shall prepare the page for the next meeting
(01:25:19) Q: ok, thanks
(01:25:25) Q: bye all
(01:25:46) markl: cya
(01:33:08) Q left the room (quit: Quit: Leaving.).
(01:33:53) LH left the room (quit: Ping timeout: 180 seconds).
(01:34:42) dirk_g1 left the room (Got to keep moving ...).
(03:20:36) law: Sorry, totally missed meeting. Had it schedules in the regular timeframe next week.

Original meeting transcript in SVN Comment: Replace in original .txt file YYYYMMDD by the real date of the meeting and after that cancel this comment.


Categories:

Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20100530 (last edited 2010-06-24 06:11:37 by SunTzuMelange)