Committee Meeting 2012-03-18
The meeting will take place at 20:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.
Committee Members: feel free to add a business within the acceptance period or your question to the board below. Others: add a question to the questions section.
Minutes author prepares the minutes from the last meeting
Minutes author prepares the action items. All action owners to update.
Minutes author puts motion m20120314.1 to accept the minutes
Businesses Important Note: Acceptance of Businesses 48 Hours before beginning of Committee Meeting latest!
Preparation for Audit Piers
There has been a long standing ActionItem entitled Preparation for Audit - summary email to board which I've inherited as current President. I'd like the board to consider the state of play on our Audit to help me draft the statement.
- Exec order has been sent to Treasurer following intermediate ruling #1 dated 2012-03-08
- Until today (2012-03-15), no exec report has been received by arbitration.
- Deadline set by Paypal for this issue to resolve: 2012-03-26
- Exec request to (Treasurer, Board (escalation)) renewed under intermediate ruling #2, dated 2012-03-15
- 2012-03-15 (Support): [s20120315.59] (Paypal) Dispute Closed: Case no. PP-...
- 2012-03-15 (Treasurer): response to exec request intermediate ruling #1 and #2, case handled last night
- add additional signatories / expand team for Treasurer.
- correct contact name in paypal account?
- Put new TTP Program for US live
- Assurance Officer (AO) and Organisation Assurance Officer (OAO) suggest to start the new TTP Program with the first part the TTP Assurance. the TTP TOPUP process is still under development. The aim is for the first part is to enable people to reach the 50 Points over TTP assurances. If some one gets two TTP assurances he will have 70 points. The remaining 30 points left could be made by one or two experienced Assurers.
- According to the TTP Policy  4.2 AO together with OAO suggest to approve only the Notary Public as the only allowed Trusted Third Party for the USA  as a Notary Public is authorized by law to perform
- six basic duties:
- Administer oaths or affirmations
- Take acknowledgments
- Attest to photocopies of certain documents
- Solemnize marriage (only in some states)
- Verify vehicle identification numbers (V INs)(only in some states)
- Certify the contents of a safe-deposit box
- AO and OAO prepared a TTP CAP form for the US together with a group of CAcert Assurers that are Notary Public themself. At present this TTP CAP
- form is only available through a TTP Admin. Later the TTP CAP should be generated from the WebDB.
- AO and OAO nominates the following Assurers as TTP Assurers as they fulfill the requirements and are familiar with the process. The requirements according to TTP Policy 4.1 TTP Assurer needs to be Senior Assurer . :
- Ian Grigg
- Jeffery Frederick
- Marcus Maengel
- Ulrich Schroeter These are just the starting TTP Admins. As TTP program is roled out and more countries are covered and the first experiences are gathered there have to be more TTP Admins to follow.
More information can be found:
- New contact person for Paypal by Werner Dworak
- Obviously Robert Cruikshank is still listed as contact person for Paypal. This should be changed to an active and reliable CAcert member.
Future of several infrastructure services -- MichaelTänzer 2012-03-16 14:00:13
Mario has requested for an explicit decision from board to shut down services as mentioned in https://lists.cacert.org/wws/arc/cacert-board-private/2012-03/msg00027.html The following services are to be shut down:
- Gooze Project
Questions form access engineers -- RaoulXavierBoerlage, Late business, 2012-03-18 10:30 UTC
I met whiff Bas and Hans Saturday and they had two questions.
- How to handle the hard-disc's that already have failed. And how to handle in new occasions.
- How do we rework the escrow situation for now. (This question came also up in the mini-top at Fosdem 2012.)
Business added by Your Name Comment: Replace "Business One" by Title of Business and add your Name
Additional Inputs Comment: Replace "Additional Inputs"by Description of Business, Description of Reason-Why/Purpose, Additional Comments, Additional Documents, Additional Links, if useful for other Committee Members to prepare for Committee Meeting.
- et cetera
Question Time Important Note: Questions from CAcert.org Community Members can be added until beginning of Committee Meeting! As well questions can be asked at "Question Time", without added Question here
Question One added by Your Name Comment: Replace "Question One" by Your Question and add your Name
- et cetera
Confirm the next Committee Meeting: Usually every 2nd and 4th Friday of the month 20:00 UTC.
- Chair closes the Committee Meeting
- Jeffery (left during item 2.3)
- Piers (left during item 3)
- Raoul (came during item 1.4)
Piers chairs the meeting. Michael took over after Piers left during item 3.
1.2 Minutes from last meeting
Accepted by m20120314.1.
1.3 Minute taker
Michael will take the minutes.
1.4 Disclosure of private discussions
Some more information for the Permissions Review from the Infrastructure Team Leader. Will also be handled as agenda item 2.5.
A request from Arbitration for board action in a PayPal issue. Handled as agenda item 2.2.
A proposal for a new role called "Supervisor General"
Report from the Sydney groups coffee meeting
1.5 Action items
No changes apart from the ones explicitly handled as agenda items.
2.1 Summary email on the state of Audit
Piers inherited the task of writing a summary email to the board, containing the state of the preparations for the Audit. This topic also was raised in the private discussion list recently. It was agreed that the discussion could be continued in public meeting.
