Board Decisions until AGM 2008 November 2008
This section summarizes all decisions voted on by the board via email and board meeting(s) in 2008 till the AGM on 7th of November 2008. Note that by the nature of email, sometimes discussions continue and previously agreed decisions get changed. Use of email for board decisions was formalized by the previous board. This update is drawn from emails within the board from January 2008.
Board decisions updated up to 30th of October 2008
January 2008
- m20080102.1 advertisement on CAcert services
- Google adverts on main weg page plus wiki Text advertisements on main web page (mainly Germany oriented) Logo and button advertisement (dependents on Oophaga MoU)
- Proposed by Robert Cruikshank
- Decision: Accepted.
- Action: house style, implementation support (adverts are in web and wiki).
- m20080106.1 eToken with CAcert logo
- Accept sales of eToken with CAcert logo from German sales company.
- Proposed by Henrik Heigl
- Decision: in debate. not positive to Open Source of technics, small PR value
- Action: ask Henrik to come with OS improvement proof. Febr: merchandise via Secure-U. Completed.
- m20080109.1 Accept secure-u association in Germany
- Accept secure-u German association as and according to CAcert foundation pol.
- Proposed by Teus Hagen.
- Decision: on board meeting 20080229.
- Action: ask details, goal, mission, relation, name use, etc.
- m20080114.1 GPL is default software license
- Have GPL V2 as default license for CAcert software unless declared different.
- Proposed by Evaldo Gardenali.
- Decision: Accepted.
- Action: check version GPL.
m20080114.2 GPL version V3
- Use default GPL V3 for software licensing by CAcert. Copyright CAcert Inc.
- Proposed by Teus Hagen.
- Decision: in debate. Renewed by motion m20090202.3.
- Action: see m20090202.3.
m20080114.3 Use FSF FDL licensing for CAcert documentation.
- When CAcert is copyright owner (svn, wiki, etc.) use FDL license model for document licensing. Alternatives (Creative Common, ...)
- Proposed by Teus Hagen.
- Decision: in debate. Renewed by motion m20090202.4.
Action: Discuss Problem: choose right model: FSF FDL or Creative Commons.
February 2008
- m20080218.1 Provide Evaldo Gardenali for needed info of software to complete move of servers to Nld:
- Source Code for CAcert Web Application
- Source Code for Signing Server
- Source Code for Communication Module, all the versions
- Database structure for CAcert Web Application, no user data.
- Exact operating system release being used
- List of installed packages, in both servers
- Configuration files for all the services in those servers, as-is, without passwords
- Directory Organization for the servers, i.e. Where things are installed
- Procedures for the Synchronizing of the servers
- Any extra information found to be relevant for the server set-up Proposed by M-SC.
- Decision: Accepted
- Action: Philipp is asked to provide the info to Evaldo by M-SC. Completed.
- m20080220.1 Assurer Events budget 500 Euro from Mario in charge for Ass Events.
- Proposed by Robert Cruikshank.
- Decision: Accepted.
- Action: secure-u association Germany receives this Mario earmarked. Completed.
- m20080220.2: CeBIT ass. Event 1000 euro (Jürgen) funding on budget of 2500 Euro.
- Proposed by Robert Cruikshank.
- Decision: Accepted
- Action: secure-u association maintains 1000 euro budget and costs for CAcert. Completed.
- m20080229.1: Motion: to rescind motion m20070824.2 (secr pay pal access)
- Proposed by Greg Rose
- Decision: Accepted.
- Action: access was not needed, is not used. Completed.
- m20080229.2: Motion: to rescind motion m20071209.1 (severe downtime services)
- Proposed by Evaldo Gardenali
- Decision: accepted.
- Action: no need as move still pending. Completed. Need other request maybe later.
- m20080229.3: to install audit.cacert.org system and domain name.
- Proposed by Ian Grigg / Evaldo Gardenali
- Decision: Accepted
- Action: Evaldo installs and maintains system, support is asked for domain reg.Action completed.
- m20080229.4: accept Daniel Black as email system admin.
- Proposed: support (PG) and M-SC
- Decision: Accepted.
- Action: PG gives measurements. Action completed.
- m20080229.5: Make sure proper arrangements are made for non-profit status of CAcert Inc.
- Proposed: Robert Cruikshank
- Decision: Accepted.
- Action: SGM has been called for this in April 2008.
- m20080229.6: Accept Teus HAgen as president of CAcert Inc.
