Skip to content

Make (and then use) a blog account policy

We have a bunch of old accounts on the blog, and for basic security hygiene, we should clean them up.

Even better, let's take this chance to develop, and post somewhere, a policy for who should be able to have a blog account, and when we'll disable them due to inactivity or etc.

Here is a proposed start to such a policy:

  • Any Tor Core Contributor can get a blog account, and it can stay active as long as they remain a core contributor.

    https://gitweb.torproject.org/community/policies.git/tree/membership.txt

  • We encourage everybody with an active blog account to do blog posts. Before you post, please work with the comms team to make sure the timing and content are best. [replace this short text with the longer text from steph's comment below]

  • To limit security surface area, we will disable accounts that haven't logged in during the past n months. Accounts can always be re-enabled when people want to use them again.

    (I suggest n=18 months. We should specify some avenue for how to request the account in the first place, and for how to request re-enabling.)

  • Posters should be aware of, and follow, our blog comment moderation strategy:

    https://trac.torproject.org/projects/tor/wiki/doc/community/blog-comment-policy

  • We encourage guest posts from the broader community about topics that are important to Tor and Tor users. The best way to arrange a guest post is to get an existing Core Contributor to vouch for the guest, and then depending on the situation, either the core person will post it, or we'll make a blog account for the guest.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information