project-organization/adminsys_charter.md

YunoHost System Administrator Charter

Because great powers imply great responsibilities, I commit myself as YunoHost adminsys to respect these points:

Security

The reliability and security of our services is the responsibility of all, below are some rules to follow to avoid becoming an attack vector of the YunoHost infra :

• do not save project password in a non-free browser or without master password;
• do not use ssh keys without passwords to access the infrastructure (except for exceptions discussed collectively);
• get into the habit of locking your machines where the keys are located when you leave them;
• do not let people without access, plant third party devices in your machine(s);
• encrypt the machines used to access the infra ;

Ethics / practice

• do not give yourself access by escalation of privileges and ensure that the YunoHost infrastructure administration team remains in possession of its accesses;
• verify the effectiveness of backups and rescue means before performing risky maintenance;
• respects privacy of our users and limit to the maximum the display of private information during debugging ;
• in case of legal requests, do not act without consulting other contributors ;

Resilience, sharing and transparency

In order to ensure the resilience of the deployed infrastructure, everyone agrees to do their best to:

• report to other adminsys the operations performed on the infrastructure
• produce documentation on their infrastructure and services;
• create an announcement on the forum to announce any maintenance or breakdown.