See attached request.
Created attachment 76214 [details] Funding request
Seems well-reasoned to me. But assuming some sort of limited budget for infra, how high of a priority is this vs other things?
difficult to say without knowing a) what a maximum budget would likely be and b) what sort of "other things" may be out there. At the moment, we don't have any specific needs that would require funding. A major failure could change that overnight, however.
(In reply to comment #3) > At the moment, we don't have any specific needs that would require funding. OK, that's all I wanted to know. I'm in favor of this, but it will probably need to come up for reapproval every year.
Certainly approved here.
No problem here.
Sorry for the late vote: Aye
(In reply to comment #3) > difficult to say without knowing a) what a maximum budget would likely be and > b) what sort of "other things" may be out there. At the moment, we don't have > any specific needs that would require funding. A major failure could change > that overnight, however. > Incidentally, I'd like to assume that at least half of our current budget should go to infra.
"Should", or "probably will"? For "should", you are actively saying that half of the budget is reserved for infrastructure related requests (does that include stuff like the amd64 server request?); "probably will" assumes that we think half of the budget will go to infrastructure, but that we don't reserve it prematurely.
I vote yes, what moves this along?
trustees: ping We need to move this along. Either buying individual certs, a wildcard cert, and/or doing the paperwork for CACert (bug 108944). Reasons this is important: Several browsers do not handle self-signed certs cleanly. Some versions of IE give an infinite loop, and Firefox3 complains a LOT compared to Firefox2. Getting a commercial cert will probably require fixing the WHOIS record for the gentoo.org domain, as I think the process for getting a cert will send email to the address in the WHOIS record, which presently forwards to drobbins.
Infra - What is preferred? Commercial or CACert? Individual or wildcard? I think most commercial certs are going to require submission of foundational paperwork and confirmation of status. Which we are working on ATM. So that might be a blocker there. If we can move forward with just a letter to CACert and previously sent info. Might have to go that route for now.
wltjr: Long-term, I'd prefer usage of CACert, since it's zero-cost and more in line with the original social contract stuff. Having CACert also mitigates the specific need for any wildcard certs, since the individual ones can be generated as needed. I think we're closest to having all the status done with CACert anyway, just pending sending the letter to them, since they already have the previous incorp documentation on file.
Linking this with Bug 108944 since 108944 seems to satisfy this one.
(In reply to comment #13) > wltjr: Long-term, I'd prefer usage of CACert, since it's zero-cost and more in > line with the original social contract stuff. Having CACert also mitigates the > specific need for any wildcard certs, since the individual ones can be > generated as needed. I think we're closest to having all the status done with > CACert anyway, just pending sending the letter to them, since they already have > the previous incorp documentation on file. > CACert isn't really an option due to the extremely long time it takes to go through their process. Godaddy has the cheapest wildcard certs while dyndns.org has slightly more expensive ones, but dyndns.org is a "nicer" netzian so it might be worth the extra couple dollars to support a company that gives back instead of a sleeze-bucket(and I use the term in the most negative sense) like godaddy.
Infra please, just tell us what you need/want. We will do what you request. Either CA or paid. We voted and approved to do CA once papers are available in a week or so. If that is not suffice please comment. So far we have receive two comments from infa, both on opposites sides. Which is good, we are considering options. But the foundation needs a direction from infra as to which one to proceed with. Unless you want more than one? Really doesn't matter. We just need to know what you want, wrt to majority. No stalemates please :)
we'll do cacert. wltjr, get with robbat2 ASAP please.
Ok thank you. Despite past comments, I would like to wait till our paperwork is processed and we are reinstated. Which I brought up at our meeting. So we can provide current info to CA and proceed with them ASAP. If we do it before then, and they question authority. We have no legal documents to provide to prove that I or whom ever writes the letter has authority. This has been approved already wrt to CAcert and the board of trustees. The attorney has filed the paperwork for reinstatement, which should be accurate. Thus processed first time, and in a week or two, three max. We should be current, and I can draft letter to CA, and so on. So please infra (robbat2) just a bit more patience. This is pretty high on the list of things to do, and will be taken care of ASAP. Thanks again for definitive answer and direction :)
Actually this is funding request so I think we are clear to close this one. We don't need any funds, and board has approved it. So I guess we just need to work the other?
Going to close this bug, as this is no longer a funding request. We will be looking to get certs from CACert, or other free source. If that fails, we can re-open this bug. And/or file a new funding request bug.
finance-audit: confirmed nil impact.
