Policy-Discussion

[Bernd Jantzen <web AT bernd-jantzen.de>]

I would even say that already "published on the CAcert website" implies that 
there is a (direct or indirect) link from the front page to the document, 
otherwise it could not be called "published".

Also I would not specify that there must be a (direct) link from the front 
page; this is not even realized now: There is a link "policies" which leads 
to a list of links to the policies. But there is no direct link.

Best regards,
Bernd


----- Original Nachricht -----
Von: 
ulrich AT cacert.org
Gesendet: 24.02.2013
An: 
cacert-policy AT lists.cacert.org
Betreff: PoP: easy linking - frontpage - main website  ? ( RE: Vote on 
p20130223 - Several minor changes to PoP to vote to DRAFT     (was: improving 
p20100306 - minor changes to PoP)=


> Dear Alex,
> 
> There are 3 essential requirement definitions:
>  I. POLICY documents are published on the CAcert website  (under new
> proposed PoP 5.4)
> and
>  II. All ... and documents should be open processes. (under PoP 6.1)
> and
>  III. Change control must be in place. (under new proposed PoP 5.4)
> 
> II. implicates an easy access to the policy documents and III. defines
> that there is a change control implemented
> 
> While discovering several underlaying options to fullfil an "easy" access
> to the documents we have to consider following hints:
> a. currently the main website is of one software package, the webdb
>    the policy directoy is programmaticle incorporated into this
>    webdb package so NOD
> b. in software-audit by the spring 2009 software-camp a decision was made
>    to move forward with a new software called -> BirdShack project
>    The first design concept bans any text/docu implementations
>    within this new critical system
>    The potential solution here is a framework (eg a CMS system)
>    that allows access to documents, but is no longer part of the
>    "critical" software maybe it can be compared to a bank online access.
>    The landing page is a CMS system or old style website
>    that also includes a link into the "critical" section,
>    the online-banking access
> 
> With the "simple" requirements definitions (I-III), I think we give
> enough room to the software developers or system implementers
> to deploy a solution that fits to the requirements given.
> 
> There are still other restrictions by certificate(s) usage
> that prevents an absolute move of the policy directory
> that is the policy link in the root certificate
> => http://www.cacert.org/index.php?id=10
> and CPS 7.1.6. Certificate policy object identifier
> 
> Whatever underlaying solution will be implemented
> (linking, automatic redirection), it has to follow
> the I-III definitions
> 
> From my PoV, the addition is still covered by
> definitions I-III
> 
> 
> What do other people think ?
> 
> 
> regards, uli   ;-)
> 
> -----Original Message-----
> From: Alex Robertson 
> [mailto:alex-uk AT cacert.org]
> Sent: Sunday, February 24, 2013 12:26 AM
> To: 
> cacert-policy AT lists.cacert.org
> Subject: RE: Vote on p20130223 - Several minor changes to PoP to vote to
> DRAFT (was: improving p20100306 - minor changes to PoP)
> 
> 
>> -----Original Message-----
>> From: 
>> ulrich AT cacert.org
>>  
>> [mailto:ulrich AT cacert.org]
>>     adding:
>>      ............................................................
>>      5.4 POLICY documents are published on the CAcert website
>>          in plain HTML. Change control must be in place.
>>      ............................................................
> 
> Perhaps a slight change here ....
> 
>>      5.4 POLICY documents are published on the CAcert website
>>          in plain HTML with an easy to find link from the front page of
>>         the main website. Change control must be in place.
> 
> Regards
> 
> Alex
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature