[CA cert] Re: Termination of membership

["Christian Barmala" <christian.barmala AT gmx.net>]

Hi,

Several people approached me personally and some asked publicly about my
resignation, so I think I should send something to the list. First I like to
thank all those people who contacted me personally or via this list and
expressed their appreciation or trust in me.

Nathan Reilly:
> I hope this was not caused by the vote of  no confidence in the board at
the SGM.

I was very astonished how this topic came to the agenda, but this wasn't the
reason.

I planned my leave for some time, because I cannot maintain this level of
work in the future. I would have preferred however, to leave in better
times, i.e. after having contributed to the establishment of a non profit
community effort open source CA. I always promoted CAcert publicly as such
an organization, but the recent occurrences made me doubt whether I can
maintain this endorsement.

When I first became aware of CAcert I contacted Duane and among my first
questions was the same one that many of you have asked: "Is it open source?"
and Duane replied "this is up to the operating body if they wish to make it
open source... I don't consider it my property..." I relied on this promise,
and understood it as a temporary technical and legal issue that we didn't
open source it immediately. I even defended it as such. NLnet might have
based their decision to sponsor us on similar assumptions.

After we decided with a 3 votes + 1 abstain for open sourcing CAcert Duane
explicitly forbade us to open source his code and warned us not to break his
copyright. I felt hurt that Duane wanted to educate us about copyright,
while people from the community and the board helped him so much to overcome
HIS copyright issue in autumn 2003. This was also one of the reasons for
Adam's aggravated email, which Duane felt free to disclose. We all remained
disciplined and followed the moderator's request not to pour oil into the
flames, while Duane's statements remained uncontradicted. He also felt free
to announce policy changes without any vote of the board. Even though Adam's
statements were at times rude and exaggerated (I hope they actually WERE
exaggerated and don't turn out to be true), this is not how someone behaves
who really cares about privacy issues.

I always defended the fact that we had to make well considered compromises
between security, privacy and feasibility in technology and organization,
and I considered this to be a board decision (back then, we hardly had any
members, that were not board members). Therefore I was very surprised when
Duane seized the authority to decide which issues are important and have to
be handled strict and which issues can be handled deliberately.

Randolph Wilson wrote:
> Our votes have limited meaning, because possession is 9/10ths of the law.

The current situation is that Duane holds all the critical resources: The
domain name (c.f. http://www.gkg.net/whois/), the root cert, access to
the site, the root password. To my understanding these resources should
belong to the association and not to Duane. That's what we wanted to
change, and I cannot understand his legal concerns, since our meeting
minutes (http://article.gmane.org/gmane.comp.security.cacert/1186)
don't say "give everyone in the world access" but rather "prepare a policy".
You know the rest of the story.

I agree very much with Peter Reaper: "If this is to be a one-man-show, so be
it, but then don't elect a board." This reaffirmed for me that it's better
to leave.

 Calum Morrell wrote:
> ... use such a template resignation letter

There is no other template on the CAcert web site and being neither a native
English speaker nor a legal expert I considered this the best choice.

> I believe you know to "whom it may concern".

Duane doesn't know. He reminded us, that the notice had to be addressed to
the secretary and currently there is none. I think it's the association's
duty to find someone who accepts our resignation. The rules don't mention a
period where you aren't allowed to resign. And maybe we will discover that
my payment period doesn't match exactly my resignation period and that's
again a reason to refuse my resignation ... Should we really argue about
that? Wouldn't it have been more professional to simply reply with something
like "your resignation is accepted, there aren't any outstanding issues,
thank you for your contribution ... goodbye" either in personal words or in
standardized politeness.

Christian