Audit Report 20090426

Leave a reply

The latest of the audit reports, for Jan-April, is now on the wiki. Much has happened since the last report, here are the headlines:

  1. CAcert has a new Security Policy in DRAFT which covers the systems administrators, the Access Engineers, and also the Support and Software people.
  2. With this in place, Audit will now visit the systems team in Ede, Netherlands in early May. This will be the first visit to review the systems against that Security Policy. My guess is that we will need 3 visits.
  3. A new Software Development team met in Innsbruck last week to review the software and prepare the way forward. Their recommendation: total rewrite. The design was done during the week, and is documented. Next steps are to .. write the code! This is where we find out if coding is really as easy as talking 🙂 if you want to participate, and who wouldn’t want to be in the team that totally changes the face of CAcert … then keep an eye on the cacert-devel list.
  4. Assurance Policy is now full POLICY.
  5. Audit is now in high gear checking Assurances. See all the other blog posts.
  6. On 16th May, in Munich, we will meet up with the heavy-hitting German Assurance team of Sebastian, Ulrich and Ted. There, we’ll talk about the results from the audit checks, and think about a roadmap for the future.

Big picture: Audit is in high gear. Much will be done, much will be checked. Now this might be “optimistic” but bear in mind that the resources are very limited. If there are any missteps, if there are any big delays, then CAcert is in trouble. We simply don’t have the time and money to delay this into the future.

So, watch out for appeals for help, and consider jumping into effort. You will be unhappy if you miss that chance, you will have nothing to tell your grandchildren after the war is over 🙂

7th of May 2009, Ede Nld, CAcert assurance event

Leave a reply

NLUUG logo

The dutch Linux/Unix NLUUG conference will host CAcert Assurances on Thursday 7th of May in the conference center De Reehost in Ede, Holland. See for details the NLUUG conference web page. The conference theme is Filesystems and Storage.
Be prepared and complete the assurance program form: html or pdf. Take at least 3 completed forms with you to the assurance. The plan is to do several presentations on CAcert in the community room and to inform you about the new policies and new way of doing assurances.

If you have more as 100 assurance points and have passed the CAcert Assurer Challence, so you are a CAcert Assurer, pick up your Assurer pin/badge at the CAcert booth table!
For a CAcert Organisation Assurance use the COAP form.

Paris :-)

Leave a reply

Paris in the Spring time, so we must do an ATE — Assurer Training Events — in Paris as well.

  • location: Starbuck in “Chatelet Les Halles” but note: because of overcrowding/noise, we may move to the Cafe next door, to right. Look for us!
  • date: Saturday 02 May
  • time: 17:00 to 20:00 (may change)
  • event organisers: Guillaume (06 60 75 45 54) and FrĂ©dĂ©ric

Fuller details on the wiki at ATE-Paris. Contact iang@c.o or events@c.o if you can help.  Mail Guillaume@c.o or phone 06 60 75 45 54 if you would like some local tips.

London! Spring! Assurer Training! The Red Lion

Leave a reply

Yes, it’s happening:  Assurer Training Events comes to London:

  • location: The Red Lion pub (meeting room downstairs)
  • date & time: 12 May, 17:30 to 19:30
  • local arrangements:  Graeme Burnett of Enhyper

Fuller details on the wiki at ATE-London.  Contact iang@c.o or events@c.o if you know your English pubs..

Key-Signing-Party in SaarbrĂĽcken, Deutschland am 29.04.2009

Leave a reply

Am 29. April 2009 findet in den Räumen der Fachschaft Informatikstudiengänge der Universität des Saarlandes (Campus Saarbrücken, Geb. E1 3, Raum 107) eine Key-Signing-Party statt. Dabei werden die Systeme CAcert und Thawte (in den Zeiten 10-13 Uhr und 14-18 Uhr) sowie PGP/GnuPG (ab 18 Uhr) unterstützt. Weitere Informationen unter http://fsinfo.cs.uni-sb.de/signingparty/

Budapest is on the CAcert map!

Leave a reply

ATE09 will travel from Prague to Budapest … open call for All Assurers in Budapest, please contact events at c.o or iang at c.o.
Basic Specifications are:

  1. location: third floor, room 3.607, Eötvös Lóránd University, Pázmány Péter Sétány 1/C
  2. date & time: 30th Thursday, 18:00 to 20:00 (note it has been put back an hour!)
  3. local arrangements: Dani Nagy

Fuller details on the wiki page for ATE-Budapest. Contact us if you can help!

ATE09 travels to Prague!

Leave a reply

ATE09 travels to Prague!  we are now looking for All Assurers in the area.
Basic Specifications are:

  1. location: meeting room at Pylonware corporation.  Note:  Be there early because it takes a while to find the meeting room.
  2. date & time: 28th Tuesday, (probably 17:00 –> 19:00)
  3. local arrangements: Tomáš Trnka

Fuller details on the wiki page for ATE-Prague. Contact us if you can help!  (And then onto Budapest.)

no old Assurer Status anymore

Leave a reply

After the implementation of the Assurer Challenge last year there will be no “old” Assurer status anymore.
Assurers who have not passed the Assurer’s Challenge are no longer Assurers. AP gives authority to impose the rule that Assurers must have 100 points *and* pass the Assurer’s Challenge. So all Assurers who do not have the Challenge and want to do so, please visit the Assurer-Challenge pages and follow the instructions.
Please see also http://bugs.cacert.org/view.php?id=588 .

Innsbruck Assurer’s event

Leave a reply

Sometime in the week 20th to 24th April (2 short weeks away) several of the CAcert people will be in Innsbruck, Austria for a software auditing camp.
We are planning to break away from software auditing and having an event along the lines of the ATE09 series … and we are now looking for All Assurers in the Inssbruck area!

Basic Specifications are:

  1. location: TWI
  2. date & time:  20th Monday, 17:00 –> 19:00
  3. local arrangements: Martin Hotze

Fuller details on the wiki page for ATE-Innsbruck.

CAcert Assurances at ApacheCon conference

Leave a reply

ApacheCon Europe 2009The ApacheCon Europe 2009 conference is from Wednesday 25rd of March till Friday 27th of March 2009 in Amsterdam (it is near the central railway station). Tutorials and workgroup meetings start on Monday 23rd of March.
At this conference CAcert will have an assurance booth table on Wednesday 25th of March and Friday 27th of March. For assurance preparations information: please visit the wiki page. CAcert is looking for Assurers on Thursday.
ApacheCon is the official user conference of The Apache Software Foundation, featuring in-depth training classes and more than 60 sessions by the creators of open source software such as the Apache httpd webserver, Tomcat, Lucene, Hadoop and more. New this year: BarCampApache, Open Hackathon, and Geeks for Geeks Track.