On the occasion of Fosdem 2010 in Brussels, we got together to plan out the year for Assurance. This is the meetings minutes and also notes on the event itself.
Previous meetings: Munich 20090517 and Hamburg 20091215 . Planning: Events Page.
Present for co-auditing meeting: Iang, Ulrich, Joost, Dirk.
Also in vicinity, involved in talks: Walter (Events), Wolfgang (Support).
Assurers Present at Fosdem: Doris, Martin (CM), Marty (Support), Dominik (Support), Nikolas, Alexander B, Hendrik, Raoul, a few additional assurers who turned up for the Assurance Party.
Also present, from sidux and mandriva teams: Magnus and Wolfgang.
Photos: Walter, Doris, Iang.
Estimated sponsored cost of the meeting: € 400 As the costs were also attributed to the entire Fosdem event, it is difficult to estimate precisely the additional costs of this meeting. Fosdem costs include these as rough estimates:
Type | € | Who, Comments |
Accom | 1020 | 12 pax * € 85 * 2 nights / 2 each room |
event dinner | 300 | Sunday |
hotel bar | 70 | saturday night beers |
Sunday dinner | 30 | doris |
lunch x 3 | 10 | Sunday |
petrol from FRA | 70 | Ulrich, Iang, Doris, Nikolas |
train wien to FRA | 218 | Doris, Iang |
trains DE | 400 | 10 pax x 40 |
misc | 40 | phone + semmel + semmel |
Accom | 0 | Sunday night, 5, near Essen |
| ||
Total | € 2228 | Estimated Floor only |
per Assurer | € 150 | 15 Assurers |
per Assurance | € 4 | 500-700 CAP forms |
There are probably more costs, not recorded above.
Tasks & Agenda for coming weeks.
Under control. Ulrich got the booth from Linux New Media with help from Alexander Bahlo. 10 Assurers listed over the week. Tickets being chased.
Accomodation booked so far: 3 double, 1 triple (full), 1 additional double is probably open/available.
Someone to be the on-ground coordinator is needed. Currently listed as u60, but this should change ⇒ Joost.
It seems clear that a lot of work has been done over the last year, and more is being planned. This has led to some suggestions as to team changes. It is proposed that Ulrich take on the Assurance Officer role. Sebastian has had less time over the last year, but may be interested in taking on something like the German Events role.
Walter Güldenberg has recently been doing a lot of work with CAcert events, at least back to June 2009, including Linuxtag Berlin, froscon, software freedom day HH (probably) Kieler Linux and Open Source Tage, Open Rhein Ruhr and this Fosdem. Did the organisation for 6. Brandenburger Linux-Infotag 2009 (contacts, did the preliminary-work). Was also at Hamburg Assurance MiniTOP and the Essen Software MiniTOP. As he is already doing a lot of work on sidux events.
Based on his experience in events, it is proposed that Walter take over the Events Team Leader role. Ulrich and Iang interviewed him and his response is positive, but not until April as his heavy business period is always Jan-Feb-Mar. This is no problem as it will take time for a transition anyway.
This would see the events team with Walter, Ulrich, Sebastian, and also supported by regulars Joost and Dirk.
The Assurance team would then be Ulrich, including all the above, and also Mario and Ted.
Iang presented a 15 minutes Lightning Talk at Fosdem 2010 on "Client Certificates - the Old-New Thing." See Notes on wiki. Slides in ODP form and PDF form. Video is supposed to be coming. Joost took video? See the wiki page on Client Certs for more on the general topic.
Talk was well attended. Immediately followed by Assurance Party, also co-timed with the famous PGP Key-signing Party which caused immense confusion but was eventually sorted out by banning the PGPers into the siberian wastelands of the street in front. Our Assurance Party worked out well, the formula is to have assurers in rows 1,3,5, etc, approximately 5 each row, and then the Members slide in rows 0,2,4 seeking their assurances. 2 hours worth of Assurances, less crowded than last year (probably because we had a busy booth this year).
Engineers:
Triage: bringing in Dominik. Joost is up to speed. Need more.
