Committee Meeting 2021-09-02 (2021-09-03 in Australia)

The meeting will take place at 20:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.

Northern Winter: 08:00 PM GMT = 21:00 CET = 15:00 New York EST = 07:00 Australia AEDT
Northern Summer: 08:00 PM GMT = 22:00 CEST = 16:00 New York EDT = 06:00 Australia AEST

Feel free to add a business item within the acceptance period of 48 hours or your question to the board below. Non-committee members: the committee may choose to convert any business proposed as a question in the questions section.

During the meeting, the following two additional channels are open to all members: (LINK WILL BE ADJUSTED BEFORE THE MEETING)

Agenda

  1. Preliminaries
    1. Chair opens the Committee Meeting

    2. Who is making minutes? (Writing minutes in real time)

    3. Is there a time limit? Who is time keeper?

    4. Chair asks whether cacert-board-private or cacert-board maillist includes any items that need to be disclosed to Members.

    5. Accept minutes from 01.07.2021 "I move to accept the minutes of the committee meeting of 1st July 2021."

  2. Business

    Acceptance of new business items no later than 48 hours before the start of the committee meeting!

    1. Secretary's Office (Ongoing subjects)

      1. CCA change. information of community -- Draft sent to board on 27-02-2021; accept the new paragraph, sent recently by e-Mail (secretary, critical / as the signer is running again, this topic is in work again. goal: september)

      2. register statutes changes at OFT (started after AGM): details with OFT OK, form prepared, waiting for legal confirmation. (secretary / to skip, still pending, legal confirmation takes more time than expected - secretary recontacted barrister. Time limit: 31.8.2021. Will see the barrister on 3.9.2021 (tomorrow))
    2. Infrastructure
      1. Signer (Info; ideas? strategy? information?) (Dirk, Etienne)
        • We need volunteers, who are able to review code (not only PHP or Perl, but newer languages like GO, too). And we need volunteers, who are able to run tests as soon as a new signer software is written and installed on our test-systems.
      2. Nextcloud (who?)
      3. New requirements, software and systems (JanDD)
        • My hope is that we can get a more professionally maintained infrastructure (critical and non-critical), functioning software development and assessment teams and proper requirements engineering, before we put more work on the shoulders of our teams (and yes supporting more fresh people is a burden that keeps us from getting our important stuff done in the mentioned areas).
    3. Background Check:
      1. (no candidates)
    4. AGM 13. Nov 2021 (no information at the moment, more will follow during September by the Secretary)
      1. 20:00 GMT = Geneva 21 h 00 = Sydney 07 h 00 DST = Greenwich (London) 20 h 00 = New York 15 h 00

      2. Even if the AGM will be held online, you may want to visit Geneva (or for your business trips or some "stay-at-home-holidays"), using this link: http://www.booking.com/index.html?aid=346253

      3. see the timeline here: https://wiki.cacert.org/AGM/Next

    5. Staffing the teams
      1. Applicants to the Infrastructure team
      2. Applicants to the Development team
      3. Applicant to the Critical team
    6. Finance team

      1. Info (details here (Michael)

    7. Software Team

      1. Issue 1502: Adapt the UI at CAcert.org to deal with the "keygen" feature having been removed in browsers (who is in charge?)

      2. Issue 1482: Limit validity period of new HTTPS certificates to one year

      3. Issue 1444: PHP - Brian

      4. Issue 1417: Keygen / new CSR software - Bernhard

    8. Organisation Assurance
      1. How to relance OrgA? / Comment relancer OrgA? (Guy)
    9. Grant applications

      1. Protopype Fund https://prototypefund.de/en/ (mail to SW Board only)

        1. The Prototype Fund is a project of the Open Knowledge Foundation Germany, funded by the Federal Ministry of Education and Research (BMBF). This is for residents of Germany only. We could create a group of people that work on a project for CAcert (with all support of the others in the background). It runs for two more years, every 6 month.
        2. Infra does not see any acute need at the moment, and does not have the capacity to provide qualified support.
        3. There are some ideas for software, but in infra's view there is still a lot of conceptual and preparatory work missing. What Infra could imagine is financing people to carry out a requirements analysis and write a requirements and test specification. This could then be used as a basis for a new implementation of the CAcert software (WebDB, Signer and perhaps other things like CATS). But these are just a few ideas of JanDD and he cannot currently recommend any people who would be suitable for this. Potential candidates would have to deal intensively with the existing software on the one hand and with the underlying policies on the other, and would have to identify a lot of missing information, ask for it and make assumptions for discussion. This requires very good analytical and communication skills and a high level of stamina.
  3. Blockchain

    1. see here: https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2018-03-01/ideas#Blockchain (waiting for answer from IanG)

  4. Question Time

    Questions from CAcert.org community members can be added until beginning of committee meeting! As well questions can be asked at "Question Time", without added question here.