- Proposed: Evaldo Gardenali
- Decision: Accepted.
- Action: Update board information.
- m20080229.7: Accept Stichting Oophaga Foundation in the Netherlands within Foundations Policy.
- Proposed: M-SC
- Decision: Accepted.
- Action: conditions are in Oophaga MoU (note cacert.nl domain name, ownership is CAcert, mngmnt is Oophaga). Completed.
- m20080229.8: Accept secure-u e.V. association in Germany within Foundation Policy.
- Proposed: Evaldo Gardenali
- Decision: in principle accepted but under MoU condition to be worked out via M-SC
Action: M-SC negotiates MoU with secure-u (ref cacert.de domain).
m20080229.9: Accept MoU with Ian Grigg for audit project work, totaling up to 36K euro.
- Proposed: M-SC
- Decision: Accepted (Guillaume accepted 24 hours later).
- Action: MoU V.05 is signed 3 March08. Project starts asap (Nld move), align security manual and other work.
m20080229.10: Accept technical arrangements for moving systems to NL lmanaged by Evaldo. Budget required: 4300 euro.
- Proposed: M-SC
- Decision: Accepted.
- Action: align with PG and Audit project. Budget falls under audit project.
- m20080229.11: Accept to have board more involved to bootstrap OA.
- proposed: Teus Hagen/M-SC
- Decission: Accepted.
- Action: OA policy change April 2008 defines OA and Board for help with OA Advisors and OAO appointments..
- m20080229.13: Accept update of CAcert organisation chart.
- Proposed: M-SC
- Decision: Accepted.
- Action: wiki on chart adjusted. Evaldo is in charge of and leading Cachaca project.
- m20080229.14: AGM arrangements: AGM id due on 7th of November 2008
- Proposed: Teus Hagen
- Decision: Accepted.
Action: call for board members, preparation of fin and board report, M-SC is asked for coordinating.
- m20080229.15: Accept membership of Thomas Widhalm, nominated by Gary Lee Adams and Nicholas Bebout
- Decision: Accepted.
- Action: add to membership list. Completed.
- m20080229.16: Budget arrangements for PW for travel/accomodation funding writing security manual within audit project.
- Proposal: Guillaume Rogmany
- Decision: withdrawn see m20090202.1.
Action: should go within audit project (Ian Grigg), but if needed come back on it. See also m20080229.7/8 decisions.
April 2008
- m20080403.1 association membership nominations
- nomination of Philipp Gühring by Guillaume Rogmany, seconded by Teus Hagen
- nomination of Sam Johnston by Teus Hagen, seconded by Robert Cruikshank
- Decision: Accepted
- Action: association membership inclusion.
- m20080408.1 organisation assurance application CWI, Amsterdam
- Organisation Assurance advisor Teus Hagen
- Decision: Accepted
- Action: add organisation assurance to Jack Jansen account by support.
m20080425.1 Approve CAcert Communication Policy (CCP) for email addresses in the cacert.org domain and PR publications.
The internal policy is not an audit policy requirement. It supports the internal communication structure (e.g. email:name@cacert.org) where CAcert Inc. is responsible for and needs to control.
- Votes: 4 Ayes
- Decision: accepted.
- Action: board / Management Sub-Committee decides applications.
May 2008
- m20080430.1 The DoB is needed in current CAcert operations and can not be omitted and take the responsibility in related to the EU DPA.
- Comment: Board will support and motivate exploration of alternatives for DoB taken up by CAcert Community.
- Votes: 3 Ayes, 1 Naye
- Decision: Accepted
- Action: exploration for alternative to DoB, Announcement and clearness of taken position.
- m20080422.3 Removal of copies of ID and identification number information from archives
- Comments: CAcert when it started in 2002 required that copies of ID's were archived for 7-10 years in the archives of CAcert or archives of CAcert Assurers. In a later instance CAcert required to take note of ID numbers and/or social security numbers of the individual. For privacy reasons both (copy of ID, personal numbers) were dropped. The CAcert Assurance Programme form states that the information should be kept 7-10 years. CAcert Inc. drops the requirements for copies of ID and personal numbers and decides to remove these information from the CAcert archives and requires the CAcert Assurers who are in position of that information to do the same. The information should be deleted with care.
- Copies of ID are not needed for operational purposes and are not compliant with European privacy Directive (EU DPA).
