Policy-Discussion

[Ian G <iang AT cacert.org>]

On 27/01/2010 10:28, Nathan Tuggy wrote:
> On 2010-01-16 06:35, Andreas Bürki wrote:
> > Gero Treuner schrieb:
> > > > (but I don't really know whether I have a vote).
> > In my humble understanding is, according to PoP, 2. Basic Model [1],
> > everybody subscribed to this e-mail list
> > (cacert-policy AT lists.cacert.org)
> >  is allowed to vote as a consequence of
> > the model of "Rough Consensus". Means you, Gero too.
>
> This sounds really fascinating -- actually, rather heady -- but also a
> bit dangerous. Is this really how it works? Is it this, uh, easy?


Yes, it is how it works!  In practice, when something contentious comes 
along, lots of people bail in and even up the debate.


> I assumed when I subscribed I'd just basically be in read-only or at
> best discussion-only mode -- like amicus curiae or something similar --
> not that my opinions and considerations could be binding!

No, not quite.  Your votes aren't binding, your votes feed into polices 
that become binding.  In order to get to that step, you'll find it is a 
lot more work than just voting.  But here's a trial run:  Have a look at 
this:

https://svn.cacert.org/CAcert/Policies/PolicyOnJuniorAssurersMembers.html

If you like that, vote AYE.  If you dislike it, vote NAYE.  You can see 
that there is some contention here:

https://wiki.cacert.org/PolicyDecisions#p20100119

And plenty of others there too.


> Anyway, I'd appreciate it if someone could confirm this. Maybe I should
> go take a look at IETF again....


Confirmed.

( I think in the future we might impose some more checks & balances. 
One day someone might write a website like the board's voting tool, and 
that will likely require a client cert, which will at least impose the 
restriction at technical levels of being a CAcert member :)


> > [1]
> > http://wiki.cacert.org/Brain/PoliciesAndSignificantTechnicalStandards/PolicyOnPolicy#A2._Basic_Model

Just on that, the policy is really here:

http://www.cacert.org/policy/PolicyOnPolicy.php

The random copying of documents around is fine for non-policy documents, 
but for policies that are relied upon in Arbitration, this can cause 
complications.  It's also a very sticky audit issue.  Therefore the 
general rule is that policies once POLICY go onto the main website in 
one place, all links point to there, and any other copies are clearly 
working-purposes-only.

Also, see the CCS (work-in-progress) here:
https://svn.cacert.org/CAcert/Policies/ConfigurationControlSpecification.html

That is a controlling document, but is in the policy queue for 
consideration, still WIP.  Audit wants it done.

iang

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature