Points

Policy Group's Year of Conquest!

The big target of the Policy Group was achieved when Security Policy went back to DRAFT around early June 2010.

The Audit is driven by the Criteria (called DRC or David Ross Criteria) and this sets an index for audit called Configuration Control Specification (CCS). This went to draft in April 2010. According to DRC-A.1, the whole audit set is:

  1. Configuration Control Specification (CCS)
  2. Certification Practice Statement (CPS) which in our case includes Certificate Policy (CP).
  3. Privacy Policy (PP)
  4. Security Policy (SP)
  5. Declarations of Risks, Liabilities and Obligations (in CAcert Community Agreement or CCA)
  6. Control of Software, Hardware and Logs (in CCS and Security Policy).

The project took 5 years, starting from Christian Barmala's efforts in 2005 to write a CPS, up to the point where Security Policy went to DRAFT. Approximately 13 documents in 100 pages, approved by 70 contributors casting 350 votes & decisions. We hereby present the hall of fame for CAcert's 5 years of Policy Conquest:

(this wikiscrape of the votes and resolutions does not for example include the authorship of the policies.)

The Security Policy Saga

Security Policy was vetoed by the Board on m20100327.2, as it can under our rules PoP 4.6 "During the period of DRAFT, CAcert Inc. retains a veto over policies that effect the running of CAcert Inc." This was triggered by a clause in the SP that said that Members of the Committee of CAcert Inc. were on the list of those who should have a background check. Once the veto was initiated, the topic was widely debated in the Board's communications.

Once the vote to veto closed, we respond by taking the Committee Members off the list. The list was put in around a year before, and at the time the committee was included because many (including the committee) had been worried about conflicts of interest amongst Committee Members for a long time. However, when it came to 2010, the concerns had been overtaken by events; the new Associations Act 2009 of NSW requires conflict of interest notifications to the secretary. This is thought to be somewhat better than either nothing, or an ABC which is probably too stringent for the Committee Members. As there were no real objection to taking it out, this was done.

Several other detailed changes were made, and a general cleaning up. When we finally brought the newly reviewed SP to the vote, we recorded unanimous consensus with 20 Ayes, our best up to that date.

Significant Events

Future Work - Stuff we know we did next year

TTP-Assist. Assurance got a brand new subsidiary policy (under Assurance Policy) to handle TTP work. This was again led by the Assurance Team, and reworks the classical TTP process. In the past, TTPs sent their documents to a TTP-Admin, who was generally a single person appointed by the Board. Now, under TTP-Assisted Assurance Policy, the TTPs work with Senior Assurers, one each for each TTP, and the entire process is distributed. Additionally, the process includes a top-up concept to get an additional 35 points to the Member, thus helping her to become an Assurer.

Appeals to Arbitration. The Board filed to appeal against an Arbitration, which immediately ran into DRP's rule that the Board hears any Appeal. We have for a long time been of agreement that this was a bad situation, but we did not have clear consensus on what to replace it with. After some debate, we voted the following text into DRP 3.4:

Future Work - Stuff we'll predict we'll do next year

There are several bodies of work to be done:

AGM/TeamReports/2010/Policy (last edited 2011-02-17 10:41:45 by SunTzuMelange)