• EmailBoardDecisionsUpdateFeb2008

Board Decisions 2008

This section summarizes all decisions voted on by the board via email and board meeting(s) in 2008. Note that by the nature of email, sometimes discussions continue and previously agreed decisions get changed. Use of email for board decisions was formalized by the previous board. This update is drawn from emails within the board from January 2008.

Board decisions updated up to 11th of July 2008

January 2008

• m20080102.1 advertisement on CAcert services
• Google adverts on main weg page plus wiki Text advertisements on main web page (mainly Germany oriented) Logo and button advertisement (dependents on Oophaga MoU)
  • Proposed by Robert Cruikshank
  • Decision: Accepted.
  • Action: house style, implementation support (adverts are in web and wiki).

• m20080106.1 eToken with CAcert logo
  • Accept sales of eToken with CAcert logo from German sales company.
  • Proposed by Henrik Heigl
  • Decision: in debate. not positive to Open Source of technics, small PR value
  • Action: ask Henrik to come with OS improvement proof. Febr: merchandise via Secure-U. Completed.

• m20080109.1 Accept secure-u association in Germany
  • Accept secure-u German association as and according to CAcert foundation pol.
  • Proposed by Teus Hagen.
  • Decision: on board meeting 20080229.
  • Action: ask details, goal, mission, relation, name use, etc.

• m20080114.1 GPL is default software license
  • Have GPL as default license for CAcert software unless declared different.
  • Proposed by Evaldo Gardenali.
  • Decision: unanymous. Accepted.
  • Action: check version GPL.

• m20080114.2 GPL version V3

• Use default GPL V3 for sofware licensing by CAcert. Copyright CAcert Inc.
  • Proposed by Teus Hagen.
  • Decision: in debate.
  • Action:

• m20080114.3 Use FSF FDL licensing for CAcert documentation.

• When CAcert is copyright owner (svn, wiki, etc.) use FDL license model for document licensing. Alternatives (Creative Common, ...)
  • Proposed by Teus Hagen.
  • Decision: in debate.
  • Action:

February 2008

• m20080218.1 Provide Evaldo Gardenali for needed info of software to complete move of servers to Nld:
  • Source Code for CAcert Web Application
  • Source Code for Signing Server
  • Source Code for Communication Module, all the versions
  • Database structure for CAcert Web Application, no user data.
  • Exact operating system release being used
  • List of installed packages, in both servers
  • Configuration files for all the services in those servers, as-is, without passwords
  • Directory Organization for the servers, i.e. Where things are installed
  • Procedures for the Synchronizing of the servers
  • Any extra information found to be relevant for the server set-up Proposed by M-SC.
  -
  • Decision: Accepted
  • Action: Philipp is asked to provide the info to Evaldo by M-SC. Completed.

• m20080220.1 Assurer Events budget 500 Euro from Mario in charge for Ass Events.
  • Proposed by Robert Cruikshank.
  • Decision: Accepted.
  • Action: secure-u association Germany receives this Mario earmarked. Completed.

• m20080220.2: CeBIT ass. Event 1000 euro (Jürgen) funding on budget of 2500 Euro.
  • Proposed by Robert Cruikshank.
  • Decision: Accepted
  • Action: secure-u association maintains 1000 euro budget and costs for CAcert. Completed.

• m20080229.1: Motion: to rescind motion m20070824.2 (secr pay pal access)
  • Proposed by Greg Rose
  • Decision: Accepted.
  • Action: access was not needed, is not used. Completed.

• m20080229.2: Motion: to rescind motion m20071209.1 (severe downtime services)
  • Proposed by Evaldo Gardenali
  • Decision: accepted.
  • Action: no need as move still pending. Completed. Need other request maybe later.

• m20080229.3: to install audit.cacert.org system and domain name.
  • Proposed by Ian Grigg / Evaldo Gardenali
  • Decision: Accepted
  • Action: Evaldo installs and maintains system, support is asked for domain reg.Action completed.

• m20080229.4: accept Daniel Black as email system admin.
  • Proposed: support (PG) and M-SC
  • Decision: Accepted.
  • Action: PG gives measurements. Action completed.

