SAC Meeting 2017-05-20

= Agenda =

Please list the meeting topics, and link to relevant SAC tickets when possible. Meeting will be for assigning tasks, updating status, and voting. Majority of discussions should happen on the mailing list and IRC in before and after meetings. Estimated 30-60 minutes.

Time and Date set via email list poll. http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=5&day=20&hour=16&min=0&sec=0&p1=217&p2=37&p3=248&p4=914

Current

 * SSL certificate Update (Alex)
 * We bought a 3 yr DV.
 * Do we want a 5 yr OV instead
 * Reverse Chain file propagation?
 * Trac Spam Report (Sandro)
 * Budget Report (Alex)
 * What we've spent the last few years.
 * Upcoming costs
 * What's left
 * Versioning Configuration files
 * Clean up wiki pages
 * SAC Service Status
 * SAC:LDAP
 * Mailing lists
 * Backups
 * Configuration
 * Budget
 * Add timezones to SAC member list
 * Hardware Migration
 * Virtualization, Docker, or some other Container
 * Finish moving things off OSGeo4 and retire
 * Adhoc - Mapserver Demo, SpatailReference.org, ?
 * QGIS VM - run's their bugtracker (up for retirement)
 * Expand download area capacity
 * TODO: Link OSUOSL discussion on dedicated download cluster service
 * Or, grow disk
 * Or, migrate & grow
 * Annual OSUOSL Donations - Always in the budget, but we don't always send for some reason.
 * Meeting Schedule

Ideas & Proposals

 * Paid Proposal System - Formalize a method for proposing tasks that require payment to make it happen in a timely manner.
 * Method for taking proposals on tasks
 * Method for soliciting vendors to fulfill tasks
 * Method for approving bids that minimizes conflict of interest (SAC members may sometimes bid)
 * Budget
 * Ask the board to split the budget into 2 sections, anticipated(planned) expenses and un-anticipated?
 * Aniticpated
 * Certificate, DNS Renewals
 * Planned hardware
 * Un-anticipated
 * Hardware failure replacement
 * Emergency assistance
 * Alternate: Materials vs. Person Time
 * Based on historical recommend level of funding
 * Alex suggests $15,000/yr
 * LDAP
 * Merging LDAP/Wiki logins
 * LDAP user facing password reset (via email tokens)
 * Implementing OpenID so github, launchpad, google etc, work with OSGeo IDs
 * HTTPS option for all hosted sites
 * Using letsencrypt certificates
 * Target foss4g archives 1st
 * Plan for replacing OSGeo3 next year
 * OWASP security implementation
 * Anti spam measures, and automated detection

Funding sysadmin work
The SAC Chair (Alex Mandel) suggested to write down possible handling of payed sysadmin work. It was suggested:


 * Paid project supervision
 * Nominate an emergency response retainer
 * Set up a Time and Material contract
 * Set up a Proposal and Bid system
 * Create a Wishlist (Once established people submit ideas to be added)
 * Vote on Priority of Items
 * For top items decide if it's internal or external (bid) & timeline
 * For external create a proposal and request bids
 * Vote on bids
 * Continually fund items up to a ceiling per year (if any budget left near end of year add to cap)
 * Repeat

Questions:

* How do we solicit bids ? strk> a call for interest on SAC list (priority line), on discuss list if needed (second choice) * How much to reserve for such contract ? strk> current budget seems too low to allow for a new contract, so I think we should be asking for more * How do we balance having external contractors do work without having to grant full privileged access?

= Tasks =

Things people agreed to do.


 * what - who