[tor-bugs] #33109 [Webpages/Blog]: Make (and then use) a blog account policy
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 13 17:35:45 UTC 2020
#33109: Make (and then use) a blog account policy
---------------------------+--------------------------
Reporter: arma | Owner: ggus
Type: task | Status: assigned
Priority: Medium | Milestone:
Component: Webpages/Blog | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------+--------------------------
Description changed by arma:
Old description:
> We have a bunch of old accounts on the blog, and for basic security
> hygiene, we should clean them up.
>
> Even better, let's take this chance to develop, and post somewhere, a
> policy for who should be able to have a blog account, and when we'll
> disable them due to inactivity or etc.
>
> Here is a proposed start to such a policy:
>
> * Any Tor Core Contributor can get a blog account, and it can stay active
> as long as they remain a core contributor.
>
> https://gitweb.torproject.org/community/policies.git/tree/membership.txt
>
> * We encourage everybody with an active blog account to do blog posts.
> Before you post, please work with the comms team to make sure the timing
> and content are best.
>
> * To limit security surface area, we will disable accounts that haven't
> logged in during the past n months. Accounts can always be re-enabled
> when people want to use them again.
>
> (I suggest n=18 months. We should specify some avenue for how to
> request the account in the first place, and for how to request re-
> enabling.)
>
> * Posters should be aware of, and follow, our blog comment moderation
> strategy:
>
> https://trac.torproject.org/projects/tor/wiki/doc/community/blog-
> comment-policy
>
> * We encourage guest posts from the broader community about topics that
> are important to Tor and Tor users. The best way to arrange a guest post
> is to get an existing Core Contributor to vouch for the guest, and then
> depending on the situation, either the core person will post it, or we'll
> make a blog account for the guest.
New description:
We have a bunch of old accounts on the blog, and for basic security
hygiene, we should clean them up.
Even better, let's take this chance to develop, and post somewhere, a
policy for who should be able to have a blog account, and when we'll
disable them due to inactivity or etc.
Here is a proposed start to such a policy:
* Any Tor Core Contributor can get a blog account, and it can stay active
as long as they remain a core contributor.
https://gitweb.torproject.org/community/policies.git/tree/membership.txt
* We encourage everybody with an active blog account to do blog posts.
Before you post, please work with the comms team to make sure the timing
and content are best. [replace this short text with the longer text from
steph's comment below]
* To limit security surface area, we will disable accounts that haven't
logged in during the past n months. Accounts can always be re-enabled when
people want to use them again.
(I suggest n=18 months. We should specify some avenue for how to request
the account in the first place, and for how to request re-enabling.)
* Posters should be aware of, and follow, our blog comment moderation
strategy:
https://trac.torproject.org/projects/tor/wiki/doc/community/blog-
comment-policy
* We encourage guest posts from the broader community about topics that
are important to Tor and Tor users. The best way to arrange a guest post
is to get an existing Core Contributor to vouch for the guest, and then
depending on the situation, either the core person will post it, or we'll
make a blog account for the guest.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33109#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list