Digest of the first PMC meeting

The first voice-chat meeting of the PMC took place on Saturday 06/28/2014, 13.00h UTC via Mumble. It was chaired by Niklas Lemcke.

Prior to the meeting, we had an open discussion with Jos Doekbrijder from TNext(truecrypt.ch). Summary:

  • Jos explained the intended nature of his association, and the planned collaboration with the CipherShed Project: The association can offer cloud hosting (provided by Cloud-Sigma from Switzerland) and Certificates (provided by QuoVadis from Switzerland). Also he intends to raise money to support privacy-related projects, i.a. the CipherShed Project. The PMC stated clearly that they will reject any money in the form of a salary of any kind, since the potential harm by far outweighs its benefits. However, reimbursements for project-related expenses (e.g. plane tickets, hosting costs) can be discussed. There was no clear decision taken on whether or not to provide money for living expenses to financially-challenged contributors, so that they can keep contributing. Those cases will have to be discussed case by case. One PMC member suggested to adapt a concept similar to the Google summer of code.
  • There will be a CipherShed seat on the association’s board. A member of the PMC will fill this seat for a limited period of time, and then yield to another PMC member.
  • Until Jos publicises his association, we will just call it “the association”.

TL;DR: The following things need to be done:

  • Create a CSR for the certificate needed for the Windows binary.
  • Discuss creation of a CipherShed private key to sign the official hashes with.
  • Decide whether or not to set up a separate CipherShed repository in a controlled environment (e.g. our current server).
  • Put together a Contributor License Agreement (CLA). (Jason already started doing this!)
  • Find people willing to coordinate non-techy project efforts like Documentation and Translation.
  • Decide on the first CipherShed member to join the association’s CipherShed seat. (The decision seems to have been made, with Alain Forget being the first one to join the board.)

It follows a digest of what has been decided during the PMC meeting.

  • Voice recordings will not be posted online. One of the various reasons for this is the potential hazard of formulating something in an ambiguous way in the voice chat, and later being held responsible for multiple interpretations.
  • PMC votes will be held on the private PMC mailing list. This process might be opened up later. For particularly delicate issues, more anonymous voting procedures may be chosen.
  • PMC voice meetings will be held once a month.
  • motions up for vote pass with a 2/3 majority for now. This rule is flexible in both directions for extreme cases. In an extreme tie situation, it will be the current chair’s responsibility to fix a procedure for reaching a decision at the next PMC meeting. The month in between those meetings will be necessary for the indispensable further discussion of the subject.
  • We appointed four initial members of the Security Team: Bill Cox, Chris Horrocks, Frank Rehberg & Jason Pyeron.
  • The Security Team’s main responsibility is to audit, approve, and merge code contributions into the main repository.
  • For any code merge, there needs to be a minimum of three signatures from Security Team members.
  • It was suggested to do security reviews on a secondary fork, in a structure “master->security->release”.
  • We will host downloads in the cloud as offered by Jos. We came to the conclusion that the security of the downloads should rely on cryptography, i.e. signed hashes of reproducible builds, instead of our trust towards one or the other government or hosting environment. (Note: this appears to demand some discussion. A few members are still questioning whether we should accept hosting of even our downloads on US turf.)
  • For any contributions made, regardless how trivial, we will require the contributor to add a signed Contributor License Agreement (CLA) to their first pull request.
  • We need to put together a roadmap of the intended features, so that people can get involved in the short term goals
  • We will also need people that can coordinate the non-techy project effots, such as documentation writing and translation.
  • We will put up a Quick Start Guide for new contributors
  • Our main lines of defense are monthly voice meetings & meticulous code reviews. Warrant canaries are optional, but not mandatory.
  • PMC members will have access to a personal @ciphershed.org email address. They should do their best to make the line between personal opinion and CipherShed PMC opinion clear when voicing their opinion on the mailing list. Especially so when using the @ciphershed.org address.
  • We decided to give Jos the go-aheadĀ  for funneling people towards the CipherShed Project. We are ready for you!
  • We also suggested Jos to officially question the security of “Protectorion” on twitter. They had earlier used the @TCNext tag to gain a larger audience, but a quick investigation showed that the software does excel in usability, but not in security.
  • The Security Team signs every commit. But signatures by external contributors will not be required, since not trusted either way.
  • Binary builds must be reproducible and at least verified by three PMC members before any release.
  • It was suggested to have a separate CipherShed repository in a controlled environment.
  • We need to create a CSR–which should ideally be created on an airgapped Windows VM–for the Windows binary.
  • We need a CipherShed private key for signing hashes, or an alternate procedure.
  • The first release will contain bugfixes and rebranding only.
  • The second release will encompass a rewrite of license-wise delicate code parts.