Hi Nik,

thank you for your service as CAcert Infrastructure Admin for the email
systems. I appreciate your work as well as your action to step down
resulting from a lack of time. Although I was hoping to work together
with you on the new email setup, this decision frees other paths to
proceed with the project. I wish you all the best for the future and
with your other projects.
--
Mit freundlichen GrÌßen / Best regards

Mario Lipinski
Infrastructure Team Leader, E-Mail: mario-xHchwMmBYmcdnm+***@public.gmane.org
Organisation Assurer (Germany), Internet: http://www.cacert.org
Arbitrator / Case Manager
CAcert

Support CAcert: http://www.cacert.org/index.php?id=13
http://wiki.cacert.org/wiki/HelpingCAcert

Hi Nik,
Thank you for the work you invested in CAcert in the past. Although we
probably didn't agree in a lot of our conclusions, I respect your
decision and hope the best for your future.
I sincerely wish you good luck with that project.
I don't agree with that statement. CAcert always had the problem that it
wasn't distributed by default. That Debian shipped our certificate
anyway was a huge favour they did to us because of the similar interests
of the projects. I don't think something fundamentally changed in our
relation between the projects recently and I'm therefore very sorry that
they stopped shipping the root but I see it more like they are stopping
a favour to us, not that they declare that CAcert is dead. That CAcert
is not dead is further underlined by the discussion that followed the
decision. What I think is more dramatic is that Ubuntu removed the
certificate in a security update which (in my eyes unnecessarily)
damages our reputation because users don't read up on the context, they
only see the changelog.

That's the view from Debian on CAcert, but what's even more important is
the inside view on CAcert. There I do see some movement, more movement
than in some times in the past. CAcert has the problem, that in order to
attract more active people it has to be useful, and in order to be
useful (aka in the browsers) a lot of work is required – a classic
chicken/egg situation. In the beginning years CAcert had a phase where
it had some impact but somehow the impact wasn't used or wasn't big
enough to produce a system that matched the requirements for an
auditable CA. Instead CAcert just stumbled into an audit it wasn't ready
for and failed. Now the impact is gone and it's a Sisyphean task to get
CAcert into an audit-ready state. One problem is that while doing that
we need to maintain the ongoing operation of the current CA in order to
keep our community. That makes a lot of tasks harder. Each code change
needs to be reviewed, changes of procedures run by the policy group,
each glitch detected referred to Arbitration. This ties up a lot of
resources. I sometimes thought about whether it wasn't easier to fork
the project, to make the much needed changes easier and restart, but
that would mean to loose CAcert's biggest asset, the web of trust. So
yes the progress is slower than desirable and sometimes it's hard to see
it at all but that's to be expected in our situation.

Now what progress did we have? On the organisation side we are finally
on a good track to move CAcert Inc. from Australia to Europe which
removes some overhead we had to deal with there. Arbitration has seen
some new people so cases are now being handled in a timely fashion
again. Software is fixing more and more bugs in the existing code and is
moving to completely replace some of the quirky parts. We have set up
and filled the position for the internal Auditor so we can review our
own processes an have confidence that everything is in good shape before
we try another external audit. So things do move but we can't expect
miracles. It doesn't work without people putting efforts into the project.
Yes in a project like this there are some people who can work together
and some it seems just can't. Usually working towards the same goal can
help that people put aside their differences and work together but
sometimes that becomes too much of a burden. These social problems are
bigger in a community like CAcert where there are a lot of people who,
well let's say, are not especially qualified for their social abilities,
and that solely relies on textual, non-personal communication which
makes misunderstandings, grudges, word-picking worse. Those observations
are however not limited to "other people", they also apply to you and
me. One has to ask oneself "Was it the other part who is making an ass
out of him/herself or am I contributing to that behaviour?"