project-organization/adminsys_charter.md
ljf (zamentur) 234a6593bc Wording
Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org>
2021-09-27 11:22:14 +02:00

1.5 KiB

YunoHost System Administrator Charter

Because great powers imply great responsibilities, I commit myself as YunoHost adminsys to respect these points:

Security

The reliability and security of the project's services is the responsibility of everybody. Below are some rules meant to prevent security breaches / leaks on the infrastructure:

  • never save project passwords in a non-free browser or without a master password;
  • always protect personal private SSH keys with strong passwords;
  • always lock machines where keys are located before leaving them unattended;
  • always encrypt personal machines where personal SSH keys are stored;
  • never let any random people plant third party devices in your machine(s);

Ethics / practice

  • do not give yourself access by escalation of privileges and ensure that the YunoHost infrastructure administration team remains in possession of its accesses;
  • verify the effectiveness of backups and rescue means before performing risky maintenance;
  • respects privacy of our users and limit to the maximum the display of private information during debugging ;
  • in case of legal requests, do not act without consulting other contributors ;

Resilience, sharing and transparency

In order to ensure the resilience of the deployed infrastructure, everyone agrees to do their best to:

  • report to other adminsys the operations performed on the infrastructure
  • produce documentation on their infrastructure and services;
  • create an announcement on the forum to announce any maintenance or breakdown.