= Minutes Management Sub-Committee meeting 20080207 =
Present: teus, iang, 22:30 to 01:00;
 * next meeting next thursday, 7 days.

== Dispute Resolution ==
 * emaillist of case managers and arbitraters
  * 8 members on the list as arbitrators
  * teus + iang as observers
  * let's work with that.
 * OK, dispute resolution system is now up and running.
 * any cases?
  * one indicated from MS, '''iang''' to chase
 * ok, running, leave it as it is.

== Assurance ==
=== policy list work ===
 * '''teus''' to give overview of current issues and status.
  * how do we check who is an assurer?
  * privacy/public status of cert numbers
  * AT subpol
  * code-signing policy
  * Tverify ==> subpolicy for other CA's members
  * TTP ==> subpolicy (propose a new policy)
  * Junior Assurance ==> subpolicy
  * need for DOB, ongoing discussion

=== CATS ===
 * CATS
  * 2nd sysadmin, has he been added yet? '''Evaldo''' still pending
  * Ted  statistics
   * 80 Assurers now have passed
  * need to mention that the Assurers will be chopped off
   * problem still is PR to reboost challenge taking
  * how to boost?  reward structure?
   * not keen on boost of points
   * prefer non monetary reward like Pins
   * '''teus''' question to education list?
  * '''iang'''' to chase: Challenge passed report over to core system, status of that?
   * implementaton of Challenger-passed mark into the database is pending? teus reminded Philipp.
   * assurer mark for challenge passed assurers
   * ask sysadmins for this (Evaldo file bug)
  * paper certs
   * the certificate is for "am an Assurer", let's leave this as is for now
  * Secure-U should pick up postage costs, but not for the immediate future because of startup issues.  We wait.


=== OA ===
 * regions
  * US is picking up, about to propose (wip) subpol
  * Swiss:  3 pending ones, to Jens, deferred until return from US
 * NL: OA assurer bootstrapping of teus, has been proposed to board
 * Organisations cannot be OA?
  * policy response was that an OA and Assurer must be natural persons
 * oversight JP? teus asked Jens, waiting for return from US
 * AT Austria SubPol is still working through

=== Other ===
 * code signing
  * current consensus/abstract?
  * policy write up
 * Assurance promulgation plan
  * Iang to mail systems & marketing groups.
   * 4 policies now on the main page
  * teus wants metadata on the page for the policies.
  * there needs to be a link from the top page to policies.
 * Policy on Policy should now in POLICY
  * '''iang''' to chase up onto main site.
 * need to spark a proposal that new TTP policy be written, and old be terminated.

== Systems ==
 * NL move
  * USB link cable no ack seen as yet
  * missed chance to install cable monday 4th
 * interest of volunteers: Xs4all, NLnet Labs (pending), Medison (pending)
   * no interest seen
 * create systems committee
  * Evaldo compiles req list
  * need closed group nomination policy?
  * bounce back ideas and create a proposal to board: '''all'''
 * alternate plan C project cacaca
  * lots of interest
   * AT Comp is pending
   * Guhrka-Medison pending
  * should be possible without company support
  * problem is desk, bed, net
  * Austria
   * start out with a month in AT
   * then move to NL to install the systems and get up and running
   * possibly a request for space on the NLUUG emaillist
   * have got machines in Sonance
 * link
   * serial not on Suns
   * Tunix has them
   * or use USB, or use Ethernet, device nodes available?
   * leave this up to the team that builds it.
 * Support team
   * Evaldo reports discussion on new member
   * has m-sc been properly notified?
   * support team members are critical
   * Teus to propose new support team members to Guillaume
   * notify ggr + rob of sitaion
 * admin team: Daniel, Ted, michael ???
 * what is this?, Evaldo: bill to CAcert
   * Teus+Evaldo: should bill, submit?
 * check OCSP/CRL distr systems (Philipp request)
   * not clear what check is required
   * outline of concerns by Evaldo to M-SC
   * iang to talk to Pete S
   * are these critical systems?
     * nothing much on them
     * DOS for revocation checking
     * certificate could be used for a social engineering attack
   * teus chase philipp with questions
     * why are these being distributed now and not being run on our NL machines???
 * Tix active monitoring/changing issue
   * question raised by Tix to go transparent or filtered?
     * was from Oophaga to Philipp
     * happened around the time of Philipp looking at RBL list
     * at that moment, Tix made an error ... caused an event call
     * The answer from Philipp was to continue the RBL active work
     * issue raised 17th november call # 01225785
     * as a result, RBL was turned off, but there are other aspects
     * gate.cacert.nl is doing the reply
     * gate.cacert.nl cert
   * firewall taps can be done at the Tix point
   * Tix can be surveyed from outside for stats purposes
   * agreed to defer this until later, until we have more assets
 * teus to ping the support people and brief them
   * Philipp is trying to get others to take over tasks.

 * getting sources up and available
   * good to get the board to finalise the licence under which the source code is to be issued.
   * agreed that CAcert is to own the full rights, as per the FSFE tfr agreement
   * proposal to board to be written up on that basis '''iang'''
   * '''iang''' to review GPL[23] again :(

== House Style ==
 * refer to list of decisions by board, posted by Teus.
 * new logo & new web style promissed first week Febr to be incorporated
 * advertisement handling (teus: status unknown)
  * google also now in wiki
  * text ref only now on main web page
  * buttons & logo's
 * cert button (teus: status unknown)

== Admin ==
 * organigram wait for M-SC comments
   * no negative comment seen
   * go ahead
 * overview of decisions taken
   * need to be diligent and record the decisions!
   * '''ask Evaldo for additional permissions for all board members to write on the board decisions page'''
   * also a new update on board decisions has been written and sent to Evaldo.  Need to chase.
 * tracking system for policy progress?
 * wiki pages update
   * teus to write to Sebastian Documentation Officer
   * more people to help
   * we need the existing Doc Policy work-in-progress
   * especially on the wiki or on the svn

== Audit ==
 * DRC-A to C are up on the audit site
 * audit.cacert.org is up and running
   * https://audit.cacert.org/drc/browser.php
   * need to drop the insistence on CAcert certificate being installed
 * workplan for auditor, teus
   * teus to respond to audit agreement. Still pending.
   * start requires '''move + dual control'''
   * teus to talk it over with Greg
 * security manual
  * Pat made chapter outline, some feedback from Ian and Philipp, is in progress
   * Pat is in community (CCA) ... battling with certs
 * MoU for NLnet funding signed by parties
   * need announcement press release, but defer this until after agreement with auditor is reached
   * documents now on website
   * m-sc decision to remove the older HTML discussion document because it is completely replaced by the PDF.
 * audit can only restart when systems are completely moved to NL

== Committee meetings ==
 * schedule 3 month period for wrap up decisions taken by email
   * evaldo/teus chase up board
   * get email decisions into wiki
 * AGM minutes need board review is now on wiki
   * '''iang''' to review
 * if we get Evaldo/cacacha then talk to Greg and to Robert about a meeting
== M-SC finances ==