Committee Meeting 2022-01-06

CAcert Christmas Epiphany Gift

The meeting will take place at 20:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.

Feel free to add a business item within the acceptance period of 48 hours or your question to the board below. Non-committee members: the committee may choose to convert any business proposed as a question in the questions section.

During the meeting, the following two additional channels are open to all members: (LINK WILL BE ADJUSTED BEFORE THE MEETING)

Agenda

  1. Preliminaries
    1. Chair opens the Committee Meeting
    2. Who is making minutes? (Writing minutes in real time)

    3. Chair asks whether cacert-board-private or cacert-board maillist includes any items that need to be disclosed to Members.

    4. Accept minutes from 02.12.2021 <!> "I move to accept the minutes of the committee meeting of 2nd December 2021."

  2. Business

    Acceptance of new business items no later than 48 hours before the start of the committee meeting!

    1. Quick decisions
      1. Wiki Edit Access should be granted by support <!> "I move that wiki edit access can also be granted by support." (rewording???) (The secretary is not sure, if this is a task by board to do so, but until publication of the agenda, he does not get any answer to this question.)

    2. Quick infos
      1. {i} EUR bank account: secretary asked at GRKB

      2. {i} CCA update has been initiated.

      3. {i} Tax exemption: dossier is 99% compiled

      4. {i} Phone call Etienne/Dirk has not yet taken place

    3. Finance team (Michael)

      1. New ERP / decision / who, where, until when (Michael)
      2. Info (details here / decision about USD and AUD in PP (Michael) <!> "I move to transfer USD and AUD from PP to GRKB."

      3. Board asks whether there is anything that they can do to assist the Finance Team.
    4. OpenID Connect (Brian) <--! integration / who is in charge / what is done / what will be done until end of year / Board asks whether there is anything that they can do to assist -->

    5. Background Check (?)

    6. New CSR software (Ted)

      1. {i} to Ted's knowledge there was no progress with this software in 2021. He don't expect any progress in 2022.

    7. Software reviews (?)

      1. who will care about this core topic?
    8. To remember: Goals 2021/2022 (propositions by board 2020/2021) - Each goal needs a responsible person on the board who keeps an eye on it and reports regularly, keeps in touch with the responsible people.
      • push OrgA (Guy)
      • expand PR (Alex cannot do this, wants to hand over)
      • support SecureU (find an active board member for them in Germany)
      • expand background check
      • simplify the certificate creation (this enables the start of various projects from the pipeline)
      • remote assurance, if accepted by the community;
      • software development and testing
      • delivering the OpenID Connect integration, for which CAcert is funded by the RIPE NCC.
    9. Not to forget: Staffing the teams
      1. Applicants to the Infrastructure team
      2. Applicants to the Development team
      3. Applicant to the Critical team
    10. Access to local systems for board members

Person

Board-Private

Committee Archive

Wiki

Nextcloud

Brian

(./)

(./)

(./)

(./)

Etienne

(./)

(./)

(./)

{./}

Frédéric

(./)

(./)

(./)

Admin

Kim

(./)

(./)

<!>

?

Michael

(./)

(./)

<!>

?

Sascha

(./)

(./)

(./)

Admin

Wacław

<!>

(./)

<!>

?

1. Tasks assigned to Board Members and others

Person

Task

Deadline

Other People Involved

Notes

Brian

Contact QA/QC Volunteers

10 January 2022

Gero Treuner, Peter Nunn, Matthias Fischer, others?

To begin work, they do not need ABC.

  1. Question Time

    Questions from CAcert.org community members can be added until beginning of committee meeting! As well questions can be asked at "Question Time", without added question here.

    1. "Question One." added by Your Name Comment: Replace "Question One" by your Question and add your name

      • ..
    2. Closing
      1. Agree on date of the next Committee Meeting: 6. Jan 2022
      2. Agree on the following meeting dates: 3. Feb, 3. March, 7. Apr (Maundy Thursday is on 14th), 6. Mai 2022 (keep data free, can be changed if necessary)


  1. Software Team
    1. Issue 1502: Adapt the UI at CAcert.org to deal with the "keygen" feature having been removed in browsers

    2. Issue 1482: Limit validity period of new HTTPS certificates to one year

    3. Issue 1444: PHP - Brian

    4. Issue 1417: Keygen / new CSR software - Bernhard

  2. Organisation Assurance
    1. How to relance OrgA? (Guy)
  3. Grant applications
    1. Protopype Fund https://prototypefund.de/en/ (mail to SW Board only)

      1. The Prototype Fund is a project of the Open Knowledge Foundation Germany, funded by the Federal Ministry of Education and Research (BMBF). This is for residents of Germany only. We could create a group of people that work on a project for CAcert (with all support of the others in the background). It runs for two more years, every 6 month.
      2. Infra does not see any acute need at the moment, and does not have the capacity to provide qualified support.
      3. There are some ideas for software, but in infra's view there is still a lot of conceptual and preparatory work missing. What Infra could imagine is financing people to carry out a requirements analysis and write a requirements and test specification. This could then be used as a basis for a new implementation of the CAcert software (WebDB, Signer and perhaps other things like CATS). But these are just a few ideas of JanDD and he cannot currently recommend any people who would be suitable for this. Potential candidates would have to deal intensively with the existing software on the one hand and with the underlying policies on the other, and would have to identify a lot of missing information, ask for it and make assumptions for discussion. This requires very good analytical and communication skills and a high level of stamina.
  1. Blockchain
    1. see here: https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2018-03-01/ideas#Blockchain (waiting for answer from IanG)

Minutes

Present

Members of the Committee:

Present, by alphabetical order

Absent or silent, by alphabetical order

Members of the CAcert community and other guests

Committee meeting

Kim Nilsson take the chair and declare the meeting open, 2022-01-06 20:11 UTC

Acceptance of **minutes**
  1. Motion to accept minutes from 2.12.2022**
    • The minutes of the last meeting are approved.

