Skip to Content.
Sympa Menu

cacert-de - Re: Resignation from all positions in CAcert

Subject: Deutschsprachige CAcert Support Liste

List archive

Re: Resignation from all positions in CAcert

Chronological Thread 
  • From: Michael Tänzer <michael.taenzer AT>
  • To: Dominik George < AT>
  • Cc: cacert AT, Support Team <cacert-se AT>, cacert-de AT
  • Subject: Re: Resignation from all positions in CAcert
  • Date: Wed, 26 Mar 2014 20:12:33 +0100
  • Openpgp: id=E53B124B

Hi Nik,

On 23.03.2014 10:51, Dominik George wrote:
> I herby officially resign from the following positions inside CAcert:

Thank you for the work you invested in CAcert in the past. Although we
probably didn't agree in a lot of our conclusions, I respect your
decision and hope the best for your future.

> 1. The main reason is that another project of mine has grown so large
> that I do not have the time to care for CAcert anymore.

I sincerely wish you good luck with that project.

> 2. Then, as anyone can see, CAcert is hardly worth the effort nowadays.
> The CA is dead, as has been formalised by the Debian's removal (and
> the given reasons for that) of the root certificates. CAcert is dead.

I don't agree with that statement. CAcert always had the problem that it
wasn't distributed by default. That Debian shipped our certificate
anyway was a huge favour they did to us because of the similar interests
of the projects. I don't think something fundamentally changed in our
relation between the projects recently and I'm therefore very sorry that
they stopped shipping the root but I see it more like they are stopping
a favour to us, not that they declare that CAcert is dead. That CAcert
is not dead is further underlined by the discussion that followed the
decision. What I think is more dramatic is that Ubuntu removed the
certificate in a security update which (in my eyes unnecessarily)
damages our reputation because users don't read up on the context, they
only see the changelog.

That's the view from Debian on CAcert, but what's even more important is
the inside view on CAcert. There I do see some movement, more movement
than in some times in the past. CAcert has the problem, that in order to
attract more active people it has to be useful, and in order to be
useful (aka in the browsers) a lot of work is required – a classic
chicken/egg situation. In the beginning years CAcert had a phase where
it had some impact but somehow the impact wasn't used or wasn't big
enough to produce a system that matched the requirements for an
auditable CA. Instead CAcert just stumbled into an audit it wasn't ready
for and failed. Now the impact is gone and it's a Sisyphean task to get
CAcert into an audit-ready state. One problem is that while doing that
we need to maintain the ongoing operation of the current CA in order to
keep our community. That makes a lot of tasks harder. Each code change
needs to be reviewed, changes of procedures run by the policy group,
each glitch detected referred to Arbitration. This ties up a lot of
resources. I sometimes thought about whether it wasn't easier to fork
the project, to make the much needed changes easier and restart, but
that would mean to loose CAcert's biggest asset, the web of trust. So
yes the progress is slower than desirable and sometimes it's hard to see
it at all but that's to be expected in our situation.

Now what progress did we have? On the organisation side we are finally
on a good track to move CAcert Inc. from Australia to Europe which
removes some overhead we had to deal with there. Arbitration has seen
some new people so cases are now being handled in a timely fashion
again. Software is fixing more and more bugs in the existing code and is
moving to completely replace some of the quirky parts. We have set up
and filled the position for the internal Auditor so we can review our
own processes an have confidence that everything is in good shape before
we try another external audit. So things do move but we can't expect
miracles. It doesn't work without people putting efforts into the project.

> 3. Dealing with significant parts of the community has become a PITA.
> Well, it always has been, but quite a few mails I had to read proved
> that the annoyance here won't stop growing.

Yes in a project like this there are some people who can work together
and some it seems just can't. Usually working towards the same goal can
help that people put aside their differences and work together but
sometimes that becomes too much of a burden. These social problems are
bigger in a community like CAcert where there are a lot of people who,
well let's say, are not especially qualified for their social abilities,
and that solely relies on textual, non-personal communication which
makes misunderstandings, grudges, word-picking worse. Those observations
are however not limited to "other people", they also apply to you and
me. One has to ask oneself "Was it the other part who is making an ass
out of him/herself or am I contributing to that behaviour?"

Michael Tänzer

Attachment: signature.asc
Description: OpenPGP digital signature

Archive powered by MHonArc 2.6.18.

Top of Page