The claim is that it will take us a long time until we are able to pass an Audit (if that moment ever comes) so we need to drop Audit as a focus and think about what we can do in the mean time. One issue would be working on making the CAcert root easier to install. Tomáš raised concerns about dropping Audit as a focus. Ian noted that this board will not be able to advance the Audit goal very much further in its term. Generally it was agreed that several areas needed attention and work to make some progress. Identified areas:
Software – there are some efforts to overhaul but it certainly takes a few years
New Roots – really generating new production roots only makes sense when everything else is in order, but we have to think about the escrow and having a test run can't hurt
Arbitration – Arbitration is currently on very few resources. There are only 2 active Arbitrators. There seem to be two ways to solve this: by getting new people into Arbitration and by lowering the load on Arbitration
Piers offered to write an initial summary of the audit situation to board-private for review (the reviewed document should be published).
2.2 Escalation of Arbitration case execution order
Ulrich sent an execution order to Treasurer in Arbitration case a20120305.1 to refund a PayPal payment. The order was not executed at first, then after a reminder from Ulrich, Mario did execute the order. The account credentials for PayPal have not been properly transferred to the current Treasurer Jeffery. The motion m20120325.1 (passed) explicitly authorises the transfer of the PayPal credentials to the current Treasurer although it is generally seen as part of the role of the Treasurer to hold those credentials and therefore no extra authorisation would be needed. To avoid such transfer issues in the future there were some proposals to form a Team to support the Treasurer that doesn't change when the Treasurer changes.
Another issue is that the PayPal account is a personal account naming Robert Cruikshank "doing business as". Jeffery will investigate on how to transfer this into a business account or change the contact person.
2.3 TTP programme
Uli: The new TTP-assisted-assurance policy is now 1.5 years old, but has not been deployed so far. So now we're moving to bring it active for Part I, that TTP-assisted-assurance for countries USA and Australia. We've investigated the potential TTPs and we have a core starting team to get the first TTP-assurances passed. So board has to pass a motion about the proposed TTP group for the country and board has to nominate the first 4 TTP Admins.
The TTP programme will be handled outside the software like the password recovery with Assurance until it is implemented in the software.
As of m20120325.2 (passed) Ian, Jeffery, Marcus and Uli are the initial TTP Admins. Motions m20120325.3 (passed) and m20120325.4 (passed) establish the proposed TTPs in the US and Australia respectively.
2.4 Change contact person in PayPal account
Was already dealt with in item 2.2.
2.5 Future of infrastructure services
Mario: CAcert is low on active members. Managing all kinds of services in CAcert infrastructure requires some resources. Some tasks are taken by members who have also things to do in other important areas of CAcert. To minimize the load the services run by CAcert on its infrastructure should be limited to those important for the operation of CAcert in regard of its main goals. Therefore, services not meeting the requirements and are actively maintained should be shut down and services not satisfying the requirements should not be set up. Remaining services need to be brought again to actively maintained state. Active people are essential for sysadmin tasks. Therefore I propose changes as proposed to cacert-board-private. I am asking board for supporting this, since it touches the principles what is provided for infrastructure and there are a lot of actions to be taken in bulk.
There was some discussion about several servers that should be shut down:
to our knowledge dupes is not heavily used and the critical system checks for the Debian vulnerability nowadays
- board.cacert.org once featured a sql-ledger installation, it is up to Jeffery to decide if he wants to reactivate it
- IRC will be taken over by Raoul, some board members where uncomfortable with switching to an external service (e.g. Freenode) for this
Translingo has no remaining active projects (CAcert switched to Pootle a short while ago)
The changes were approved in m20120327.1 (passed).
The team leader was trusted with and given responsibility for the removal and addition of infrastructure admins because board has no idea who of the admins is active or not.
2.6 Update on Gooze negotiations
Marcus gave an update on the negotiations with Gooze: Gooze offered to create 10.000 tokens with logos on their risk. These can be bought over their website. CAcert gets a 5 EUR share of each sold. We will also be able to get some tokens for selling them at booth events. Gooze will take the whole risk [of investment].
Caveats: Exclusivity for one year, more or less 5 EUR per order not per token.
Exact contract is not yet ready (e.g. contract partner still open, Secure-U preferred). Marcus will negotiate the detailed contract. In m20120327.2 it was decided to include the branding as it is free to us and might increase the user tie.
2.7 Hard disk destruction
Raoul met with the Access Engineers and they asked how hard disks should be destroyed. SP offers only little guidance (§188.8.131.52). There is a procedure described in the wiki and an Arbitration about a case where this could not be applied. Ian also mentioned that they might want to talk to Mendel.
The question of escrow was deferred to the mailing list.
3 Question time
Philipp Gühring is inactive and a past motion m20110515.5 authorised to remove him from the access lists.
What to do with research.cacert.org? No one knows what it does, maybe it once was a pointer to http://www.cacert.at/cgi-bin/rngresults so it should be removed from the DNS.
4.1 Next Meeting
Friday the 30th of March 2012 20:00 UTC
Meeting closed at 22:20 UTC
m20120314.1: Accept minutes for 2012-03-02
m20120325.1: PayPal crendentials transfer
m20120325.2: Initial TTP Admin Team
m20120325.3: TTPs in the USA
m20120325.4: TTPs in Australia
m20120327.1: Shut down infrastructure services
m20120327.2: Branding of crypto token