Policy-Discussion

[Ian G <iang AT cacert.org>]

On 13/01/2010 10:02, Daniel Black wrote:
> I therefore propose: "CAcert stops issuing Class3 certificates."


What some may have missed is that in this traffic, Daniel is asking for 
a formal vote by policy group.  This is recorded in the decisions page:

https://wiki.cacert.org/PolicyDecisions


> Who's in favour of this?
>
> Who's not and why?


NAYE.

1.  there are users of this service and there is no "impact" assessment 
to them.

2.  the proposal is based on confused information not analysis.  E.g., 
have a look at these three links, and tell us whether you can conclude 
that stopping class 3 is what is wanted, or not?

https://lists.cacert.org/wws/arc/cacert-sysadm/2010-01/msg00040.html
https://lists.cacert.org/wws/arc/cacert-sysadm/2010-01/msg00036.html
http://wiki.cacert.org/Brain/Study/Bug665

3.  this vote is over-reaching:  there are detailed SP and CPS issues to 
take into account.  Policy group's job is to write the SP and CPS 
policies that affect this, and then hand it over to the teams to 
implement, via board.  If this vote goes through, it is an empty 
decision because the SP / CPS still need to be done.  The teams follow 
the CPS / SP.

4.  there is a far better path IMO:  follow the New Roots path properly 
and be done with it (or just implement the 2008 roots for the next year 
if we need a fast solution, it's probably less work anyway).

5.  Any path requires resources.  These resources need to be built up 
anyway, and are in the process of being built up.  In this new year of 
2010 we will see the complete restructuring of the software teams, as 
we've seen in the past years complete restructuring of the Critical 
Sysadm team, the Support team, and also infrastructure and arbitration 
teams.  Once this is done, we will have more resources, more room, more 
freedom to do all the work that is needed here.

Without resources, we're pissing into the wind.  'scuse the language. 
It doesn't matter what we *decide* we won't get anything done without 
the resources to implement it.  For example, we "decided" to do an 
audit, which requires CCA to be rolled out.  This is still an open 
project with only partial completion:

https://wiki.cacert.org/Brain/Study/COrbitCA

Why?  resources.  Remember what Ballmer said?  "Developers developers 
developers."  For CAcert, it's the time to pray at the Church of 
Ballmer.  "Developers, developers, developers."



iang

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature