Minutes/National Council/2020-05-12

National Council meeting May 12th 2020

Scheduled start 20:30 Sydney time

Quorum: not quite

Attendance

covidsafe.watch site
Email discussion prior to meeting:
per Miles: "We have been invited to take over running covidsafe.watch"
Brandon: "I'm concerned as to the liability issues and neutrality issues. We take this on, it may taint the project in some commentators eyes."
John: What about EFA? Why not them?
Presentation from Geoff Huntley
Geoff wants to think about succession very early
"we started looking at COVIDSafe source code very early, we have a community and we are keeping track"
"now we're watching a government department fail"
no bug bounty, slow responses
website documenting failures
need to just be able to link to URLs of CVE-likes
a single person can be character assassinated and is fallible
next chapter: team of good software engineers, DIY app
Labor is taking notice!
Example failure: temp ID isn't temporary, not rotating. Perma-broadcast, including handset name. Full deanonymisation.
SG fixed this in one day
auto decompilation being worked on, bypassing the BS "license"
this work is primary research
plenty of countries around the world
conjecture: possibly Australia is limited to only putting the app on the AU app store
likely that AU has done a separately licensed fork, probably just a tarball drop
conjecture #2: because OpenTrace is GPL, it's possible that AU can't take the patches
Alex: what are you actually after?
Geoff: need active maintainers over the longer-than-a-couple-of-months timeframe
Repository
Keeping it factual
Discord
Keeping it from degenerating

History shows that temporary civil restrictions are released once the threat has been dealt with. Too soon often.