• m20080229.5: Make sure proper arrangements are made for non-profit status of CAcert Inc.
  • Proposed: Robert Cruikshank
  • Decision: Accepted.
  • Action: SGM has been called for this in April 2008.

• m20080229.6: Accept Teus HAgen as president of CAcert Inc.
  • Proposed: Evaldo Gardenali
  • Decision: Accepted.
  • Action: Update board information.

• m20080229.7: Accept Stichting Oophaga Foundation in the Netherlands within Foundations Policy.
  • Proposed: M-SC
  • Decision: Accepted.
  • Action: conditions are in Oophaga MoU (note cacert.nl domain name, ownership is CAcert, mngmnt is Oophaga). Completed.

• m20080229.8: Accept secure-u e.V. association in Germany within Foundation Policy.
  • Proposed: Evaldo Gardenali
  • Decision: in principle accepted but under MoU condition to be worked out via M-SC

  • Action: M-SC negotiates MoU with secure-u (ref cacert.de domain).

• m20080229.9: Accept MoU with Ian Grigg for audit project work, totaling up to 36K euro.

  • Proposed: M-SC
  • Decision: Accepted (Guillaume accepted 24 hours later).
  • Action: MoU V.05 is signed 3 March08. Project starts asap (Nld move), align security manual and other work.

• m20080229.10: Accept technical arrangements for moving systems to NL lmanaged by Evaldo. Budget required: 4300 euro.

  • Proposed: M-SC
  • Decision: Accepted.
  • Action: align with PG and Audit project. Budget falls under audit project.

• m20080229.11: Accept to have board more involved to bootstrap OA.
  • proposed: Teus Hagen/M-SC
  • Decission: Accepted.
  • Action: OA policy change April 2008 defines OA and Board for help with OA Advisors and OAO appointments..

• m20080229.13: Accept update of CAcert organisation chart.
  • Proposed: M-SC
  • Decision: Accepted.
  • Action: wiki on chart adjusted. Evaldo is in charge of and leading Cachaca project.

• m20080229.14: AGM arrangements: AGM id due on 7th of November 2008
  • Proposed: Teus Hagen
  • Decision: Accepted.

  • Action: call for board members, preparation of fin and board report, M-SC is asked for coordinating.

• m20080229.15: Accept membership of Thomas Widhalm, nominated by Gary Lee Adams and Nicholas Bebout
  • Decision: Accepted.
  • Action: add to membership list. Completed.

• m20080229.16: Budget arrangements for PW for travel/accomodation funding writing security manual within audit project.
  • Proposal: Guillaume Rogmany
  • Decision: pending.

  • Action: should go within audit project (Ian Grigg), but if needed come back on it. See also m20080229.7/8 decisions.

April 2008

• m20080403.1 association membership nominations
• nomination of Philipp Gühring by Guillaume Rogmany, seconded by Teus Hagen
• nomination of Sam Johnston by Teus Hagen, seconded by Robert Cruikshank
  • Decision: Accepted
  • Action: association membership inclusion.

• m20080408.1 organisation assurance application CWI, Amsterdam
• Organisation Assurance advisor Teus Hagen
  • Decision: Accepted
  • Action: add organisation assurance to Jack Jansen account by support.

• m20080425.1 Approve CAcert Communication Policy (CCP) for email addresses in the cacert.org domain and PR publications.

• The internal policy is not an audit policy requirement. It supports the internal communication structure (e.g. email:name@cacert.org) where CAcert Inc. is responsible for and needs to control.

  • Votes: 4 Ayes
  • Decision: accepted.
  • Action: board / Management Sub-Committee decides applications.

May 2008

• m20080430.1 The DoB is needed in current CAcert operations and can not be omitted and take the responsibility in related to the EU DPA.
• Comment: Board will support and motivate exploration of alternatives for DoB taken up by CAcert Community.
  • Votes: 3 Ayes, 1 Naye
  • Decision: Accpted
  • Action: exploration for alternative to DoB, Announcement and clearness of taken position.

