Minutes of the "Top" meeting 2007 September 17-21

Meeting called to order 2007-09-17 09:20. Present: (Board) Greg Rose, Robert Cruikshank, Evaldo Gardenali, (Advisory) Jens Paul, Teus Hagen, Ian Grigg.

m20070917.1: Minutes of previous Board Meeting are approved.

Jens reviewed arrangements for the week.

Greg to email Philipp regarding times and titles for day 4 agenda.

Robert reviewed finances etc. There are three accounts (2 with Westpac and one with Credit Unions Australia). Use PayPal and PayMate for incoming money. Should think about moving to a more international thing like PayPal exclusively. Account name at PayPal is confusing ( paymate@cacert.org !) DUNS number is set up (75-605-6102). Discussion of assets; one relatively new server is in our possession, older ones are not. Discussion of income sources. Robert feels we are now in good enough shape to be able to do legal reporting. He has put together a "Treasury Compendium" of the process he went through as well as the passwords etc. This will be shared with board members for safe keeping. Discussion about changing bank accounts to something more international. Currently not urgent to fix this. Agreed to pay a back invoice for colocation fees, and recover our old servers.

m20070917.2: Agreed that we should make our financial year July-June (fits well with November AGM).

(defer m20070917.3: Agreed that the President will make final contact with the old board, requesting either that the old hardware be handed over or at the least that they assure us any data on the machines has been destroyed.)

Review of past actions by CAcert board. Unless otherwise noted, previous actions are supported. Need policy for email addresses. Review status of super-assurers. Domains are owned by CAcert. Review status of source code. "Advertise on Google", despite being passed, doesn't seem to have happened. "Limits on Points Growth" was agreed but has never been implemented; this needs to be reviewed. "Board remunerations" was passed but not implemented (no payments appear to have been made). Review of "Auditor instructs no deals" necessary (later in meeting).

m20070917.3: Overturn previous board decisions "advertise on Google", "Limits on points growth", "Board remunerations".

Assets.

DNS (cacert.{org,net,com}) registered with GKG, expires 2010 September 13. cacert.nl is in control of Oophaga on our behalf. cacert.at in control of Philipp. cacert-germany.de controlled by Henrik. cacert.de seems to be registered by a business, as is cacert.info. Policy needed on domains; discuss with PR.
Trademark of CAcert name. Research the possibility of getting trademark in Australia, possibly other places. When other people are found to use the name we should send them a letter.
Reputation (page rank) is an asset and should be defended.
"Goodwill" - number of association members, users, assurers, etc. - 95546 users, 9103 assurers, 65207 valid certificates. Number of active users appears to be declining.
Old server in Robert's garage should be sold if possible. No critical information was ever on this machine. Associated crypto coprocessor (IBM 4758) is a good paperweight (i.e. of no value).
ACER Aspire laptop 5100-5840 (s/n LXAX90X088711135551601 SNID 71107918916) purchased 5 Sept 2007 in possession of Evaldo Gardenali for secretarial/sysadmin purposes.

m20070917.4: That the board take control of the domains, and the sysadmins take control of DNS servers, thus effecting dual control.

m20070917.5: CAcert will vigorously defend use of its name, including for example stating that "CAcert is a trademark of CAcert Inc." in documents.

Planning for next AGM.

membership register -- Evaldo says is a mess. There are 51 email addresses, corresponding to 50 individuals, but there is no information about joining date, currency, and in a few cases, nothing known except the email address. Agreed that Evaldo will send mail to past and existing members encouraging them to get current.
requirements, allocation of tasks: Date of AGM to be 17 November 2007 22:00UTC, on IRC. Evaldo to issue preliminary notice, then a formal notice before 21 days.
recruitment of new members. Greg Stark and Henrik Heidl to write a draft asking people to join, talking about mission, and so on.
recruitment of new directors. Current board and advisory to work towards a high-quality slate of candidates for the next election.
motions suggested on wiki at NextAnnualGeneralMeeting : Members of the association should also be registered users of the service (can change the bylaws to require CAcert certificate signature).
mission of the Inc., responsibilities Inc. (To be discussed day 5)

m20070917.6: We will direct payment for membership to PayPal. In the future we will shut down the PayMate account.

m20070917.7: Election to be for 5 members of the Board of Directors. Board positions to be decided and announced within 14 days after the election.

m20070917.8: (Non-board operational) Officers of the project of the organization should be financial members of the association; the Board can make exceptions to this rule.

EU DPA

m20070917.9: The board accepts that CAcert is or intends to be subject to the DPA, and action is required to be in full compliance with this.

m20070917.10: The Board gratefully acknowledges Duane Groth's vision in creating CAcert.

m20070917.11: That the treasurer be authorized to pay budgeted expenses and minor normal expenses less than AU$100 without requiring authorization from the board.

Organization Chart: there was extensive discussion of th organization chart, and how to fill the various holes. What seems to work is to have small progress, getting people to do individual tasks, and they tend to grow into bigger roles. Some discussion about focusing on Scandinavia, UK, USA, and how to do better in those places. We serve the markets as we can.

m20070917.12: Agree to fund the Systems 2007 fair in Munich, DE (est E.1724)

Meeting adjourned 18:10

Meeting resumed 2007-09-18 9:00

Minor change to agenda order.

Organizational Assurance Policy

Jens introduces the OAP. The proposal was examined in detail and substantial changes made. The document will be re-introduced for approval later.

HR issues

Reiterate discussion from yesterday. Emphasis on recruiting particularly from UK and Scandinavia, before assigning officer's positions. Discussion continues about potential board candidates.

Risks, Liabilities, and Obligations

The Auditor introduced the issues. The board reviewed the proposed documents.

m20070918.1: The Board approves the document titled "Non-Related Persons Disclaimer and License". In an abundance of caution, the document will also be presented for ratification at the AGM.

m20070918.2: The Board agrees in principle to the process of arbitration for dispute resolution.

m20070918.3: The Board approves the Dispute Resolution Policy as discussed in the meeting.

The board discussed the difficulty for a new user to tell the difference between "official" wiki pages, as opposed to working pages, advice pages, and so on. The board believes that the Documentation Officer is in charge of this problem. Our suggestion is to split the wiki at a high level, to have write-controlled pages for official use, policies, etc.

While discussing the RUA, the board noted that there is no mention of retaining assurance documents in the "web of trust" web pages. The Documentation Officer is requested to rectify this.

We reviewed the RUA, and among other things noted that the privacy section needs to be reviewed by the Privacy Officer.

We noted that the introduction of a monetary limit on liability changes the philosophy of CAcert; unfortunately the requirements of the legal framework within which CAcert exists appear to make such an admission of liability necessary.

m20070918.4: The Registered User Agreement as discussed and modified is promoted to DRAFT status as written in the (not yet approved) Policy on Policies, and is therefore working policy for the community.

Principles

m20070918.5: The principles part of the Mission and Principles document is approved for the time being, but it is expected to evolve further.