Committee Meeting 2010-08-01
The meeting will take place at 21:00 UTC in the IRC channel #board-meeting on the CAcert IRC network,
Feel free to add a business within the acceptance period or your question to the board below.
Prepare minutes from last meeting. Done.
put motion to accept the minutes. Done.
- Summary of cacert-board-private list since YYYYMMDD and reason for privacy
Update action items
Businesses Important Note: Acceptance of Businesses 48 Hours before beginning of Committee Meeting latest!
AGM progress added by Iang
Oophaga request for plans added by Iang
Treasurer added by Iang
- Mark to pay by credit card. Easy and cheap reimbursement as living in AU.
- Reimbursing Wytze via Paypal acceptable?
m20100723.1 has carried.
Conservatory Practice for CAcert Domains added by Iang
RDL, Document Licence for CAcert Documents added by Iang
- do we need a jurisdiction, such as "all disputes referred to our DRP?"
- other documents? other licences?
Hosting added by Iang
- Correspondence has been reviewed?
- Close out, clean up of documentation, name.
- Other options.
Alternative contract, like this.
- Nick's motion?
Infrastructure Team added by Iang
- falls back to board?
- Question Time
Confirm the next Committee Meeting: Usually every 1st and 3rd Sundays of the month 21:00 UTC.
- Chair closes the Committee Meeting
Present: iang, Aphexer, law and Q (chair)
21:12 Lambert took the chair and opened the meeting. Chair declared a quorum.
Minutes of the last meeting were presented. Motion was extended for 2 days as they had not been read.
21:18 Iang entered notes:
The financial year is is now complete.
We can write the AGM report. Components:
Board's history - PROGRESS: https://wiki.cacert.org/AGM/Diary/2010
Board's story (after above) … it is possible to create a comparison between last year's forward looking statement and what we've done.
Forward Looking Statement.
Finance -- defer until item 3 of agenda.
Team and Indvidual Reports
(Iang volunteers for a preliminary call, if no-one else wants to do it).
Associations Act 2009 requires 3 directors. We should think about how to improve this situation.
swap to Australian federal version (Company Limited by Guarantee?) but requires financial audit every year.
(any) change to the Association's Rules now must incorporate all changes due to AA2009. So if we want any special resolutions for AGM, then we have to carefully review all the rules and get them into alignment. Or, make zero changes....
What is the status of paid-up members?
I'm thinking here about standing for voting at AGM, primarily. Secretary?
Date: End-Oct / Begin-Nov from last meeting.
A lot of work to do! Discussion about the components that had to be created. Iang explained the Forward Looking Statement: we need to report to the Members about the future plans of the Board, as if we were the Board. The next incoming Board cannot report, and it requires guidance on coming in.
Iang agrees to finish the history component by the next meeting, but asks for others to review, especially for controversial topics. Chair summarizes: Iang will create board report's historical component [sic], finish in two weeks. The rest will read and respond within two weeks after the report is sent to us.
Australian Directors: we realize 3 are needed. Iang suggests three options (following on from discussion with Mark):
- create a new class of Australian Directors, with 3 positions. Then, leave the Board as voted in to appoint these positions as necessary.
- recruitment drive. This requires time, activity, some cash.
- re-incorporate under the national version of NSW Association, which is a Company Limited by Guarantee, registered with the federal agency (ASIC?). This requires a lot of research, bureaucratic work, preparation of members, a fair amount of money, as this form requires annual financial audit. It also has to be presented and approved by the members. The membership may or may not like the idea.
Lambert asks if there are enough Australian members for option 1. Iang is unsure. Question for Secretary. Lambert asks Iang and Mark for a proposal on the options. Iang mentions it might be possible for the AGM.
However, before any proposal can come to fruition, we still need to meet the 3 directors threshold. In parallel. Iang proposed:
Resolved, that Mark and Ian research and prepare a proposal describing and comparing our current incorporation, against a possible option to re-incorporate CAcert Inc under the Australian federal equivalent, being a Company, Limited by Guarantee. With intention of presenting this proposal to the membership at the forthcoming AGM.
Seconded by Lambert, all in favor, the Chair declared the motion CARRIED as m20100801.2. It is noted that Alexander voted AYE to the motion, but the voting tool does not as yet reflect his vote.
2.2 Oophaga request for plans
21:52 Oophaga are requesting on the basis of their January letter, and hoping for it by 1st September, being their annual meeting. We need to see the letter and clarify the request. Lambert reports: "update and plans for the future, preferrably a timeline." An update can be made by copying them the information written for the annual report. The plans for the future can be taken from Forward Looking Statement, assuming that it is written in time. Which implies that we need to prepare the Forward Looking Statement in parallel.
On timeline, Lambert expands: "they're interested what our plans are regarding audit and being in the major browsers." Which iang responds is hard because timelines are hard, audit progress is yet to be discussed, and people tend to ask but not contribute. "I think we need to engage them in a more productive discussion. We can only do Audit to the extent that they and the rest of the Community come in and help us."
Some discussion as to how to move forward. Aphexer asks about the DRC page, Iang responds that it only covers the last audit, not updated since then.
Chair deferred 2.2 discussion to email and returned us to 2.1.c, Audit.
2.1.c Audit Status (revisit)
22:18 Iang entered prepared notes on Status of Audit Project:
Hosting: Swiss hosting built, but failed at contract stage. Vienna available, but underutilized. Infra team needs attention.
Policy group has completed remaining set with CCS and SP, reached milestone. We now have around 100 pages of policy (83 + OAP subpolicies)
Co-auditing programme is now on a good foundation (Assurance Officer has doco, process, roles, team, software (CASPER), etc) but not as many ATEs done as hoped.
Audit team: software has been built (CROWDIT) to distribute the criteria, but no formation of team as yet.
Roots, Disaster recovery: proposals sought, but none sufficient.
old software: community is bootstrapping a team, has built a repository, tested and shaking out patching procedures, now doco'd. board appointed 2 new software assessment people.
birdshack: no action (or not much .. I've just started hacking the Java in last week).
(added:) My thoughts are that when the Assurance situation is under control with co-auditing, and the Audit Team is formed and has disclosures started and going ... that we then move to doing a Registration Authority Audit, and defer a Systems or Certification Authority Audit as a second phase.
Lambert asked what is needed before we "hire an auditor"? Iang responded: We need:
- many more ATEs and more co-auditing;
- the starting of a disclosure project (team, collection)
- break up the criteria into two sets for RA + CA, where RA part covers the business and policy as well.
The ATEs are there because they are "our best opportunity for co-auditing. Co-audits are an essential part of the Registration Authority side, where RA is approximately what we would call Assurers."
Lambert asked about what CA software, and for the audit of the CA?. Iang: For the critical software, the existing software is in place, with a new Software team ramping up to support it. Then, there is BirdShack, which is "starting". "We probably need more progress on the Roots and Disaster Recovery projects, as well as the Software projects."
Some discussion on strategic goal; audit required to get into major browsers. Alternative paths are via Linux distributions with new Root Distribution License, and community distribution.
Back to audit. "The Assurance Officer has to do co-auditing of as many assurers as possible," which is why we want to do as many ATEs as we can. Also, "we need to think about how we collect the Audit Discslosures. For the latter part, I (Iang) have written software to collect the Audit Disclosures, called CROWDIT, which is one possible way forward. However, the Audit Team part is not fixed, it can be varied, it hasn't started. So there is a need to discuss it, figure it out, see if we are happy with it."
Lambert says that "we should add this to our 'to do' list then, facilitate co-audits, ATE's." Lambert proposes:
"Resolved, that in order to improve quality of assurances as a required step for audit, the board will promote ATE's and co-audits."
Seconded by Iang, all in favor. Chair declares it CARRIED as m20100801.3.
Mario points to the New Roots project as important. Iang agrees, but notes that it along with the German software team and the Disaster Recovery project are outside his resources. Lambert asks Iang for a one-page brief for Board on the topic of splitting the audit into RA + CA.
22:37 Lambert has talked to Ernie, and received some handover. Ernie recommends Mark to be Treasurer. (Mario, Iang agree) Iang notes that we can now appoint a member to manage a bank account, and only need one signatory. Iang to talk to Mark. Defer to next meeting.
22:40 Lambert posted a motion m20100723.1 to authorize Wytze to pay by Credit Card and reimburse, since accepted. Mario notes that there is no understanding as to how to reimburse Wytze. Paypal is possible, Lambert will ask. Mario asks if Mark can do it, Iang will ask Mark.
Chair summarises: Ian to ask Mark if Mark can pay, Lambert to ask Wytze if he's ok with reimbursment via paypal, ian and I will discuss who will pay Agreed that we limit it to one year, as Treasurer post is open.
Discussion on how many years; Mario says one year is best in absence of a Treasurer, so one year it is.