• m20080422.3 Removal of copies of ID and identification number information from archives
• Comments: CAcert when it started in 2002 required that copies of ID's were archived for 7-10 years in the archives of CAcert or archives of CAcert Assurers. In a later instance CAcert required to take note of ID numbers and/or social security numbers of the individual. For privacy reasons both (copy of ID, personal numbers) were dropped. The CAcert Assurance Programme form states that the information should be kept 7-10 years. CAcert Inc. drops the requirements for copies of ID and personal numbers and decides to remove these information from the CAcert archives and requires the CAcert Assurers who are in position of that information to do the same. The information should be deleted with care.
• Copies of ID are not needed for operational purposes and are not compliant with European privacy Directive (EU DPA).
  • Decision: Accepted
  • Actions: delete paper and digital copies from archive; denote the action and decision in CAcert blog; ask CAcert Assurers to follow CAcert decision. Blog on DoB and Copy IS drop done as well board order to destroy them by operators/adminsitratores has been given in May 2008.

June 2008

• m20080604.1 Decide to add Philipp Dunkel to arbitrator/case manager list.
  • Comment: Philipp is full assured, involved in policy and technical discussions. Involved with OA Austria sub-pol def. Not yet ass. member.
  • Votes: 2 Ayes, 1 neutral, one vote pending.
  • Decision: Accepted by chair decision.
  • Action: 16 July 2008 added to arbiter/case mngr list.

• m20080608.1 Proposal to add Mendel Mobach as trainee for critical systems to core support and administration team.
  • Comment: Philipp and Teus have interviewed him. Mendel is prospect and trained for critical system administration and based near CAcert Nld location.
  • Votes: 2 Ayes, two votes pending.
  • Decision: accepted pending on last interview.
  • Action: Philipp to train him for critical systems, Guillaume to interview him.

• m20080624.1 Proposal of May Plan: completion of rehosting services to Holland ending October 2008. May Plan V0.12.
  • Comment: sub-team based in NL near ISP location in NL, first emergency small team, build up later full system admin team. Extent hosting Vienna hosting contract until November 2008.
  • Votes: 3 Ayes, one vote pending.
  • Decision: accepted.
  • Action: kick off of actions as in Plan. Planning info is provided for control of progress.

• m20080628.1 Henrik Heigl asks for letter board for PR German press card.
• Comment: to be sync'd with Secure-U German activities on this. Secure-U is asked for comments and syncing activities.
  • Votes: implicit Aye.
  • Decision: accepted.
  • Action: letter to be send by president to Henrik for PR CAcert activities in Germany.

July 2008

• m20080708.1 Proposal for increase to 50 experience points level for assurance event in Canberra 24th of July 2008 for Assurers Daniel Black and Graham Freeman.
  • Votes: 3 Ayes, one vote pending.
  • Decision: accepted.
  • Action: notify Super Assurance manager and take administrative action (system admin team).

• m20080709.1 Proposal to transfer cacert domains from US registrar to Australian registrar.
  • Votes: 3 Ayes, 1 pending.
  • Decision: accepted.
  • Action: transfer on completion of servers move to Nld to TTP Australia.

• m20080709.2 Proposal to add usb drive for backup to CAcert laptop with Evaldo.
  • Votes: 3 Ayes, (one vote excluded).
  • Decision: accepted.
  • Action: allow Evaldo to order usb drive and CAcert pays bill.

• m20080709.3 Proposal for CAcert laptop for Cruikshank, treasurer board work.
• Should be in sync with pricing for Evaldo laptop. Lease arrangement is explored.
  • Votes: 2 Ayes, 1 pending, (one vote excluded).
  • Decision: accepted (chair balance).
  • Action: Evaldo email info is failing on decisions. Lease/buy by Robert, bill to CAcert.

• m20080710.1 Sys admin critical systems should provide immediately clear emergency procedures for holiday times and off duty times for critical systems.
• Comment: procedures should be in security handbook, but this handbook is not yet finished.
  • Votes: 3 Ayes, 1 pending.
  • Decision: accepted.
  • Action: Ask Philipp to notify board of emergency procedures.

• m20080710.2 have arrangement for critical system access and password to root keys at third party with disclosure instructions such that two signatures of board are required to disclose this information by the third party.
• Comment: board should not have personal access or disclosement as board will change at times.
  • Votes: 3 Ayes, 1 pending.
  • Decision: accepted.
  • Action: Instruct Philipp to make local arrangements. Local to location of critical systems.