From 06555bf9b78e8e91a071e9f2594c051430018557 Mon Sep 17 00:00:00 2001 From: ljf Date: Fri, 13 Aug 2021 18:33:03 +0200 Subject: [PATCH] [enh] Add an adminsys charter --- adminsys_charter.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 adminsys_charter.md diff --git a/adminsys_charter.md b/adminsys_charter.md new file mode 100644 index 0000000..c89cbae --- /dev/null +++ b/adminsys_charter.md @@ -0,0 +1,29 @@ +# YunoHost System Administrator Charter + +Because great powers imply great responsibilities, I commit myself as YunoHost adminsys to respect these points: + +## Security +The reliability and security of our services is the responsibility of all, below are some rules to follow to avoid becoming an attack vector of the YunoHost infra : + + * do not save project password in a non-free browser or without master password; + * do not use ssh keys without passwords to access the infrastructure (except for exceptions discussed collectively); + * get into the habit of locking your machines where the keys are located when you leave them; + * do not let people without access, plant third party devices in your machine(s); + * encrypt the machines used to access the infra ; + + +## Ethics / practice + + * do not give yourself access by escalation of privileges and ensure that the YunoHost infrastructure administration team remains in possession of its accesses; + * verify the effectiveness of backups and rescue means before performing risky maintenance; + * respects privacy of our users and limit to the maximum the display of private information during debugging ; + * in case of legal requests, do not act without consulting other contributors ; + + + +## Resilience, sharing and transparency +In order to ensure the resilience of the deployed infrastructure, everyone agrees to do their best to: + + * report to other adminsys the operations performed on the infrastructure + * produce documentation on their infrastructure and services; + * create an announcement on the forum to announce any maintenance or breakdown.