Minutes from PMC meeting on 2014-07-27

Logistics

Date: 2014-07-27
Chair: Alain Forget
Attendees:

  • Alain Forget
  • Chris Horrocks
  • Niklas Lemcke
  • Jason Pyeron

Summary

  • Jason will post to the developers’ mailing list proposals for:
    • Improved and more rigourous development, code integration, and testing practices.
    • Changes on how contributions are submitted to the CipherShed repository.
  • Before being able to make contributions to CipherShed, new contributors will be required to (click to) agree to a Contributor License Agreement (CLA). More involved contributors will be asked to sign and submit a CLA, to more firmly protect both CipherShed and contributors from legal challenges.
  • Chris, Niklas, and Alain will pursue discussions with CloudSigma regarding hosting CipherShed’s web infrastructure with CloudSigma.
  • The PMC voted in favour of having heads of departments (e.g., development, marketing, public relations, infrastructure) responsible for managing and organisation of their aspect of the CipherShed Project. These positions and their mandates will be created and filled on an as-needed basis.
  • The PMC is currently voting on appointing Jos Doekbrijder as CipherShed’s marketing representative.

Details

Development

  1. Status of TrueCrypt 7.1a rebranding to CipherShed and release of downloadable binaries.
    • Presenter: Bill (post-meeting)
    • We have a reproducible build environment for Linux and probably Mac OS X. Windows is coming along, but there are some install issues to be worked out.
    • Some developers have air-gapped machines set up, and others are working on it.
    • Artwork is behind; someone needs to work on graphical design.
    • Once an alpha release (to the devs only) is done, then full and thorough testing will begin. Jason has ideas on this (see D4 and D5).
  2. Status of the binary creation & signing responsibility and verification procedure.
    • Presenter: Bill (post-meeting)
    • We hope the binaries will be built before the academic school year, since some contributors’ availability afterwards is unclear.
    • There has been much progress in reproducible builds using Gitian, a tool developed by the Tor project.
    • Biggest challenge is finding people to do verification builds; there are only 2 people right now; clearly we should have many more.
  3. Electing new Security Team members
    • Presenter: Alain
    • Given the substantial responsibility and security experience required of Security Team members, the PMC elected no new Security Team members at this time.
  4. Strong concerns about some of the rebranding changes, constants, identifiers, etc.
    • Presenter: Jason
    • Jason will propose specific improvements to our rebranding and development process and post it on the devs’ mailing list for comments.
  5. Tests: unit/commit, integration, installation, etc…
    • Presenter: Jason
    • Jason will propose specific improvements to our testing and code integration process and post it on the devs mailing list for comments.

External Affairs

  1. Appointing Jos Doekbrijder as CipherShed’s marketing representative, and defining said role.
    • Presenter: Alain & Chris
    • The PMC requested that the Chair call a vote on the PMC mailing list to both provide time to discuss but also come to a decision relatively soon. This vote was started at 2014-07-28 17:04 GMT+0 and will end no later than 2014-07-31 17:04 GMT+0.
  2. Putting CipherShed stuff on CloudSigma (or any third-party hosting service)
    • Presenter: Niklas & Chris
    • The PMC voted in favour of moving the CipherShed infrastructure to CloudSigma, pending Niklas and Chris’ approval (which is subject to conversations between CloudSigma and Niklas, Chris, and Alain to ensure they will provide the infrastructure, topology, services, and support CipherShed requires).
  3. Status of the integration of new contributors to CipherShed
    • Presenter: Alain (in Bill’s absence)
    • Concerns were raised regarding a possible lack of clear and unified method for directing new contributors on precisely how to get involved.
    • The PMC decided to defer action, pending consultation with Jos Doekbrijder on the issue, who has had success in community mobilisation, and may have insights on this issue.
  4. PMC anonymity: Links on our website to PMC member’s pages.
    • Presenter: Alain
    • All PMC members agreed for their name on the CipherShed About page (https://ciphershed.org/about/) to link to their externally-hosted website(s), for the purpose of increasing the ease with which users can verify PMC member’s identities.
  5. Status update on Pure-Privacy association
    • Presenter: Alain as CipherShed’s current Pure-Privacy association rep
    • Item was deferred to the PMC mailing list.

Legal

  1. Contributor License Agreement (CLA): Contributor intellectual property (e.g., copyright, patent, trademark) rights-release policy and procedure
    • Presenter: Alain
    • Heather Meeker, US copyright lawyer for open-source softare (OSS) for the Electronic Frontier Foundation (EFF), had previously advised the PMC that the project use two-stage approach:
      1. New contributors, before being able to make contributions, should be shown our CLA/rights-release agreement and must “Click to accept” to give explicit consent.
      2. More serious contributors should be asked to physically and/or digitally sign a CLA, so we have a firmer agreement from them to release their IP rights to their contributions.
    • PMC agreed that we should implement Heather Meeker’s proposal.
    • Jason will propose a specific process and implementation for this and post it on the devs list for comments.
  2. CipherShed License: Under which license should we release CipherShed?
    • Presenter: Alain
    • Deferred until after the PMC has spoken with Michel Jaccard, EU open-source IP lawyer, which is scheduled for 2014-07-29 16:00 GMT+0.

Policies and Procedures

  1. Definitions and procedures regarding inactive members in official positions, namely PMC members, but also other positions.
    • Presenter: Jason (in Bill’s absence)
    • Jason will propose to the PMC mailing list a procedure for dealing with inactive members, and ultimately removing them from the PMC should their inactivity persist.
  2. Electing new PMC members
    • Presenter: Alain (in Bill’s absence)
    • The PMC agreed that no new members were required at this time.
  3. Select next PMC meeting’s chair
    • Presenter: Alain
    • The PMC elected Chris Horrocks as the next PMC meeting’s chair.
  4. Should we have team/department heads to whom the PMC officially delegates aspects of CipherShed?
    • Presenter: Chris
    • PMC voted and passed the motion to assign department heads who will be responsible for particular aspects of CipherShed (e.g., development, marketing, public relations, infrastructure).
    • The specific positions and their respective roles, responsibilities, mandate/powers, and duties are to be determined