Policy-Discussion

[Peter Williams <home_pw AT msn.com>]

Given the record, that little change  raises questions of whether the security policy is improperly be used for matters  properly addressed through changes to the cps.

The cps is where one argues politics, and engages in social engineering relevant to 2020..The sp had to be purely objective, designed only to measure compliance to a 1930s design-era procedural control system. 

On Mar 31, 2010, at 8:55 AM, Philipp Dunkel <p.dunkel AT cacert.org> wrote:

Hi all,

you will have indubitably noticed the veto of the CAcert Inc. board of the Security Policy.

In order to remedy the situation I would like to propose the following change to the WIP Security Policy:

alter 9.1.4.2 to read:

• 9.1.4.2. Coverage
• A background check is to be done for all critical roles. The background check should be done on all of:
  • Systems Administrator
  • Access Engineers
  • Software Assessor (including Application Engineer)
  • Support Engineer
  • Boardmembers that wish to part-take in decisions on granting access to data or other sensitive resources

this little change would give CAcert Inc. Board Members a choice of either undergoing a background check like every other security sensitive position, or alternatively not part-taking in certain decisions made by CAcert Inc. Due to the fact that it is now up to each member individually, and the CAcert Inc. membership is now free to vote anyone they choose onto the CAcert Inc. Board, the reason given for the veto would be remedied.

I would like to get a discussion on this started and see whether we can remedy the Security Policy and move it back into DRAFT. So please all take part and be merry.

Regards, Philipp