[wplug-board] WPLUG's information assets (membership rolls -

[Vance Kochenderfer]

Jim wrote:
> Vance, my biggest concern about members and other information security.  I  
> am opposed to having the information on a server where there may be access  
> by past members or vulnerabilities that may or may not have been known  
> over the years.  I agreed with Beth Lynn that it should be an "off WPlug  
> server/storage" arrangement.  Jim Harris

My great concern is that if the Secretary solely holds the
membership records, there is a bus factor of 1.
<http://en.wikipedia.org/wiki/Bus_factor>

Should the Secretary disappear or simply neglect his duties, then
the organization has no idea who its members are, and consequently
loses its ability to even act as an organization (how can you make
a decision if you don't even know who's entitled to vote?).  The
reason I periodically upload updated member rolls to the server is
to mitigate this risk.

I am unwilling to support any system which makes the Secretary a
single point of failure.  This does not, however, mean that my
proposal is the only one which avoids this - there are many
possible approaches and I hope this opens discussion about them.

Uploading the member rolls to another online storage facility is
one possibility.  This runs into similar questions of access
control and the security of the storage facility itself (e.g.,
without encryption, the owners of the storage facility are able to
view the data).  The specific security analysis would depend on
which storage facility is proposed.

Thanks for contributing, I think it advances the discussion.

Vance Kochenderfer        |  "Get me out of these ropes and into a
vkochend at nyx.net          |   good belt of Scotch"    -Nick Danger