CAcert Code Development list.

["dirk astrath" <dastrath AT gmx.de>]

hiya ian,

> > (e.g. without acceptance of CCA you will not be able to generate
> > certificates/assure/...
> right.  It sounds like a good feature, I'm just not sure where it would be 
> used;  where would we record that the member DID NOT agree?  It will come 
> up one day, I'm sure.  But we can probably leave it until then?

however ... it's no problem to add an additional field in the database now 
... unsure, if it's used later ... ;-)

> > hm ... this (maybe) brings up a problem ...
> > ... now you have to check all checkboxes to key in an assurance ... who
> > ensures, that the 'applicant accepted cca' is not set faulty?
> The Assurer can be relied upon to correctly click on the "applicant 
> accepted CCA" box when completing the assurance.  It's his job!  And he 
> has the evidence of the CCA form, and this will reinforce the need for him 
> to do it.

correct ... but most other things at cacert rely on a minimum of three 
assurers.

image, somebody (not knowing about the cca-clause) sets this checkbox, 
because he knows 'i have to check all boxes, otherwise i can't enter the 
data into the system' ... using this, he prohibits other assurers to set 
this flag according to their cap-forms ... ;-(

(maybe it's better to check the database, if the applicant accepted the cca 
'active' by using a cca-'protected' function or at least 3 times with 
assurances)

> Maybe it is a good idea to have the "applicant agreed" checkbox there, and 
> compulsorily ticked already.  Then, in 6 months time, change it so that it 
> has to be checked by the assurer for the assurance to pass.

no ... it should NOT be checked ... since then you (as an assurer) don't 
think about the sence ... ;-(

> I do agree that there should be a checkbox for both applicant and for 
> assurer.  But I also agree that the forms should be symmetrical, and we 
> should move to mutual assurance ... hint hint ... but rome wasn't built in 
> a day.

;-) ... sure ... as i wrote to ted ... let's do a practical thing first ... 
and the enhance it ... ;-)

> Right.  Also, we are likely moving more towards certificate accesses.

hm ... this is a thing i don't like ... i log in to cacert from three 
machines (two @home, one @work) ... i will NEVER install a certificate to 
log in to cacert on the machine @work ... and i don't like it to do from my 
notebook (image, somebody steals it while it is switched on ... are you 
sure, the operating system is safe while running the screen-saver?)

> > ... and ... if you don't want to agree to the cca and use the webform to
> > write to support to get your account deleted ... you would not be able
> > to do it, if you don't agree to the cca ... ;-(
> hypothetically, that is a possibility in theory.

there is an arbitration case, where somebody wants his account to be 
removed, but explicitely does not agree to the cca ...

have a nice day ...