There are some issues with OTRS, it is hard to get into. Should look at some sort of training there. Need to update fiddle questions.
On request, Interviews were conducted on Joost and Markus. Iang as interviewer, Ulrich as assistant. These are to be typed up and provided to the Arbitrator of each case. Time did not permit an interview of Dirk.
Several paths: Assurance and Software. Push is on to attract more foreigners to help with Assurance spread, and to run ATEs. Use the ATEs to find programmers.
Last year, many assurers attended ATEs who have the familiarity and are active users ... versus members who just want certificates. Former group is pre-filtered for enthusiasm. ATEs generally are run on the week-day evenings, the Assurers are people who have evenings available not weekends.
But software development is a completely different path. They tend to know much less than CAcert, need a task/project, weekends are available. Chicken-egg problem. henne-ei problem.
Karlsberg / mozilla connection (no notes).
Contact with Marco C., from Koan s.a.s, Milan. May be able to talk to Universities about ATEs. Not between Mid-June and October in Italy. Events Team Leader to pursue.
Specialists in embedded systems, works with partner company in Wien (supplies ARMs). Interested in any embedded projects like Possum. Introduce. Sees it as a student possibility.
We had a good conversation with the EJBCA crew from PrimeKey in Sweden. Curiously, they predicted some of our observations on their CA code. 6-7 programmers, total company is around 16.
One of the most interesting things is that they are now being funded by EC in a European cooperation funding to produce CC components for re-use in other projects. The current status is "producing the security target," not a lot of component results seen as yet. Although the list is unclear, what did seem to be on it was Logging and Authorisation. The former could be interesting to BirdShack.
For protection of the root key, they suggested smartcards only. Their stuff is public on jira.primekey.se; search on extensions for requirements. they were interested in our requirements.
Present: Iang, Ulrich, Joost, Dirk. Other Assurers were excluded (listed as recruits).
This was the main topic. Agenda.
Software for capturing the results of the co-auditing programme was presented. 3 screens, for entering the co-audit, searching, and season's report. Still a bit demo-ish, some bugs to fix.
There is:
This is about the former, who makes a good co-auditor.
Experienced Assurer means has 50 Ep. Senior Assurer means
Nice to have:
List of Founders of Co-Audit Programme. In order to bootstrap, we need a team of Co-auditors to train and sign off on new members. Easy solution is to declare by dictat who these are. Meeting went through many possibles, this list resulted (coloured group is those present at meeting):
Founder | Locations | Region | comments |
Uli | ATEs: Bielefeld, Duesseldorf, Muenchen, Stuttgart, Frankfurt, Eemnes, Berlin. Others: Froscon, mrmcdx8h, IT-Business Stuttgart, Fosdem 2010 | DE | inventor |
Iang | ATEs: Innsbruck, Prague, Budapest, Paris, London, Munich Others: CeBIT 2009, Ede, Vienna | AT AU | ex-auditor, Board |
Dirk | ATEs: Bielefeld, Duesseldorf, Muenchen, Frankfurt, Amsterdam, Eemnes | DE | patcher, disputer |
Joost | ATEs: Duesseldorf, Amsterdam, Eemnes | NL | |
Ted | ATEs: Munich, Goeteborg | DE | edu, Handbook |
Mario | ATEs: Bielefeld, Hamburg | DE | OA, software, Board |
Sebastian | ATEs: Munich | DE | AO |
Hans V | ATE: Eemnes | NL | AE |
Bas vdD | ATE: Eemnes | NL | AE |
Andreas B | ATEs: Frankfurt, Berlin | DE | OA, Software |
Lambert | ATEs: Duesseldorf, Amsterdam, Eemnes | NL | DRO, Board |
Recruits Possibles, thought to be potential recruits: Martin, Walter, Wolfgang, Alexander B, Maurice, Guillaume.
Last year's test was reviewed. Some discussion on variations. Assurance Purpose was considered optional.
2010 season. Each was gone through. New list was built up. Consensus on 6 points.
Some rework is required. We still need one Q for 6. ToDo for CeBIT. Ulrich added additional, above.
(End.)