- Decision: Accepted
- Actions: delete paper and digital copies from archive; denote the action and decision in CAcert blog; ask CAcert Assurers to follow CAcert decision. Blog on DoB and Copy IS drop done as well board order to destroy them by operators/adminsitratores has been given in May 2008.
June 2008
- m20080604.1 Decide to add Philipp Dunkel to arbitrator/case manager list.
- Comment: Philipp is full assured, involved in policy and technical discussions. Involved with OA Austria sub-pol def. Not yet ass. member.
- Votes: 2 Ayes, 1 neutral, one vote pending.
- Decision: Accepted by chair decision.
- Action: 16 July 2008 added to arbiter/case mngr list.
- m20080608.1 Proposal to add Mendel Mobach as trainee for critical systems to core support and administration team.
- Comment: Philipp and Teus have interviewed him. Mendel is prospect and trained for critical system administration and based near CAcert Nld location.
- Votes: 2 Ayes, two votes pending.
- Decision: accepted pending on last interview. Accepted see m20081006.1 and m20090202.2
- Action: Philipp to train him for critical systems, Guillaume to interview him.
- m20080624.1 Proposal of May Plan: completion of rehosting services to Holland ending October 2008. May Plan V0.12.
- Comment: sub-team based in NL near ISP location in NL, first emergency small team, build up later full system admin team. Extent hosting Vienna hosting contract until November 2008.
- Votes: 3 Ayes, one vote pending.
- Decision: accepted.
- Action: kick off of actions as in Plan. Planning info is provided for control of progress.
- m20080628.1 Henrik Heigl asks for letter board for PR German press card.
- Comment: to be sync'd with Secure-U German activities on this. Secure-U is asked for comments and syncing activities.
- Votes: implicit Aye.
- Decision: accepted.
- Action: letter to be send by president to Henrik for PR CAcert activities in Germany.
July 2008
- m20080708.1 Proposal for increase to 50 experience points level for assurance event in Canberra 24th of July 2008 for Assurers Daniel Black and Graham Freeman.
- Votes: 3 Ayes, one vote pending.
- Decision: accepted.
- Action: notify Super Assurance manager and take administrative action (system admin team).
- m20080709.1 Proposal to transfer cacert domains from US registrar to Australian registrar.
- Votes: 3 Ayes, 1 pending.
- Decision: accepted.
- Action: transfer on completion of servers move to Nld to TTP Australia.
- m20080709.2 Proposal to add usb drive for backup to CAcert laptop with Evaldo.
- Votes: 3 Ayes, (one vote excluded).
- Decision: accepted.
- Action: allow Evaldo to order usb drive and CAcert pays bill.
- m20080709.3 Proposal for CAcert laptop for Cruikshank, treasurer board work.
- Should be in sync with pricing for Evaldo laptop. Lease arrangement is explored.
- Votes: 2 Ayes, 1 pending, (one vote excluded).
- Decision: accepted (chair balance).
- Action: Evaldo email info is failing on decisions. Lease/buy by Robert, bill to CAcert.
- m20080710.1 Sys admin critical systems should provide immediately clear emergency procedures for holiday times and off duty times for critical systems.
- Comment: procedures should be in security handbook, but this handbook is not yet finished.
- Votes: 3 Ayes, 1 pending.
- Decision: accepted.
- Action: Ask Philipp to notify board of emergency procedures.
- m20080710.2 have arrangement for critical system access and password to root keys at third party with disclosure instructions such that two signatures of board are required to disclose this information by the third party.
- Comment: board should not have personal access or be disclosed as board will change at times.
- Votes: 3 Ayes, 1 pending.
- Decision: accepted.
- Action: Instruct Philipp to make local arrangements. Local to location of critical systems.
August 2008
- m20080826.1 Appoint Teus Hagen as OA Assurer for Holland.
- Comment: Teus has done several OA Assurance advises for some years for Holland. Sam has ack'd the nomination.
- Votes: 2 Ayes, 1 neutral, 1 pending.
- Decision: accepted.
- Action: Instruct support to add Teus as OA Assurer.
- m20080826.2 Appoint Sam Johnston as general OA Assurer.
- Comment: tasks: appoint OA Assurers in Countries, perform operational OA admin on OA advises from Assurers, lead admin/documentation on OA, support OA education/challenge actions on CATS system. Reports to board on regular basis, OA assurance reports to board are mandated.
- Votes: 3 Ayes, 1 pending.
