Policy-Discussion

[<ulrich AT cacert.org>]

Hi,

hence the 6.5 addon

6.5 Mailing lists should be archived, and important meetings should be
minuted.
=> A record of decisions is to be maintained.

covers this list of decisions, its formal covered
the exact location is not needed here
consider, that there is still the
policy directory migration project running
to find a solution, that takes care about the
requirements and the proposals.

eg if a cms becomes applicable to move the
policies to, to handle wip, draft and policy documents
and that is also capable to store metadata
(eg this can include policy decisions related to
individual policies and also can be listed
in full)

One topic that did come in with SP and AP deployment
was the
1. wording in policy
2. deployment to practice in the guide, handbook, manual

For PoP we currently have no manual defined.
But a PoP guide is the proper location to
define such a link.


While walking through the CPS I'm stumbling repeated
over dupe definitions, or definitions that should
reside in another policy. Also Benedikt mentioned
a rework of the CPS, there is a slight chance that
also the policy decisions definition is somewhere
in the CPS defined ....
hold on ....
manuals, guides, handbooks are located by default
in the wiki ....
ah, yeah ...  have a look
into http://wiki.cacert.org/Policy

=:)


regards, uli   ;-)




-----Original Message-----
From: Alex Robertson 
[mailto:alex-uk AT cacert.org]
Sent: Monday, February 25, 2013 12:46 AM
To: 
cacert-policy AT lists.cacert.org
Subject: RE: PoP: easy linking - frontpage - main website ? ( RE: Vote on
p20130223 - Several minor changes to PoP to vote to DRAFT (was: improving
p20100306 - minor changes to PoP)=


I specified "easy to find" rather than requiring a direct link - there has
been a lot of arguments about how valid the changes published by this
group
are as they stand at the moment - they certainly mark the intent, but at
what point do they actually become policy - hence I perceive a need for an
easy to find link (direct or otherwise!) also possibly referencing the
decisions made here as well as the formal policy documents. The method
this
forum uses to record decisions is not referenced  anywhere as a formal
point
of change!

Alex


> -----Original Message-----
> From: Bernd Jantzen 
> [mailto:web AT bernd-jantzen.de]
> Sent: 24 February 2013 18:58
> To: 
> cacert-policy AT lists.cacert.org
> Subject: Re: PoP: easy linking - frontpage - main website ? ( RE: Vote
on
> p20130223 - Several minor changes to PoP to vote to DRAFT (was:
improving
> p20100306 - minor changes to PoP)=
>
> I would even say that already "published on the CAcert website" implies
that
> there is a (direct or indirect) link from the front page to the
document,
> otherwise it could not be called "published".
>
> Also I would not specify that there must be a (direct) link from the
front
page;
> this is not even realized now: There is a link "policies" which leads to
a
list of
> links to the policies. But there is no direct link.
>
> Best regards,
> Bernd
>
>
> ----- Original Nachricht -----
> Von: 
> ulrich AT cacert.org
> Gesendet: 24.02.2013
> An: 
> cacert-policy AT lists.cacert.org
> Betreff: PoP: easy linking - frontpage - main website  ? ( RE: Vote on
p20130223
> - Several minor changes to PoP to vote to DRAFT     (was: improving
p20100306
> - minor changes to PoP)=
>
>
> > Dear Alex,
> >
> > There are 3 essential requirement definitions:
> >  I. POLICY documents are published on the CAcert website  (under new
> > proposed PoP 5.4)
> > and
> >  II. All ... and documents should be open processes. (under PoP 6.1)
> > and
> >  III. Change control must be in place. (under new proposed PoP 5.4)
> >
> > II. implicates an easy access to the policy documents and III. defines
> > that there is a change control implemented
> >
> > While discovering several underlaying options to fullfil an "easy"
access
> > to the documents we have to consider following hints:
> > a. currently the main website is of one software package, the webdb
> >    the policy directoy is programmaticle incorporated into this
> >    webdb package so NOD
> > b. in software-audit by the spring 2009 software-camp a decision was
made
> >    to move forward with a new software called -> BirdShack project
> >    The first design concept bans any text/docu implementations
> >    within this new critical system
> >    The potential solution here is a framework (eg a CMS system)
> >    that allows access to documents, but is no longer part of the
> >    "critical" software maybe it can be compared to a bank online
access.
> >    The landing page is a CMS system or old style website
> >    that also includes a link into the "critical" section,
> >    the online-banking access
> >
> > With the "simple" requirements definitions (I-III), I think we give
> > enough room to the software developers or system implementers
> > to deploy a solution that fits to the requirements given.
> >
> > There are still other restrictions by certificate(s) usage
> > that prevents an absolute move of the policy directory
> > that is the policy link in the root certificate
> > => http://www.cacert.org/index.php?id=10
> > and CPS 7.1.6. Certificate policy object identifier
> >
> > Whatever underlaying solution will be implemented
> > (linking, automatic redirection), it has to follow
> > the I-III definitions
> >
> > From my PoV, the addition is still covered by
> > definitions I-III
> >
> >
> > What do other people think ?
> >
> >
> > regards, uli   ;-)
> >
> > -----Original Message-----
> > From: Alex Robertson 
> > [mailto:alex-uk AT cacert.org]
> > Sent: Sunday, February 24, 2013 12:26 AM
> > To: 
> > cacert-policy AT lists.cacert.org
> > Subject: RE: Vote on p20130223 - Several minor changes to PoP to vote
to
> > DRAFT (was: improving p20100306 - minor changes to PoP)
> >
> >
> >> -----Original Message-----
> >> From: 
> >> ulrich AT cacert.org
> >>  
> >> [mailto:ulrich AT cacert.org]
> >>     adding:
> >>      ............................................................
> >>      5.4 POLICY documents are published on the CAcert website
> >>          in plain HTML. Change control must be in place.
> >>      ............................................................
> >
> > Perhaps a slight change here ....
> >
> >>      5.4 POLICY documents are published on the CAcert website
> >>          in plain HTML with an easy to find link from the front page
of
> >>         the main website. Change control must be in place.
> >
> > Regards
> >
> > Alex
> >

Attachment: smime.p7s
Description: S/MIME cryptographic signature