2.5 Conservatory Practice for CAcert Domains
22:52 Iang presented wip of Conservatory Practice for CAcert Domains as a discussion piece / starter effort. "The essential idea is that members of our Community feel it important to purchase and hold local domains with CAcert's name in them." It is not a policy group issue, this is for CAcert Inc to determine as it refers to Intellectual Property.
Lambert asks for feedback, and from the various domain holders. General agreement to defer it to next meeting.
22:57 Iang enters:
"RDL was voted to DRAFT by policy group. So it goes into effect by Community."
"It is however a licence which is offered by the Association ... so it is probably best that the Board formally get 'on board' with it."
"Hence, I proposed: m20100729.1"
"Secondly, it also involves the withdrawal of the NRP-DaL, our other one."
Iang proposes the motion at this meeting:
Further, CAcert Inc fully withdraws the Non-Related Persons -- Disclaimer and Licence (or NRP-DaL). It is no longer offered, as of the date of this committee motion.
The rights of USE by NRPs will be guided by future ammendments due by policy group in CCA, and in FAQs.
Some discussion about whether to decide in the meeting or outside, for benefit of others. Iang claims that Mark will certainly approve. Lambert seconds the motion, and all are in favor: Lambert, Mario, Iang, Aphexer. Chair declares the motion CARRIED as m20100729.1.
Iang introduces a decision by policy group p20100722 "policy group proposes to the Board CC-by-sa for all policies." This licence is Creative Commons - Attribution - Share-alike, so it is similar to GPL in effect. Iang notes that the policy group prepares the policies, but it does not own the policies. According to PoP, full licence or ownership is transferred to CAcert Inc. Therefore this is a decision of the Board of CAcert Inc.
General agreement that more time was needed and the item was deferred until next meeting.
23:12 Lambert posted a summary on private list, and states there is no indicated contract and no future liabilities. Iang suggests we accept the termination, however it is written. Some discussion over a motion, and Iang proposes:
Resolved, that we note the withdrawal of the offer of hosting, and thank the Sponsor for the time and effort of preparing this offer. We have reviewed the documentation and resolve that there (a) are no outstanding issues to resolve, and that (b) no contract was formed. Board agrees to archive any documentation and to minimise the appearance of the sponsor's name in our public services (wiki, etc).
Lambert seconds, all voted Aye, Chair declares the motion CARRIED as m20100801.4.
Nick posted a motion which gained little acceptance. (it expired as unaccepted.)
2.8 Infrastructure Team
23:24 Dan has resigned as infrastructure team. Mario reports that he has some access to systems (lists, email password reset) but no OS level. Mario indicates he can step in but he lacks time. Philipp G is the only one with hosting access. But his time is limited so we need to staff up the team. Mario agrees to write down ideas and share them on the sysadm list.
Lambert adds that a "thank you" to Dan is also good, and also to Ernie. Agreed that Lambert do that, with our blessing.
23:32 Chair hands over from Lambert to Iang.
Mario asks who else can help. Discussion on Philipp D, (Iang), Philipp G, Jan. A question as to whether Dan has also given up the mail admin role, Mario thinks so. Mario to check, also with Philipp G. A question as to whether we can give access to the mail systems. It is all infrastructure, outside Security Policy, so the Infrastructure team leader can decide, which is now the Board.
Mario summarises: I (Mario) will try to talk to PG during the next days to get his view on this. Then I will try to find new infra admins. Maybe I would request access for myself if no one is available.
3. Question Time
23:43 Ulrich asks for "Board to confirm the removal of some Arbitrators for non-responsiveness" to be put on the Agenda for next meeting.
magi points to www board list and suggests changes to list of committee members. Iang suggests that the page be redirected to wiki/Board. Question arises how to change it. Ulrich reports that the new update mechanism isn't working as yet, and predicts 1-3 months needed. Also, same problem as with changed or new Policies. There are a bunch of changes that can be done simply, except for the process.
Long discussion over whether it is better to wait for the procedures or to bypass via the critical sysadms. We need better content management, aside from software changes. We can't do this today, or even step-by-step. Software between HTTP content and HTTPS secure is in common, and so is the database.
Agreed to change the names as per current decisions, Mario to send email.
Iang asks about BirdShack repository, as he's been coding. Options are: dev.cacert.cl redmime, main SVN, new GIT or another. Law opines that GIT is the future. Question of access to new GIT was unanswerable, Mario to chase. Iang to put code into SVN. Mario made a backup of dev.cacert.cl .
Meeting closed around 00:36.
Chair closed the meeting.
Post meeting transcript here!
Original meeting transcript in SVN Comment: Replace in original .txt file YYYYMMDD by the real date of the meeting and after that cancel this comment.