Subject: Policy-Discussion
List archive
- From: Michael Tänzer <michael.taenzer AT cacert.org>
- To: cacert-policy AT lists.cacert.org
- Subject: Re: SP => POLICY?
- Date: Sat, 27 Mar 2010 03:24:50 +0100
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
- Openpgp: id=9940BEF1
Hello,
Ian G schrieb:
> 1. Keep SP in DRAFT for another period, and
> re-work those BLUE sections.
I vote for this option.
My concern: violation of separation of concerns principle by Application
Engineer being not exclusive with Software Assessors and being managed
by the Software Assessment t/l.
I like the introduction of this role in general though, I just feel that
Application Engineers should formally belong to the System Admin Team
and not be exclusive with System Admins. Reasoning:
* Solves the separation of concerns violation (all patches go through
Software Assessment and Sysadmin)
* Installing a new version of a software is an adminlike task
* Keep people with critical system access in as few places as possible,
Admins have the required skills to move in a critical system without
breaking something, this might not be the case for Software Assessors
Something from another area:
The table under 3.4.2 states that all Sysadmins are included in the
Support Access List and that the list is controlled by the
administration team leader. My wild guess is, that this list is the
Admin flag in the database which allows for special functions (password
reset, etc.) in the web interface (hell, if even I'm not sure who should
be?).
Maybe I'm biased but I think System Administrators should have no access
to these functions, they should be restricted to Support Engineers.
Apart from the fact that the System Administrators don't care about the
data in the live system (except when an SQL query is requested by an
arbitrator) they should be denied access to it (well if they really
wanted to have access they could just make an SQL query but that would
at least be against SP).
I therefore propose to delete the sentence "includes by default all
systems administrators" in the relationship column.
As with CAcerts growth it's user data becomes more and more valuable so
maybe even replace it with the sentence "exclusive with Access Engineers
and Systems Administrators".
Also the words "systems administration team leader" in the row "Support
Access List" should be replaced by "Support Team Leader".
Cheers,
--
Michael Tänzer
CAcert Support Team Leader
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Re: SP => POLICY?, (continued)
- Re: SP => POLICY?, Mario Lipinski, 03/27/2010
- Re: SP => POLICY?, Ian G, 03/27/2010
- Re: SP => POLICY?, Mark Lipscombe, 03/27/2010
- Whether the Association is under PoP, Ian G, 03/27/2010
- Re: SP => POLICY?, Mark Lipscombe, 03/27/2010
- Re: SP => POLICY?, Ian G, 03/27/2010
- Re: SP => POLICY? (board background checks + outsourcing), Daniel Black, 03/27/2010
- Re: SP => POLICY?, Mark Lipscombe, 03/27/2010
- Re: SP => POLICY? - board background checks - veto motion m20100327.2, Daniel Black, 03/27/2010
- Re: SP => POLICY?, Ian G, 03/26/2010
- RE: SP => POLICY?, ulrich, 03/26/2010
- Re: SP => POLICY?, Faramir, 03/27/2010
- Re: SP => POLICY?, Michael Tänzer, 03/27/2010
- Re: SP => POLICY?, Nathan Edward Tuggy, 03/27/2010
- Re: SP => POLICY?, Lambert Hofstra, 03/27/2010
- Re: SP => POLICY?, Mario Lipinski, 03/27/2010
Archive powered by MHonArc 2.6.16.