Committee Meeting 2010-10-03
The meeting will take place:
in the IRC channel #board-meeting on the CAcert IRC network.
Feel free to add a business within the acceptance period or your question to the board below.
- Chair opens the Committee Meeting
- Who is making minutes?
Chair asks whether cacert-board-private maillist includes any items that need to be disclosed to Members.
Chair introduces the URL of action items to the meeting, and asks for discussion.
Businesses Important Note: Acceptance of Businesses 48 Hours before beginning of Committee Meeting latest!
AGM report progress added by Iang
- Financial Report
- ready for date?
Oz situation added by Iang
Copyright and Licence of Documents
- Default CC licence?
Audit next steps added by Iang
CrowdIt disclosure system.
How to bootstrap OA for Belgium added by AlexanderPrinsier
- Currently only one OA for Belgium
- Another assurer wants to become OA, but need two OAs to sign-off.
- Can board allow an exception (maybe with help of arbitrator)?
Business added by Your Name Comment: Replace "Business One" by Title of Business and add your Name
Additional Inputs Comment: Replace "Additional Inputs"by Description of Business, Description of Reason-Why/Purpose, Additional Comments, Additional Documents, Additional Links, if useful for other Committee Members to prepare for Committee Meeting.
Question Time Important Note: Questions from CAcert.org Community Members can be added until beginning of Committee Meeting! As well questions can be asked at "Question Time", without added Question here
Question One added by Your Name Comment: Replace "Question One" by Your Question and add your Name
- et cetera
Confirm the next Committee Meeting: Sunday 24th 09:30 UTC.
- Chair closes the Committee Meeting
Present: Q, Iang.
Absent: Mark, Nick, Alexander, Law.
No quorum was found, so meeting was adjourned until 20101010, same time.
Present: Iang, Q, Law
Absent: Mark, Nick, Alexander.
- 11:32 Chair opened meeting.
- Iang accepted the Minutes again.
- Chair asked for commentary on private items; Mark was not present, so no comment was forthcoming (on his post).
Chair opened discussion on action items. Lambert reported progress in pinging Arbitrators, one left to ping. Law reported that SQL ledger had been installed but there was a firewall issue to resolve. Chair established the practice that each person is responsible for updating their own items.
2.1 AGM report progress
Iang reported Mark out of circulation for the time being. Chair defers the Financial Reports item. Some discussion about where we are with reports: around 6, with a good first cut of the board's report. The topic of text layout was raised. Lambert to confer with Ernie, as the layout designer of last year's report.
2.2 Oz situation
Iang reports on 2.2.a, ATEs:
2 members accepted our invitations and joined. Both are in Sydney. Secretary has to do the final part.
I have an ATE in 2 days time in Canberra. Looks smaller than normal, but Canberra is only a town of 350k or so. I have resolved one issue with Public Liability Insurance. It seems that all facilities in Australia now have to be covered by PLI. Because people sue for stubbing their toe, I suppose. Then, insurers make sure that hall owners don't let anyone in through the cracks, so it spreads, viral like. Resolved by discussion and change of paradigm, they kindly invited us as people.
No luck so far in others, although I haven't tried as hard as I might. Two people in Melbourne are trying to line something up. More as it happens.
There is some resistance on the members' list to the ATE. It might just be Dan, or it might be other people as well. I'd encourage you all to jump in there and explain why you feel it is important.
2.2.b was covered by Mark's post during week.
Some discussion on PLI. It is for hiring facilities. Law mentioned that we had decided to be invitees as individuals rather than hirers as an org in the future. Iang to look up details.
2.3 Copyright and License of Documents
Iang enters prepared notes:
Someone has asked for the right to hack the flyer that was distributed at events over the last 2-3 years. There appear to be several issues:
As with the recent debate, CAcert Inc owns the documentation, because much of it was done to CCA which passes it across in the act of contribution.
But CAcert Inc has not ever written out the licence for passing it back, something it was supposed to do as the quid-pro-quo of getting it in the first place. So we should discuss such a licence.
I suggest we do the same thing as with PoP recently, and license our documentation under CC-by-sa, with Australia-3.0, and under the DRP for dispute resolutions. (I'm not strongly for this, I just think it's easy enough and we've got more important arguments to have :)
Then, the flyer may have been written before the 2007 TOP in which case, it predates the CCA. Henrik says that he and Jens wrote it, which matches my recollection. Henrik also sayd that it is under CC-by-sa (*). If we agree with that assessment, there is no issue. But there is also a suggestion that we have the flyer re-written so that it is clearly under the new CCA regime, and we don't need to discuss it anymore.
Discussion. Should we publish general doco under CC-by-sa? Mario: yes. This covers things like documentation in main website, wiki, SVN, as long as it was done after CCA came into effect (September 2007). This selection would be the same as our recent decision for policies (which have a special regime under PoP).
What to do about private documentation? Lambert says this should be put to the full board. Mario says privacy info will be covered by policy so not covered. Iang suggests asking the team leaders, and about notifying our intent. Iang to prepare a wider ping / motion.
