Committee Meeting 2022-02-03

CAcert - purposefully forward even in snow and ice

The meeting will take place at 20:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.

Feel free to add a business item within the acceptance period of 48 hours or your question to the board below. Non-committee members: the committee may choose to convert any business proposed as a question in the questions section.

Agenda

  1. Preliminaries
    1. Chair opens the Committee Meeting
    2. Who is making minutes? (Writing minutes in real time)

    3. Chair asks whether cacert-board-private or cacert-board maillist includes any items that need to be disclosed to Members.

    4. Accept minutes from 06.1.2022 <!> "I move to accept the minutes of the committee meeting of 6st January 2022."

  2. Business

    Acceptance of new business items no later than 48 hours before the start of the committee meeting!

    1. Quick decisions
      1. xxxx <!> "I move that xxxx." (rewording???)

    2. Quick infos
      1. {i} CAcert's page at [https://en.wikipedia.org/wiki/CAcert.org en.wikipedia.org] has been restored after deletion, but needs some improvement by a English speaking wikipedian.

      2. {i} EUR bank account: SecureU pays 20 EUR / month; at GKB it is 60 CHF / year. EUR account has been opened.

      3. {i} CCA update has been initiated. (ad new IBAN in Feb, review in March, sent in spring after new firewall installed)

      4. {i} Tax exemption: dossier is 99% compiled, exepted to be finished in february.

      5. {i} Phone call Etienne/Dirk has taken place

      6. {i} JanDD repaired the wiki. Thank you very much!

    3. Finance team DRAFT (Michael)

      1. New ERP / decision / who, where, until when (Michael)
      2. Info ([https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2021-01-07/FinancialTeam|details here] / decision about USD and AUD in PP (Michael) <!> "I move to transfer USD and AUD from PP to GRKB."

      3. MOTION: Given that CACERT has more than 12K EU in it's accounts, it is hereby moved that a program of equipment renewal be started in 2022, to be completed by the end of 2023.
        1. Amended motion: Given that CAcert has more than 12K EU in its accounts, it is hereby moved that a program of ongoing equipment renewal be started in 2022. This motion is to support the idea in principal. There will need to be many details worked out, and those plans will come back to the board for approval.
    4. OpenID Connect (Brian) <--! integration / who is in charge / what is done / what will be done until end of year / Board asks whether there is anything that they can do to assist -->

    5. Future of secureU e.V. (Discussion)
      1. secureU e.V. is an association in Germany (e.V. = registered association) that owns the CAcert servers on behalf of CAcert. The board of SecureU is also considering dissolving this association. Of course in close consultation with CAcert. What consequences would this have for us? Advantages? Disadvantages? What possibilities do we see?
    6. Background Check (?)

      1. {i} BGC for Kim and Sascha is initated.

    7. New CSR software (Ted)

      1. {i} to Ted's knowledge there was no progress with this software in 2021. He don't expect any progress in 2022.

    8. Software reviews (Brian)

      1. xxx
      2. Wiki review of https://wiki.cacert.org/engagement

  3. Question Time

    Questions from CAcert.org community members can be added until beginning of committee meeting! As well questions can be asked at "Question Time", without added question here.

    1. "Question One." added by Your Name Comment: Replace "Question One" by your Question and add your name

      • ..
    2. Closing
      1. Agree on date of the next Committee Meeting: 3. March 2022
      2. Agree on the following meeting dates: 7. Apr (Maundy Thursday is on 14th), 6. Mai 2022 (keep data free, can be changed if necessary)
    3. To remember: Goals 2021/2022 (propositions by board 2020/2021) - Each goal needs a responsible person on the board who keeps an eye on it and reports regularly, keeps in touch with the responsible people.
      • push OrgA (Guy)
      • expand PR (Alex cannot do this, wants to hand over)
      • support SecureU (find an active board member for them in Germany)
      • expand background check
      • simplify the certificate creation (this enables the start of various projects from the pipeline)
      • remote assurance, if accepted by the community;
      • software development and testing
      • delivering the OpenID Connect integration, for which CAcert is funded by the RIPE NCC.
    4. Not to forget: Staffing the teams
      1. Applicants to the Infrastructure team
      2. Applicants to the Development team
      3. Applicant to the Critical team
    5. Access to local systems for board members

Person

Board-Private

Committee Archive

Wiki

Nextcloud

Brian

(./)

(./)

(./)

(./)

Etienne

(./)

(./)

(./)

(./)

Frédéric

(./)

(./)

(./)

Admin

Kim

(./)

(./)

<!>

?

Michael

(./)

(./)

<!>

?

Sascha

(./)

(./)

(./)

Admin

Wacław

<!>

(./)

<!>

?

1. Tasks assigned to Board Members and others

Person

Task

Deadline

Other People Involved

Notes

Brian

Contact QA/QC Volunteers

10 January 2022

Gero Treuner, Peter Nunn, others?

To begin work, they do not need ABC.

Brian

bla

2022

xxx

xx.

Brian

bla

2022

xxx

xx.