Business
  1. Wiki
    1. 2.1 It's been suggested that "Wiki Edit Access should be granted by support". There is a problem with wiki access. Support should do this, but has not the writing rights granted. As we do not know who can grant this, I propose to vote a board motion and hope that helps (or people who can change it accept a board motion). There are people who can do it technically but do not have the rights. So we can back them up. As it looks as it could be done by Mario or Dirk if support ask them, the secretary will write to support to ask them.
    2. To follow up on the other suggestion Kim moves that Secretary be given admin access to the wiki. Motion accepted with one abst. Dirk is asked to grant it.
  2. 2.2 Quick infos
    1. 1 EUR bank account: secretary asked at GKB
    2. 2 CCA update has been initiated.
    3. 3 Tax exemption: dossier is 99% compiled
    4. 4 Phone call Etienne/Dirk will take place in the first half of january.
  3. 2.3.1 Finance team (Michael), New ERP / decision / who, where, until when (Michael)
    1. Wacław is not available at the moment. He declined also his nomination to the committee. Frédéric talked to him face to face three weeks ago. He is OK for taking care of the new CRM/ERP in the future, however, we agreed that Frédéric will second him at the begining, reding NextERP's documentation and performing a first install, with his support. If it is in a LXC container, it can later be transferred rather easily.
    2. Michael need to get CommunityAssociation page updated on www.cacert.org. I also wonder if we can move towards having "api.cacert.org" where all the code is, and www.cacert.org could be a static site.

    3. Regarding the VM, Frédéric asked Brent to grant us access to one VM in his infrastructure. It will have 4 vCores and 8GB RAM with a huge swap on Optane ans a natted IPv4 public address for getting into the VM from the Internet.
    4. As we had terrible problems with our payment service provider PayPal Australia Pty, we wanted to withdraw all money to our bank account if possible. Suggestion as a first step: USD and AUD from PP to bank account. EUR at the moment still waiting until it is clear with the bank account. So clear accounts to the nearest $10, the few cents will then stay with PP. Details can be discussed bilaterally between secretary and treasurer.

Treasurer wants all the cash out of paypal and into a real bank

  1. Kim moved that all funds from PP is transferred to the bank account. (making the wording as simple as possible)

Accepted. Treasurer and Secretary will see the details and execute it.

  1. 2.2.4. OpenID Connect (Brian)
    1. Brian needs to meet with Jan, Dirk and Ted regarding this. He has already talked, briefly, with Jan, and will continue.

Brian: When we get closer to actually accomplishing something here, I am going to propose that Dirk and Jan be paid ( some amount to be determined later ) for the work that they have already done. Frédéric hopes Brian could be paid too, for his work as a project manager. This is the goal of that grant: to be received by the hands of those taking part to the achievement of the developement, documentation, management, etc.

  1. We got the grant of 7800 EUR, arrived on 27.12.2021 8590.70 CHF.
  1. 2.5 Background Check - has no info, so could the person responsible for it please add comments here?
    1. Who has the list with all the candidates?
    2. Gero Treuner, Peter Nunn, Mathias Fischer, others? Sascha and Kim. Later some board members as FD or Etienne or ?
  2. 2.6 New CSR software (Ted)
    1. to Ted's knowledge there was no progress with this software in 2021. He don't expect any progress in 2022. That is bad news. But for the moment we will probably first finish more pressing things.
    2. The secretary will be the watch dog for New CSR. What we have is just that the Java based Proof of Work delivered by Tim was far away from what we understood as possibly being a working solution.
    3. Software development team should meet every two month or so, in order to make integration and understanding beetween its member better, and o invite potential new comers to meet witj them, too.

Which board member will care about this core topic and get in touch with Software regularly? It is believed, that Brian could do this best.

  1. 2.7 Software reviews - who will care about this core topic?
    1. The usual process is: somebody creates a bug, somebody writes the fix, somebody will test it, somebody will do the review and somebody (having ABC for software) will send the patch with mantis-bug-number to critical team, so every patch being done on critical system could be tracked by the bug number in mantis. Obviously: some of the above "sombodies" could be the same, but not all. That means: tests and review can't be done by the person writing the code. So in theory Dirk could key in the bug and write the code, somebody else does the test and review and sends it to him to get it installed on critical server(s), but according to our policy software teamlead could decide, if only one review is enough before it's sent to critical team. Unfortunately this does not work, due to a conflict of positions (both team leads are the same person). In the future we should ask another volunteer to be the team leader of the Software Development team.

  2. 2.9 Staffing the teams
    1. The CRM/ERP is one thing to be done for keeping track of our correspondence with new comers. Another idea could be to invite volunteers to their very first contact to join the informal Wens day's meeting, half an hour it has started. Then, most of the meeting would be kept for the regular members, when at the same it would make very painless to get a face and voice first contact with new volunteers.
    2. How to find new volunteers? Idea from FD: contact 2-3x year the donators by an e-mail. Blog and Tweet are probably not for finding volunteers. With the blog and Twitter, we only reach existing readers. The best way is probably to contact someone directly. To grow your audience you often need help from someone who has a wider or different audience. They can retweet, reblog or review what CAcert does.
    3. There is no new applicants to either of the three listed teams.
  3. 3. Question time
    1. No questions.
    2. End of the meeting 22:38 UTC.
    3. Next meeting: Thursday, 3.2.2022

Logfile

Logfile from meeting 2022-01-06

Motions

Actions

Who

Status

Action

Minutemaker

wip

prepare Agenda and Minutes for the next meeting


Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2022-01-06 (last edited 2022-02-03 15:29:56 by EtienneRuedin)