CAcert System Admins discussion list

[<ulrich AT cacert.org>]

Dear Arbitration Participients,

Regarding Arbitration case a20090427.2
https://wiki.cacert.org/Arbitrations/a20090427.2

I'll today publish a recomendation "Solution I"
that has a couple of advantages, but needs to be accepted
by the teams first as a pre-step for the ruling in this case.

To your information:
There is a limitation set over the locations database set
             "for CAcert usage only"


== Discussion ==

Recomendation:

To move the authority over the locations database set
to the Software-Assessment team and turn the distribution
order from live system to the outside to
Software-Assessors to live system
a) Updates onto the Locations database can be tested
   thru the Software-Assessment team
b) Export requests can be handled by Software-Assessors
   authority

Advantages:
 * Requests from CAcert developers can be easily handled
   without first building a framework to handle this request
 * Updates to the locations database are under Software-Assessments Team
   authority and can follow the Software-Assessment procedures for updates
 * Updates can be send easily to connected CAcert developers update
receivers
 * recuring updates are no longer needed to be transfered from the
   critical system, as the main repository is under authority of the
   Software-Assessment team. Updates will be sent from Software-Assessment
   team to the critical system
 * Software-Assessment team is also under control of CAcert so the
locations
   database set is under control

CAcert developers can send a simple request to the Software-Assessment
team
to get the locations database for development purposes. Also other teams
of CAcert (Board, Arbitration, Infrastructure) can request a copy of the
locations database set for CAcert usage. The Software-Assessment team have
to
give notification to the requestor, that the database set can only be used
for CAcert purposes. No transfer to other projects, allowed.
The transfer format of the locations database set is not limited to
a special format. It can be transfered within an CAcert developers image,
as sql-dump or whatever else format.
The only limitation is, that the download links aren't publicy available
and access is secured, so that a requester needs download infos from
the Software-Assessment team by either Account/Password combination and/or
a hashkey URL and/or an ACL secured access point and/or a client cert
limited
access point thru one or more possible and applicable services (i.e. ftp,
http,
or other services)
An initial complete export from the critical system to the
Software-Assessment team is allowed to receive the current state of
the locations database set. Critical team and Software-Assessment team
have to deploy a transfer concept for the initial transfer.

----

please comment on the recomendation, if this is a usable
and acceptable solution

I want to get answers from:
 1. Claimant
  and the following teams:
 2. Software-Assessors
 3. Software-Assessment Project
 4. Critical Sysadmins

  and probably others to comment on
 5. board
 6. developers



--
mit freundlichen Gruessen / best regards
Ulrich Schroeter - CAcert Assurance Team Leader, CAcert Case Manager,
CAcert Arbitrator

CAcert.org - Free Certificates
E-Mail: 
ulrich AT cacert.org

Attachment: smime.p7s
Description: S/MIME cryptographic signature