Policy-Discussion

[<ulrich AT cacert.org>]

Dear Alex,

There are 3 essential requirement definitions:
 I. POLICY documents are published on the CAcert website  (under new
proposed PoP 5.4)
and
 II. All ... and documents should be open processes. (under PoP 6.1)
and
 III. Change control must be in place. (under new proposed PoP 5.4)

II. implicates an easy access to the policy documents and III. defines
that there is a change control implemented

While discovering several underlaying options to fullfil an "easy" access
to the documents we have to consider following hints:
a. currently the main website is of one software package, the webdb
   the policy directoy is programmaticle incorporated into this
   webdb package so NOD
b. in software-audit by the spring 2009 software-camp a decision was made
   to move forward with a new software called -> BirdShack project
   The first design concept bans any text/docu implementations
   within this new critical system
   The potential solution here is a framework (eg a CMS system)
   that allows access to documents, but is no longer part of the
   "critical" software maybe it can be compared to a bank online access.
   The landing page is a CMS system or old style website
   that also includes a link into the "critical" section,
   the online-banking access

With the "simple" requirements definitions (I-III), I think we give
enough room to the software developers or system implementers
to deploy a solution that fits to the requirements given.

There are still other restrictions by certificate(s) usage
that prevents an absolute move of the policy directory
that is the policy link in the root certificate
=> http://www.cacert.org/index.php?id=10
and CPS 7.1.6. Certificate policy object identifier

Whatever underlaying solution will be implemented
(linking, automatic redirection), it has to follow
the I-III definitions

From my PoV, the addition is still covered by
definitions I-III


What do other people think ?


regards, uli   ;-)

-----Original Message-----
From: Alex Robertson 
[mailto:alex-uk AT cacert.org]
Sent: Sunday, February 24, 2013 12:26 AM
To: 
cacert-policy AT lists.cacert.org
Subject: RE: Vote on p20130223 - Several minor changes to PoP to vote to
DRAFT (was: improving p20100306 - minor changes to PoP)


> -----Original Message-----
> From: 
> ulrich AT cacert.org
>  
> [mailto:ulrich AT cacert.org]
>     adding:
>      ............................................................
>      5.4 POLICY documents are published on the CAcert website
>          in plain HTML. Change control must be in place.
>      ............................................................

Perhaps a slight change here ....

>      5.4 POLICY documents are published on the CAcert website
>          in plain HTML with an easy to find link from the front page of
>         the main website. Change control must be in place.

Regards

Alex

Attachment: smime.p7s
Description: S/MIME cryptographic signature