- Decision: accepted.
- Action: Get OA Assurances boosted.
- m20080829.1 Advise from general OA officer Sam Johnston to appoint Gerg Stark as OA officer for USA.
- Acked: 3 Ayes, 1 pending.
- Decision: no objection to appointment.
- Action: action by Sam, add to organisation chart.
September
- m20080901.1 Proposal for adjustments to May Plan: completion of rehosting of CAcert services to Holland by migration of last part of services in week of 1st of October 2008.
- Votes: 3 Ayes, 1 pending.
- Decision: accepted.
- Action: Philipp leads, detailed planning, review auditor, decisions on temporary stop services, transport data, stop services from Vienna, reissue CAcert Root Key.
m20080903.1 At the 30th of September 2008 CAcert will stop the CAcert web and signing servers in Vienna, located via Sonance with FunkFuer.
- Votes: 4 Ayes.
- Decision: accepted.
- Action: 30th Sept 2008: Proper (secure) action will be taken to transport data to Oophaga location in Holland. Transport by Philipp under surveillance of auditor of auditor.
- m20080903.2 The CAcert services will be stopped for a short (migration)period from 30th of September 2008 to 2nd of October.
- Comment: On event the delay may be extended a few days when web and signing servers are started from the Ede/Holland location according to the May Plan and adjustments to this plan. Sytems involved: www.cacert.org only.
- Votes: 4 Ayes.
- Decision: accepted.
- Action: give notice in time to CAcert Community.Technical arrangements for relocation of web services.
- m20080903.3 If auditor requires or advises a new Root Key for CAcert to be issued, this will take place as soon as appropriate.
- Comment: There is no reason to believe the Root key insecure (also ack'd by auditor). This will require presence of CAcert and Oophaga personal under surveillance of CAcert board and auditor.
- Votes: 4 Ayes
- Decision: accepted.
- Action: await advise auditor.
- m20080914.1 Ian, is asked to prepare audit preparations and negotiations for high level of CA validation: at least "old standard", class 3, "organisation validation" around EV.
- Comment: more as 2 years of preparations now. A hand full amount of volunteers working on this now full time. But criteria seem to be rather dynamic in time. For CAcert is eg Mozilla acceptation a high need.
- Votes: 3 Ayes, 1 pending.
- Decision: accepted.
- Action: clear description of validation and implications. Stepping plan and negotiation plan.
- m20080916.1 Proposal from Teus Hagen, seconded by Sam Johnston to include Philipp Dunkel as association member.
- Votes: 3 Ayes, 1 pending.
- Decision: Accepted.
- Action: membership fee payment.
October
- m20081006.1 To formaly appoint Wytze van der Raay and Mendel Mobach as critical system administrators for CAcert.
- Comments: both are experienced CAcert Assurers. Wytze will govern Mendel. Philipp will advise. Wytze will be on a temporary base.
- Votes: 3 Ayes, 1 pending.
- Decision: Accepted.
- Action: introduction to systems and security arrangements (CR-Day plan 1-3 Oct 2008), Conf. Agreements.
- m20081008.1 Motion to install Root Key Task Force CAcert Sub-Committee: task to have CAcert Root Key and 2 sub keys for assured members and for members certificate signing generated and installed by end of November 2008.
- Comments: sub-committee members: Guillaume Rogmany (steering the sub-committee), Teus Hagen, Philipp Gühring. Auditor Ian Grigg will advise and audit the process. This motion is a follow-up from the board decision to have a new Root Key generated and CR-Day October preparations.
- Votes: 3 Ayes, 1 pending.
- Decision: Accepted.
- Action: planning, procedures, fin. budget to board. Notices to membership. This action is taken up from CR-Day plannings and Root Key Generation procedures.
- m20081027.1 OA Assurer for the Netherlands appointment of Maurice Kellenaers by OA Officer Sam Johnston.
- Votes: no votes needed.
- Decision: acknowledged.
- Action: support can add OA Assurer menu to Maurice his account.
- m20081030.1 Accept association membership application of:
- Mario Lipinski (nominated by Evaldo Gardenali and Gary Lee Adams)
- Pete Stephenson (nominated by Gary Lee Adams and Guillaume Rogmany)
- Comment: acceptation could also be done on AGM 2008, hence it was on the agenda
- Votes: 4 Ayes
- Decision: accepted
- Action: notify the persons, make sure fees are paid.