  1. Software Team
    1. Issue 1502: Adapt the UI at CAcert.org to deal with the "keygen" feature having been removed in browsers

    2. Issue 1482: Limit validity period of new HTTPS certificates to one year

    3. Issue 1444: PHP - Brian

    4. Issue 1417: Keygen / new CSR software - Bernhard

  2. Organisation Assurance
    1. How to relance OrgA? (Guy)
  3. Grant applications
    1. Protopype Fund https://prototypefund.de/en/ (mail to SW Board only)

      1. The Prototype Fund is a project of the Open Knowledge Foundation Germany, funded by the Federal Ministry of Education and Research (BMBF). This is for residents of Germany only. We could create a group of people that work on a project for CAcert (with all support of the others in the background). It runs for two more years, every 6 month.
      2. Infra does not see any acute need at the moment, and does not have the capacity to provide qualified support.
      3. There are some ideas for software, but in infra's view there is still a lot of conceptual and preparatory work missing. What Infra could imagine is financing people to carry out a requirements analysis and write a requirements and test specification. This could then be used as a basis for a new implementation of the CAcert software (WebDB, Signer and perhaps other things like CATS). But these are just a few ideas of JanDD and he cannot currently recommend any people who would be suitable for this. Potential candidates would have to deal intensively with the existing software on the one hand and with the underlying policies on the other, and would have to identify a lot of missing information, ask for it and make assumptions for discussion. This requires very good analytical and communication skills and a high level of stamina.
  1. Blockchain
    1. see here: https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2018-03-01/ideas#Blockchain (waiting for answer from IanG)

Minutes

Present

Members of the Committee:

Present, by alphabetical order

Absent or silent, by alphabetical order

Members of the CAcert community and other guests

Committee meeting

There is another agenda point added: Hardware renewal.

Acceptance of **minutes**
  1. Motion to accept minutes from 6. Jan. 2022: The minutes of the last meeting are approved.
  2. The committee took note of the following information:
    1. {i} CAcert's page at [https://en.wikipedia.org/wiki/CAcert.org en.wikipedia.org] has been restored after deletion, but needs some improvement by a English speaking wikipedian.

    2. {i} EUR bank account: SecureU pays 20 EUR / month; at GKB it is 60 CHF / year. EUR account has been opened.

    3. {i} CCA update has been initiated. (ad new IBAN in Feb, review in March, sent in spring after new firewall installed)

    4. {i} Tax exemption: dossier is 99% compiled, exepted to be finished in february.

    5. {i} Phone call Etienne/Dirk has taken place

    6. {i} JanDD repaired the wiki. Thank you very much!

  3. Hardware: Michael raises a fundamental discussion for debate. At the end of the discussion, the motion reads: "Given that CAcert has more than 12K EU in its accounts, it is hereby moved that a program of ongoing equipment renewal be started in 2022. This motion is to support the idea in principal. There will need to be many details worked out, and those plans will come back to the board for approval." and is adopted.

  4. OpenID: Jan did a great presentation of how it will/could work, and what he had already done. On the other hand, we urgently need two or three people to write the documentation. For more information, contact Brian directly. Any help as well.

  5. SecureU: SecureU e.V. is an association in Germany (e.V. = registered association) that owns the CAcert servers on behalf of CAcert. The board of SecureU is considering dissolving this association. Of course in close consultation with CAcert. What consequences would this have for us? Advantages? Disadvantages? What possibilities do we see? The secretary has spoken to Dirk from SecureU. SecureU consists mainly of three board members, all of whom want to resign. Now that CAcert Inc is in Europe, the need for SecureU is no longer compelling. We believe there are three possibilities (not all equally good):

    1. The Inc board is also SecureU board. (how does this work with people who do not live in Germany? simple or complicated with the authorities? to clarify!)
    2. Dissolve SecureU, bequeath server and money to Inc. Can we, as a Swiss association, take over the contract without any problems? to clarify!)
    3. The current board of directors remains pro forma and the Secretary/Treasurer/President of Inc form the management of SecureU. Once a year, a general assembly will be held by correspondence. (this is rather meant in case [1] and [2] are complicated or impossible). On the part of SecureU, mid-year is envisaged. It would be best to have one representative from Inc and one from SecureU to follow up and report regularly. At the moment, the discussions have taken place: Secretary (Inc) and egal (SecureU). --- Let's go to the simplest way, Etienne continue to negotiate with SecureU, together with Frédéric and Michael when Mark Overmeer/BIT is involved. --- Previously Oophaga Foundation owned the hardware, which was bought bei SecureU for one symbolic euro when signing the new contract to BIT. So the only asset that SecureU can lay claim to is the contract.

  6. Backgroundcheck: If a board-member does the BCC, he can't cast a vote as a board-member, as this would be a conflict of interest. Similarly if he is a candidate.

  7. Review landing page: There is a new landing page for voulnteers. To put as a link in e-mails, etc. to avoid that we will be overhelmed by e-mails... e.g. as a link in the CCA-Mail to 380 000 where we will also ask for help. We cannot answer 20000 e-mails. So we need a kind of self service entrance landing page for volunteers. https://wiki.cacert.org/engagement Homework for all: look at https://wiki.cacert.org/engagement - it will come again in a few weeks. Having such a landing page is great, and yes, it might be fun to help out make it welcoming. There are many edits that some would make to that page.

  8. Question Time: By egal: what about remote assurances? Do we have any progress in discussion? --- Answer: Everyone who has talked about it agrees that it's a good idea. It has been mentioned in the policy-group, I think. And it needs to be discussed further there, but I haven't heard anything more. I guess that the Policy group doesn't need to have solutions to the technical problems, just "modify" the Policy. Brian will write a message today or tomorrow.

  9. Next meetings: Always the first Thursday of each month at 20:00 UTC. 3. March, 7. April. Please note, the first thursday in may is the 5..

Logfile

Logfile from meeting 2022-02-03

Motions

Actions

Who

Status

Action

Minutemaker

wip

prepare Agenda and Minutes for the next meeting

Brian

Software meeting

every 2 month

Secretary

bank

accounts, contact with treasurer