Committee Meeting 2011-05-01
The meeting will take place at 21:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.
Committee Members: feel free to add a business within the acceptance period or your question to the board below. Others: add a question to the questions section.
Minutes author prepares the minutes from the last meeting
Minutes author prepares the action items. All action owners to update.
Minutes author puts motion m20110501.1 to accept the minutes
Businesses Important Note: Acceptance of Businesses 48 Hours before beginning of Committee Meeting latest!
- Privacy Officer
- Security Officer
- Proposal by Benedikt H: I also thought about getting a new position of the Security Officer - as staff unit - reporting to the board. (S)He should be responsible to make sure, CAcert is act upon the most strict data privacy rule in the world, to fulfil not only Australian regulations, but world wide. Another important task would be the implementation of an ISMS (IT Security Management System) based on ISO 27001. However, this job can be defined and filled after the big projects are up and running smoother than now.
Action / Projects plan: http://wiki.cacert.org/OverviewProjectsBoard wiki page
- Proposal by Benedikt H: All the projects - lead by a project manager and supported by Public Relations - need to be coordinated by a program manager (supported by a PMO). The program manager should be in charge of a budget and a sufficient workforce. He directly reports to the board, to reach the goal: Audition passed faster.
- Infrastructure / Critical Systems
- Declare systems Backup, CRL, Hopper, Logger (critical) critical
- FYI: Progress on infrastructure migration to new host. Host setup, first systems to move
- a20101025.1: Execute relief by board order: Resolved, that all list posts / threads by claimant of a20101025.1 are deleted.
Incident Report following SP 5.6 under a20110428.1 (Ulrich)
- Marcus Mängel for OAO
- Proposed by Mario, seconded by AO, accepted by Marcus
Question Time Important Note: Questions from CAcert.org Community Members can be added until beginning of Committee Meeting! As well questions can be asked at "Question Time", without added Question here
Question One added by Your Name Comment: Replace "Question One" by Your Question and add your Name
- et cetera
Confirm the next Committee Meeting: Usually every 1st and 3rd Sunday of the month 21:00 UTC.
- Chair closes the Committee Meeting
Present: Alexander, Dirk, Lambert, Mario, Peter, Piers. Apologies: Ian
Meeting chaired by Mario.
Minutes from last meeting accepted m20110501.1
Piers to take minutes.
Nothing on private list to discuss.
1.5 Action items
The bank has accepted the new office holders to allow access. Formalities regarding on-line access being arranged.
Peter to prepare SGM minutes.
2.1 Privacy Officer & 2.2 Security Officer
No-one available to fill either role, so discussion postponed to next meeting with Ian present.
2.3 Action / Projects plan
Discussed proposal by Benedikt. Good structure, but CAcert lacks resources to do it that way. Discussed motivating testers and arbitrators. Need suggestions from community on what actions the Board can take. Board's tasks to be made explicit on the wiki.
Action item: Any board member to pick three items he wants to monitor and report to board if necessary.
Ulrich brought up the issue that we don't enough active people in many teams. Chair pointed out that PR is an endless topic and best discussed outside board meeting. Issue postponed to next meeting.
2.5 a20101025.1: Execute relief by board order
This is an issue because of HR problems in Arbitration. Mario agreed to delete the posts quickly to protect us from further damage.
2.6. Incident Report following SP 5.6 under a20110428.1 (Ulrich)
FYI from Ulrich: this is the 2nd time within a 2 months period a Triage member forwarded a Support ticket to the public mailing list with PII. The case is under arbitration ... member whose infos posted gets informed, the case is ongoing.
2.7. Marcus Mängel for OAO
Motion: accept Marcus as OAO.
3.1 Secret ballot scheme for SGM
Discussed on sysadmins list.
3.2 Class3 update
Short version of what has been done: resign the old class 3 with sha256. New class 3 is accepted by clients. But people who imported the old class 3 need to reimport the new one manually.
To be put on agenda for next meeting: issuing of new class 3 root.
3.3 Need to reply to Oophaga's letter
Lambert to prepare first draft and circulate it.
4.1 Next meeting
m20110501.1: Accept previous minutes
m20110501.2: New critical systems
m20110501.4: Marcus Mängel for OAO