Skip to Content.
Sympa Menu

cacert-policy - Re: CPS changes in context of HoP proposal

Subject: Policy-Discussion

List archive

Re: CPS changes in context of HoP proposal


Chronological Thread 
  • From: Karl-Heinz Gödderz <CAcert AT GuKK-Online.de>
  • To: cacert-policy AT lists.cacert.org
  • Subject: Re: CPS changes in context of HoP proposal
  • Date: Tue, 23 May 2017 09:23:48 +0200

 some questions



Am 12.02.2017 um 22:15 schrieb Eva Stöwe:

CPS 1.3
"The CA is legally operated by CAcert Incorporated, an Association registered in 2002 in New South Wales, Australia, on behalf of the wider Community of Members of CAcert. The Association details are at the CAcert wiki.

CAcert is a Community formed of Members who agree to the CAcert Community Agreement. The CA is technically operated by the Community, under the direction of the Board of CAcert Incorporated. (The Members of the Community are not to be confused with the Association Members, which latter are not referred to anywhere in this CPS.)"

to

"The CA is legally operated by the Legal Entities named in the CAcert Communtiy Agreement ("CCA" => COD9), on behalf of the wider Community of Members of CAcert. The Legal Entity details are at the CAcert wiki.

CAcert is a Community formed of Members who agree to the CAcert Community Agreement. The CA is technically operated by the Community, managed by the Cabinet under the direction of the Legal Entities based on the CAcert policies."

alternatively:

"The CA is legally operated by the Legal Entities named in the CAcert Communtiy Agreement ("CCA" => COD9) at last edit of CPS this is CAcert Incorporated, an Association registered in 2002 in New South Wales, Australia, on behalf of the wider Community of Members of CAcert. The Legal Entity details are at the CAcert wiki.

CAcert is a Community formed of Members who agree to the CAcert Community Agreement. The CA is technically operated by the Community, managed by the Cabinet under the direction of the Legal Entities based on the CAcert policies."


is it really so that cabinet manages under the direction of the legal entities
or should not the legal entities manage under the direction of the cabinet?

CPS 3.1.7. last sentence
"The CAcert Inc. Board has the authority to decide to add or remove accepted TLD Registrars on this list."

to

I would prefer that version

"The Cabinet in agreement with the Legal Entities has the authority to add or remove accepted TLD Registrars on this list."


CPS 8.3 last paragraph
"An Auditor may convene an audit team. The same restrictions apply in general to all members of the team, but may be varied. Any deviations must be documented and approved by the CAcert Inc. Board."

to

"An Auditor may convene an audit team. The same restrictions apply in general to all members of the team, but may be varied. Any deviations must be documented and approved by the Arbitrator."

- replacing "CAcert Inc. Board" by "Arbitrator"

ATTENTION: By this the authority would be moved into judiciary area and out of control from executive area.
Two reasons:
a) Executive probably has quite some interest in such deviations as they want to see progress.
b) Other controls over security are under the oversight of arbitration as well. Especially if it is about requirements for access to roles. The assignment to the role as such would then be again with the according team (auditor). Which looks much more like other processes we have for other teams.



CPS 8.5 second paragraph
"Auditor may issue directives instructing changes, where essential to audit success or other extreme situations. Directives should be grounded on criteria, on established minimum or safe practices, or clearly described logic. Adequate discussion with Community (e.g., CAcert Inc. Board and with Policy Group) should precede any directive. They should be presented to the same standard as the criteria, above."

by

"Auditor may issue directives instructing changes, where essential to audit success or other extreme situations. Directives should be grounded on criteria, on established minimum or safe practices, or clearly described logic. Adequate discussion with Community (e.g., Cabinet and with Policy Group) should precede any directive. They should be presented to the same standard as the criteria, above."

- replacing "CAcert Inc. Board" by "Cabinet"

We could consider to also add the Legal Entities, but it's sensible to assume that affected LEs would be informed, anyway. The relevant part is probably that the community authorities get involved. Especially as they are likely to be those who will have to do something.


CPS 9.5.2.
"The brand of CAcert is made up of its logo, name, trademark, service marks, etc. Use of the brand is strictly limited by the Board, and permission is required. See m20070917.5."

by

"The brand of CAcert is made up of its logo, name, trademark, service marks, etc. Use of the brand is strictly limited by the Cabinet, and permission is required. See m20070917.5."

- replacing "Board" by "Cabinet"

However I believe there was some "recent" board activity on that question (end of 2015 before new board was elected, if I remember correctly). Maybe we should look up that development, first.

Also we should consider if this is a sensible approach as well. Maybe it would make sense to allow it for use at events or the like as well. It is somewhat stupid to not being allowed to show a logo in a talk for example. Especially as anything else (according to CCA) is under a much more open license.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature



  • Re: CPS changes in context of HoP proposal, Karl-Heinz Gödderz, 05/23/2017

Archive powered by MHonArc 2.6.18.

Top of Page