    1. I notice that the database is polluted with assurers that are no longer responding. I think it would be useful if once a year all the assurers that did not assure that year are addressed with the question whether they still want to stay listed. (ctjacobs, NL)
      • It is annoying when assurers do not respond. On the other hand, one should ask: why do they no longer answer? Did they say goodbye but not log off? Or are they waiting for better times and just pretending to be asleep until then? Or was now simply the wrong moment, a bad time? (secretary)
    2. Linux Australia is looking for sessions for the online conference in january: LCA2021. Who could propose one? (Etienne)

    3. "Question One." added by Your Name Comment: Replace "Question One" by your Question and add your name

      • ..
    4. Closing
      1. Agree on date of the next Committee Meeting: (30. Sept or) 7. Okt 2021
      2. Following meetings: (30. Sept or) 7. Okt, (30. Okt or) 7. Nov

Logfile

Logfile from meeting 2021-09-07

Minutes

Present

Members of the Committee:

Present, by alphabetical order

Absent or silent, by alphabetical order

Members of the CAcert community and other guests

Committee meeting

Our chair, Brian, opened the meeting at 20:03 UTC.

Acceptance of minutes

1. Motion to accept minutes from 05.08.2021

The vote was postponed to the next meeting, as a typo in the today agenda called for a motion regarding the Minutes of July, instead of the minutes of August.

Ongoing stuff

Statement of withdrawal from Australia to the Australian OFT: Etienne is in contact with a barrister. The procedure is ongoing.

Hardware & Software

Making the signer and sun2 working back

Dirk explains that "the last issue was a certificate issue, which could happen any time again, but can be resolved remotely"; "this can't be fixed without changing the database from iso... to utf8 and rewriting parts (or all) of the signer software".

As a side note, Dirk explains that "we have a new issue: sun2 (running www.cacert.org is unresponsive since this morning"; "sun2 is the www.cacert.org-machine in the datacenter"; "the web site is down, no one can get to the signer anyway."

In order to replace the failing drive on sun2, Dirk proposes to buy a 240GB capacity SSD. He proposes as well to upgrade the switches in the datacenter, from CISCO 100MB/s to CISCO 1000MB/s ports models.

Both proposals are approved.

Software deployement

Jan and Brian wrote comprehensive emails about possible applications to be updated or installed by the Infrastructure team:

Jan's mail: https://lists.cacert.org/wws/arc/cacert-board-private/2021-08/msg00030.html

Brian's mail: https://lists.cacert.org/wws/arc/cacert-board-private/2021-09/msg00002.html

Staffing our teams

Inclusion of new volunteers in the teams: Frederic explains that:

1) Gero is going to pass his background check with Bernhard and Dirk in the second part of September. Then he will be invited to join be a Software Engineer and then be able to complete code reviews.

2) Mathias is doing triage with Ales at the moment. But he has the potential to be welcomed quickly as a Support Engineer. We should not let him without a perspective to do for CAcert something more insteresting than just dispatching trouble tickets.

3) Tim delivered a Java based tools for easily generate CSRs. We never assessed his code, Tim did not joined our last Software development team, but wrote to me later, asking for feedback from our side.

Registrar

Dirk proposed to transfer our .org, .net, .com domains to another registrar.

Frederic proposed Infomaniak. Etienne confirms that Infomaniak is a solid company.

Frederic's mail: https://lists.cacert.org/wws/arc/cacert-board/2021-08/msg00031.html

It is a top level registrar, one of the five in Switzerland accredited to ICANN;

It is a company subject to Swiss law;

It is a company that has demonstrated its stability, with a good reputation in the field of privacy;

Its user interface is accessible in the 5 main languages;

Its administration interface offers all desirable options.

Dirk and Brian assess that it is not an urgent topic.

Important Bugs

Frederic reports the case of Wacław, whose name carries a character external to ISO-8859 table. The problem prevents Wacław of getting a certificate, which prevents him from being able to log on the Finance Team dedicated application at board.cacert.org. Frederic explains having asked Bernhard for an advice, as an Arbitrator, before asking Dirk to make the change manually in the database.

Frederic's email: https://lists.cacert.org/wws/arc/cacert-board/2021-09/msg00000.html

Frederic explains that "So first I was asked by Dirk to ask Bernhard an advice as an arbitrator. I did as Dirk required. Then Dirk stated that I should not have done it, because I made a call to violate our policies. I felt as I was trapped. At least, this is not a good team work."

Revival of CAcert for Organisations (OrgA)

Etienne proposes to Guy to work on setting up a working group on the revival the assurance programm of CAcert for organisations. Guy agrees to do so.

Committee next meeting date

The next meeting date is set for October 7 at 20:00 UTC Next dates are: 7th of October, 7th of November

Our chair, Brian, closed the meeting at 22:34 UTC.

Logfile from meeting 2021-09-02

Committee next meeting date

The next meeting date is set for 2nd of September at 20:00 UTC Next meeting dates are: possibly 30th of September, 7th of October, possibly 30th of October, 7th of November

Motions

Actions

Who

Status

Action

Minutemaker

wip

prepare Agenda and Minutes for the next meeting

Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2021-09-02 (last edited 2021-09-07 21:39:28 by EtienneRuedin)