Srcf Committee Meeting Minutes - 13/06/2002
Those present: James Coupe, Matthew Johnson, Nathan Dimmock
Absentees: David Singleton
jrsc2 has keys already, mk270 has mjg59's keys. ned21 volunteers to be a sysadmin with a key. While not in Cambridge he will give the keys to another sysamin, subject to CUSU policy. Assuming the sysadmins are happy with this, jrsc2 will arrange to get keys.
The committee accept Martin Keegan's resignation, and thank him for all the work he has done over the years. The sysadmins are to be informed to remove his permissions & groups etc, and a root password change, ASAP. Possibly also remove him from the sysadmins mailinglist, subject to agreement of sysadmins.
The committee believes that searching for weak user passwords by running crack (or similar tools) on the password file is good practice. In light of a recent incident, the sysadmins are to be reminded that that they should avoid looking at what the cracked passwords were if at all possible. It was noted that Debian Woody contains a package that will make the process much more automatic, significently lowering the risk of a sysadmin seeing a user's password.
With regard to user data upon gradution, current policy requires changing as it conflicts with the Terms of Service. Also a system to allow web-based setting of .forward file, and webpage forwarding should be setup. New policy: archive all data, not publically available, leave .forward & .plan files. As required by the DPA, sysadmins will provide access or delete the archives on request.
Also need to include an RIP message in MOTD and the welcome email. New RIP to be formulated and emailed to committee for approval. The RIP notice and ToS should be in some form in the DPA email that new users receive, so that they have to agree to it.
The advantages of the certificate are not obviously large, given that it represents about 15% of our current finances, per year. More discussions with the sysadmins are reccomended to resolve the issue.
www.srcf.net: pointed to kern, and agreement to pay for the domain if we don't already.
reachoxbridge.com: Converting to squirrelmail decided on, noting that this might be a good reason for the SSL certificate. Committee decided that the reachoxbridge domain is superfluous, and should be moved to ro.ucam.org, since it is an unneccessary expense.
Apache vs Zeus:
Problems with training new admins cited as a reason to possibly not use Zeus, but agreed to get a licence anyway, and let the sysadmins decide about where to use it. jmb73 should arrange the licence, as a sysadmin who is also emplyed by Zeus.
Agreed that irc-services won't be installed.
Possible use as offsite hosting as backup for services was discussed. However, it was felt that:
- the cost (in terms of effort, maintenance, etc) of an offsite backup was too high compared to the risk of it being needed
- there is doubt whether oldkern would be up to the task
Therefore it would be put to better use as a SysAdmin training box, or
something similar. In order to make this work, a method of power
cycling it from kern would be necessary.
In the meanwhile, it is to be brought back up to allow the sysadmins to do a potato->woody dry run.
Encourage people to develop webservices, and facilities for an srcf training box.
Getting offsite tape backups from CUSU would be good, and possibly a generational backup on a second hard disk in kern for easy restore. mjg59 is to be duly hit by ned21 to get the other hard drive from dabs. jrsc2 is to liase with CUSU about integrating our backup solutions.
Signatories on Accounts:
Deffered to the garden party, since old signatories will be there. Agreed that 2 out of 3 signatures, and 3 out of 4 agreement with the committee for consent. ned21, jrsc2 & mjj29 nominated as signatories.
While website is good, could do with some more active maintenance (e.g. quote in top corner to be pulled from file), webforms for applying for accounts, e-mail sysadmins to change .forward file, etc. Resolved that Publicity-Officer will advertise for an assistant-webmaster, if the webmaster is happy with the idea.
The Committee agreed that kern should be moved to Woody, at some point after it becaomes the Debian stable release. Consultation with the sysadmins is required to determine how best to manage this and when.
The committee approved the expenditure of a maximum of £40 on a garden party, to be held tomorrow in conjunction with CUCS.