2.4 Audit next steps
Iang entered prepared notes:
As discussed in the upcoming Audit report, we now have in place the elements and systems for an RA audit. All IMHO of course.
What remains to be done is this:
Make a lot of disclosures against the criteria,
Find an auditor to do the review of disclosures, criteria, policies, practices etc.
Doing disclosures is a lot of work. Each disclosure requires a good solid understanding of the topic, and some familiarity with the thinking of the Audit process. This is stuff for our Senior Assurers to get their teeth into.
One barrier to all this is the sheer size. 150 odd criteria is too much for any one person. However we can break it up and distribute it.
So what I've done is turned the old Audit criteria browser into something like an audit criteria comment system. Like a blog, where all the posts are criteria, and any one can comment to make a disclosure.
See an example (NOTE you need to hit login, top left, to see the page.)
Clicking on Make a new Disclosure allows anyone to enter their comment in as to how we meet the statement. In this case, it would be finding the relevant text in the Assurance Policy, and referring to it or cut&pasting it to make a small cohesive story. Here's an example with a disclosure already. See also AGM report
It's very basic. Clunky, and can be improved but it should be enough to get up and going. The reason it is so simple always comes down to resources: I can only do a little work on this, so I have to cut corners.
Now, the issue for us all is two-fold.
Firstly, the positive: we need to encourage people to help and fill out these disclosures. If each senior person were to do one of the criteria, we could probably do the whole lot at that rate. So think about which areas you can do, what you're most familiar with, and poke around. Ask me. I think others will come in when they see activity; typically people want to join a live working project, not a risky thing. So we need to lead, I think. To that end, I've made a small start.
Secondly, the negative. Likely there will be grumbles. There are sometimes criticisms passed around, and these consume time. It would be useful if the board members could deal with that criticism.
I'm open to making any changes, but I'm more open if there is positive support! I'm not really interested in demands for this or that or the other, if there is no positive contribution. I'd rather spend my efforts elsewhere than in changing the colour coz some people think pink isn't this year's hot social networking colour.
- Q asked why it is not on a CAcert system? Iang stated that there has been problems with the infra systems in the past; he cited the old audit browser which had to be moved three times, where as Philipp D provided a more stable system. Also, the framework of the codebase is a client-cert software that is shared with the fiddle project, which was originally set up as an experiment in Assurer-run systems, deliberately outsourced outside the formal teams. This has worked well.
Q asked what type of information? Disclosures from Assurers, which are CARS that are protected by the client-cert access, so only people with CAcert client certs can see them. There is also other information on the system based on fiddle apps, which can be integrated, for example with the fiddle question scores (called Mini-Challenge).
Is it covered by Arbitration? Yes, by declaration on the first login page, all access or disputes is covered by CAcert's Arbitration. Law objects to use of Arbitration for random users. Iang reminds of a debate on Policy Group as to whether all CAcert-related stuff was always covered. (Inserted after meeting: CCA3.2 says "arising out of or in connection to our use of CAcert services.") Policy Group was of the consensus that no, only "services relating" is always covered as per the CCA. "So, fiddle.it makes a direct declaration to place it under Arbitration, resolving that question."
- Law points out that any random website could refer to CAcert Arbitration. Iang responds, yes, this is how jurisdiction generally works, and the response of the Arbitrator would generally be a fast dismissal. Anyone can file a dispute.
- Law suggests that if the system is important it should be controlled by CAcert Inc. Iang points to policies, ATEs, co-audits, as an example of how we do not follow that principle. However these things are within the reach of the Arbitrator. Law suggests that these are not "systems." Iang asks whether there is a difference between "software systems" and reporting systems, or whether we are biased by our technical background?
- Law suggests users will complain about submitting their data to a "foreign" system. Iang suggests this has already happened, and they declined to submit data.
- Law points out that the reason why he wants CAcert to control the systems is that users vanish and access is lost. Iang responds that this happens with CAcert systems as well, and that control != reliability.
Q summarises the questions on the table:
- the approach to split criteria, and have assurers verify them as step into audit, and
- the discussion where such a system has to reside?
Agreement. Q notes that the second is an important issue for the future, Iang responds it was since 2006. Iang notes for the Minutes that he has brought issue 1 to the table, and Law or Q has raised issue 2.
Q states that he thinks he understands the nature of the system and asks to play with it. Some discussion on whether it is in production, Iang is not sure on that point. A CARS Disclosure is a serious thing, and will require a way to edit or drop. This is a missing feature, and Iang is not sure how to do that as yet, would prefer to see how usage develops. Disclosures can be edited, snapshotted or similar under the covers. Iang suggests just go ahead and play with it, we can clean things up later.
2.5 How to bootstrap OA for Belgium
Q suggests deferring, or passing it out of the meeting. Iang suggests asking for a summary from Alexander, then re-posting the item. Agreed.
- No questions from the members.
- 13:12 Chair closed the Committee Meeting
m20101011.1 - accept the minutes